Closed VictorKwong closed 1 month ago
A login page is created where users can enter their email and password. The system validates the user's credentials. Checks if the email exists in the user table. Verifies if the password matches the stored (encrypted) password. Ensures the user has confirmed their email. Users are successfully logged in and redirected to the dashboard upon successful login. Users who have not confirmed their email receive an appropriate error message.
User Login via Email and Password
User Story
As a user, I want to log in to the platform using my email and password so that I can securely access my account and view my sensor data.
Description
This use case involves implementing a user login process where users can authenticate themselves using their registered email and password. The system should validate the user's credentials, and if correct, grant access to their account. If the user has not yet confirmed their email during registration, they will not be able to log in. Passwords must be securely checked using best practices, and proper error messages should be displayed for failed login attempts.
Acceptance Criteria
Testing
Normal Flow of Events
The user navigates to the login page. The user enters their registered email and password. The system validates the credentials and checks if the user has confirmed their email. If everything is correct, the user is logged in and redirected to the dashboard. The user can now access their account and view their sensor data
Alternate/Exceptional Flows:
S-1: Incorrect email or password
The user enters an incorrect email or password. The system shows an error message: "Incorrect email or password."
S-2: Unconfirmed email
The user has not confirmed their email after registration. The system prevents login and shows an error message: "Please confirm your email before logging in."
S-3: Account is locked after multiple failed attempts
The user attempts multiple failed logins in a short period. The system locks the account or temporarily blocks further attempts to prevent brute-force attacks.