david0521 / swedenUniServer

The backend part of the swedenUni
0 stars 0 forks source link

Develop Authentication Method #31

Closed david0521 closed 4 months ago

david0521 commented 4 months ago

Related Requirements

Requirements Related to Authentication

FR1: The system shall distinguish the users based on the purpose of sign up. FR2: The system shall require different information based on the type of the user. FR3: The system shall provide user registration functionality where users can create accounts using a valid email address and password. FR4: The system shall authenticate users at login by verifying the entered credentials (username and password) against stored user information. FR5: The system shall prohibit the creation of duplicate accounts by comparing the email with the emails in the database. FR6: The system shall block the user's account for 5 minutes after 5 consecutive login failures. FR7: The system shall provide an option to change the password by authorizing through email. FR8: The administrator account shall only be created through direct modification from the database.

Requirements Related to User Accounts

FR1: The system shall distinguish the users based on prospective student accounts (parent account), and real student account. FR2: The prospective student account shall be exchanged to real student account once they get admitted.

Additional Requirement

User Stories

As a prospective student, I would like to be able to sign up with an option to submit the prerequisites I satisfy, and my merit point, so that I can get the best recommendations for the programs. As a real student who is studying in a Swedish University, I would like to be able to sign up as a student from that university, so that my advice can look more authentic As a user, I would like to be able to reset my password in case I forget, so that I don't have to recreate a new account As an administrator, I would like the user's account to be shut down for 5 minutes after 5 consecutive failures, so that the user's information can be kept safe. As an administrator, I would like to prohibit same users from creating multiple account, so that I can keep the management fee low. As an administrator, I would like to keep the sensitive information (merit point) in a secured way, so that nothing bad can happen in case of a data leak.

Acceptance Criteria