A user must register a username and password to access the system.
Basic Path
The use case starts when a user is logged in and indicates they want to change their password.
The system requests the current password to verify that the password change is secure.
The user enters a current password.
The system checks that the username corresponds to the existing password (preferably a secure password hash using bCrypt library) in the database.
A successful match is found and therefore the system requests the user to enter a new password which conforms to a specific set of requirements.
The user enters the new password.
The system validates that the new password matches the aforementioned validation requirements.
The system successfully updates the password.
The system displays a successful message on the screen and sends a password change confirmation email to the user's email address.
Alternative Paths
Step 4: If the password does not match the existing password hash, the system displays an error message and the use case goes back to step 2.
Step 7: If the user's new password does not conform to password validation requirements, an error message is displayed and the use case repeats step 6.
Exception Paths
The user can cancel the operation at any time.
Preconditions
The user is logged into the system.
Postconditions
The user's password is now changed, and they should continue to login using the new password from now on.
A user must register a username and password to access the system.
Basic Path
The use case starts when a user is logged in and indicates they want to change their password. The system requests the current password to verify that the password change is secure. The user enters a current password. The system checks that the username corresponds to the existing password (preferably a secure password hash using bCrypt library) in the database. A successful match is found and therefore the system requests the user to enter a new password which conforms to a specific set of requirements. The user enters the new password. The system validates that the new password matches the aforementioned validation requirements. The system successfully updates the password. The system displays a successful message on the screen and sends a password change confirmation email to the user's email address. Alternative Paths
Step 4: If the password does not match the existing password hash, the system displays an error message and the use case goes back to step 2.
Step 7: If the user's new password does not conform to password validation requirements, an error message is displayed and the use case repeats step 6.
Exception Paths
The user can cancel the operation at any time.
Preconditions
The user is logged into the system.
Postconditions
The user's password is now changed, and they should continue to login using the new password from now on.