Flow Definition of User Session Start & Expiry

[Yousuf24100286]

Description: Add session management for user via database session. and start and expiry of user session from browser and database.

Tasks: Implement an abstract sign-in functionality which takes email and password and starts a new user session Implement an abstract sign-out functionality which deletes the current user session if there is any

Use Cases:

• On plain user sign in
• On user sign up
• On forget password

Concerns Raised for @adeel838 to answer

• Is user supposed to sign in straight after sign up or after email verification completed?
• Is user supposed to sign in on forgot password or led to sign in page to do that mannually?

[adeel838]

Writing user stories to cater to issue

User fills the sign up form and clicks the sign up button. User is redirected to email verification screen which states that a 6 digit numeric code is sent to your email. User retrieves and input the code and is landed into the platform. One thing to note here is that email verification form should have timeout. On expiry, user should be redirected to sign in page and as user signs in, system checks isUserVerified and if false, it should again be redirected to email verification screen.

Edge cases to email verification

1. User does not receives the 6 digit code, resend button should get activated after x minutes and user should be able to resend code by 3 times maximum. After that Error 429: Too many requests should be generated and put the users on cool down for y minutes.
2. User inputs wrong email on sign up. In such case user should sign up again with correct email. Support team can guide the user in these cases.

On forget password: User inputs email and gets verification code and after successful verification, user should be able to able to change the password and after that session should start and user should land inside the portal.