Requirement #2040
Updated by Vyacheslav Mukhortov almost 2 years ago
*1. To log into the system*, the [[Visitor]] clicks +Login+ link in the top-right corner of the [[System]] main page. *2. Login form* contains the following elements: - E-mail: - Password: - +Forgot password+ link - [SIGN IN] button 2.1 Login form fields |_.Field|_.Required|_.Max length|_.Constraints| |Email|Y|128|[[RFC 822]]| |Password|Y|64|at least 8 characters, at least one capital letter, at least one digit, at least one special character| *3. On successful login* 3.1 The [[System]] displays a page providing all the functionality available to the user according to the user [[role]] 3.2 Login event (LOGIN_SUCCESS) is logged (see p.6 below) *4. On authorization error* 4.1 Red-colored text "Authorization failed" appears above the Login form - 4.2 E-mail field contains previously entered email email- 4.3 Wrong password error (LOGIN_FAILED_WRONG_PASSWORD) is logged (see p.6 below) *5. Forgot password* link 5.1 Displays a form: - Email [Email new password] 5.2 [Email new password] button click sends a request to generate a new password and returns back to the login form (p.2 above). 5.3 If the user identified by 'Email' exists - the [[System]] emails newly generated password to the user. 5.4 Successful request is logged (see PASSWORD_RESET below) 5.5 User lookup failure is logged (see PASSWORD_RESET_FAILED below) 5.6 Regardless of the result, the following text pops up on top of the login form: "New password has been sent to <<email address entered by the user>>". *6. Audit requirements* The following events are to be saved into the system log: [[User activity event|LOGIN_SUCCESS]] [[User activity event|LOGIN_FAILED_WRONG_PASSWORD]] [[User activity event|PASSWORD_RESET]] [[User activity event|PASSWORD_RESET_FAILED]]