Story - new functionality #6
openEpic - New Feature #3: LSM - User acounts & login
LSM - User Login / Logout and Session Management
Description
User must be able to login to and logout from the LSM platform.
The Login procedure must use following steps:
- User enters user-id (email address); check valid email address format on input
- System checks if User's email exists and if the User Account is active; in case of errors a matching notification will be sent to the screen
- A link containing a unique session key is sent to the (existing) User's email
- User clicks on the link in the email and is redirected back to the LSM platform
- User is logged in automatically and can use the platform's services
Error-messages:
- if no User Account exists for the submitted email address, the following notification is presented:
"No user account exists for email address [email_address]" - if User Account for the submitted email address is not active, the following notification is presented:
"This user account ([email_address]) is currently not activated. Please contact your administrator for support."
Logging:
Attempts to login (failed and successful) must be recorded in a logbook.
Datetime of the last successful login is presented on the screen (after user logged in).
Session-management:
Users may stay logged in to the system after the successfully logged in.
Users must be logged in automatically during 1 week (configurable) after the last successful login.
So the Session-key is valid for 1 week after successful login
After each successful login the SessionKey is refreshed.
Session Keys must be of type UUID to eliminate chances of replay attacks and session hijack.
Updated by Erik Hoekstra about 2 years ago ยท Edited
BTW,
designs for UI/UX can be found on : https://www.figma.com/file/56kLGYXd6bJclPEMudUB3b/Design-Document-%7C-lifesight.me-%5C-Fourtress?type=design&node-id=1743-4215&mode=design&t=dK48iLhhFq8314Do-0