Decision: Must
Requirement: Login/Logout
T-Shirt: M
As a: registered user,
I want: to securely log in and log out of my account,
So that: I can access my personal information and ensure its security on shared devices.
AC:
• The user can enter their email address and password into the login form.
• Upon successful authentication, the user is redirected to the homepage and marked as ”loggedIn”.
• If the user enters incorrect login information, an error message will appear.
• To prevent brute-force attacks, limit login attempts to 10 per minute.
• After a successful login, a JWT token is saved in the cookies to allow the user to access the
website without having to enter their login credentials again.
• The JWT token remains valid for 24 hours, after which the user will need to log in again.
• On the homepage, the user can easily log out by clicking on a logout button, which will prompt
a confirmation message to ensure that the user intends to log out.
• After logging out, the user must log in again to access the app’s homepage. The user’s status is
set to ”loggedOut”.
Decision: Must Requirement: Login/Logout T-Shirt: M As a: registered user, I want: to securely log in and log out of my account, So that: I can access my personal information and ensure its security on shared devices.
AC: • The user can enter their email address and password into the login form. • Upon successful authentication, the user is redirected to the homepage and marked as ”loggedIn”. • If the user enters incorrect login information, an error message will appear. • To prevent brute-force attacks, limit login attempts to 10 per minute. • After a successful login, a JWT token is saved in the cookies to allow the user to access the website without having to enter their login credentials again. • The JWT token remains valid for 24 hours, after which the user will need to log in again. • On the homepage, the user can easily log out by clicking on a logout button, which will prompt a confirmation message to ensure that the user intends to log out. • After logging out, the user must log in again to access the app’s homepage. The user’s status is set to ”loggedOut”.