Requirement #2040
Updated by Vyacheslav Mukhortov almost 5 years ago
*1. To log into the system*, the [[Visitor]] clicks +Login+ link in the top-right corner of the [[System]] main page.
*2. Login form* contains the following elements:
- E-mail:
- Password:
- +Forgot password+ link
- [SIGN IN] button
*3. On successful login*
3.1 The [[System]] displays a page providing all the functionality available to the user according to the user [[role]]
3.2 Login event (LOGIN_SUCCESS) is logged (see p.6 below)
*4. On authorization error*
4.1 Red-colored text "Authorization failed" appears above the Login form
4.2 E-mail field contains previously entered email
4.3 Wrong password error (LOGIN_FAILED_WRONG_PASSWORD) is logged (see p.6 below)
*5. Forgot password* link
5.1 Displays a form:
- Email
[Email new password]
5.2 [Email new password] button click sends a request to generate a new password and returns back to the login form (p.2 above).
5.3 If the user identified by 'Email' exists - the [[System]] emails newly generated password to the user.
5.4 Successful request is logged (see PASSWORD_RESET below)
5.5 Email User lookup failure is logged (see PASSWORD_RESET_FAILED below)
5.6 Regardless of the result, the [[System]] displays the following message: "New password has been sent".
*6. Audit requirements*
The following events are to be saved into the system log:
|_.IP|_.User id|_.Action|_.Details|_.Description|
|68.2.2.2|1|LOGIN_SUCCESS||Logged in|
|68.2.2.2|1|LOGIN_FAILED_WRONG_PASSWORD||Login failed. Wrong password.|
|68.2.2.2|1|PASSWORD_RESET||New password generated.|
|68.2.2.2||PASSWORD_RESET_FAILED|test@test.com|Password reset failed. User test@test.com not found|