Requirement #2040
Updated by Vyacheslav Mukhortov over 4 years ago
*1. To log into the system*, the [[Visitor]] clicks +Login+ link in the top-right corner of the [[System]] main page.
*2. Login form* contains the following elements:
- E-mail:
- Password:
- +Forgot password+ link
- [SIGN IN] button
2.1 Login Form fields
|_.Field|_.Max length|_.Constraints|
|Email|128|RFC 822|
|Password|64|at least one capital letter, at least one digit, at least one special character|
2.1.1 All fields are mandatory
*3. On successful login*
3.1 The [[System]] displays a page providing all the functionality available to the user according to the user [[role]]
3.2 Login event (LOGIN_SUCCESS) is logged (see p.6 below)
*4. On authorization error*
4.1 Red-colored text "Authorization failed" appears above the Login form
4.2 E-mail field contains previously entered email
4.3 Wrong password error (LOGIN_FAILED_WRONG_PASSWORD) is logged (see p.6 below)
*5. Forgot password* link
5.1 Displays a form:
- Email
[Email new password]
5.2 [Email new password] button click sends a request to generate a new password and returns back to the login form (p.2 above).
5.3 If the user identified by 'Email' exists - the [[System]] emails newly generated password to the user.
5.4 Successful request is logged (see PASSWORD_RESET below)
5.5 User lookup failure is logged (see PASSWORD_RESET_FAILED below)
5.6 Regardless of the result, the [[System]] displays an empty page with the following text:
"New password has been sent to <<email address entered by the user>>".
*6. Audit requirements*
The following events are to be saved into the system log:
[[User activity event|LOGIN_SUCCESS]]
[[User activity event|LOGIN_FAILED_WRONG_PASSWORD]]
[[User activity event|PASSWORD_RESET]]
[[User activity event|PASSWORD_RESET_FAILED]]