Requirement #2040
Updated by Vyacheslav Mukhortov 2 months ago
{{plantuml(png)
skinparam actorStyle Hollow
actor Visitor as v
usecase "Login" as uc1
usecase "Forgot password" as uc2
v -right--> uc1
uc2 .up.> uc1 : <<extends>>
}}
*1. To log into the system*, the [[Visitor]] clicks +Login+ link in the top-right corner of the [[System]] main page.
*2. Login form* contains the following elements:
- E-mail:
- Password:
- +Forgot password+ link
- [SIGN IN] button
2.1 Login form fields
|_.Field|_.Required|_.Max length|_.Constraints|
|Email|Y|255|6-255 |Email|Y|128|6-255 characters, regexp: /^.+@.+$/ , see [[RFC 5321]]|
|Password|Y|64|at least 8 characters, at least one capital letter, at least one digit, at least one special character|
*3. On successful login*
3.1 The [[System]] displays a page providing all the functionality available to the user according to the user [[role]]
3.2 Login event (LOGIN_SUCCESS) is logged (see p.6 below)
*4. On authorization error*
4.1 Red-colored text "Authorization failed" appears above the Login form
4.2 E-mail field contains previously entered email
4.3 Wrong password error (LOGIN_FAILED_WRONG_PASSWORD) is logged (see p.6 below)
*5. Forgot password* link
5.1 Displays a form:
- Email
[Email new password]
5.2 [Email new password] button click sends a request to generate a new password and returns back to the login form (p.2 above).
5.3 If the user identified by 'Email' exists - the [[System]] emails newly generated password to the user.
5.4 Successful request is logged (see PASSWORD_RESET below)
5.5 User lookup failure is logged (see PASSWORD_RESET_FAILED below)
5.6 Regardless of the result, the following text pops up on top of the login form:
"If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.".
*6. Audit requirements*
The following events are to be saved into the system log:
[[User activity event|LOGIN_SUCCESS]]
[[User activity event|LOGIN_FAILED_WRONG_PASSWORD]]
[[User activity event|PASSWORD_RESET]]
[[User activity event|PASSWORD_RESET_FAILED]]