Story
As a user who has forgotten my password, I want to be able to recover my password using my registered email or Unicode username, So that I can regain access to my account securely.
AC1 Forgot Password Page:
Given that a user has forgotten their password,
When they navigate to the "Glömt lösenord" page,
Then they should see input fields allowing them to enter either their registered Unicode username, email, or phone number.
AC2 Option Based on User Data (Email or SMS):
Given that the system supports users with either an email or phone number for password recovery,
When the user submits their Unicode username, email, or phone number,
Then the system should:
Send a recovery link to the email for users registered with an email.
Send an SMS with a recovery code for users registered with a phone number.
AC3 Invalid Email, Username, or Phone Number:
Given that a user enters an invalid or unregistered Unicode username, email, or phone number,
When they click the "Skicka nytt lösenord" button,
Then the system should show an error message, "Den angivna e-postadressen, användarnamn eller telefonnummer existerar inte".
AC4 Email Recovery Process:
Given that a user has entered a valid email or Unicode username,
When they click the "Skicka nytt lösenord" button,
Then an email containing a password recovery link should be sent to the registered email address.
And the user should see a confirmation message on the screen stating, "Ett mejl med återställningslänk har skickats."
AC5 SMS Recovery Process:
Given that a user has entered a valid phone number,
When they click the "Skicka nytt lösenord" button,
Then an SMS containing a recovery code should be sent to the user's registered phone number.
And the user should see a confirmation message on the screen stating, "Ett SMS har skickats till telefonnumret."
AC6 Entering the Recovery Code (SMS):
Given that the user receives an SMS recovery code with simple instructions,
When they return to the password recovery page and enter the code,
Then they should be directed to the secure "Skapa nytt lösenord" page where they can create a new password.
AC7 Password Reset Link (Email):
Given that a user receives the recovery email,
When they click the recovery link,
Then they should be directed to a secure "Skapa nytt lösenord" page where they can create a new password.
AC8 Password Requirements:
Given that the user is on the "Reset Password" page,
When they enter a new password,
Then the system should ensure the new password meets the following requirements:
Contains at least 8 characters
Supports Unicode characters
Contains a mix of letters, numbers, and special characters
And the system should display a validation message if the password does not meet these criteria.
AC9 Successful Password Reset:
Given that a user has entered a valid new password and clicked "Bekräfta",
When the password is successfully updated,
Then the user should be redirected to the login page with a success message, "Du har skapat ett nytt lösenord. Vänligen logga in med ditt nya lösenord."
AC10 Security Measures:
Given that a user is resetting their password,
When the new password is set,
Then the system should invalidate any existing sessions to ensure account security.
Definition of Done
OK from wingmate
Documented
All subtasks done or cancelled
patrik-pwned
commented
2 hours ago
Story As a user who has forgotten my password, I want to be able to recover my password using my registered email or Unicode username, So that I can regain access to my account securely.
AC1 Forgot Password Page: Given that a user has forgotten their password, When they navigate to the "Glömt lösenord" page, Then they should see input fields allowing them to enter either their registered Unicode username, email, or phone number.
AC2 Option Based on User Data (Email or SMS): Given that the system supports users with either an email or phone number for password recovery, When the user submits their Unicode username, email, or phone number, Then the system should:
AC3 Invalid Email, Username, or Phone Number: Given that a user enters an invalid or unregistered Unicode username, email, or phone number, When they click the "Skicka nytt lösenord" button, Then the system should show an error message, "Den angivna e-postadressen, användarnamn eller telefonnummer existerar inte".
AC4 Email Recovery Process: Given that a user has entered a valid email or Unicode username, When they click the "Skicka nytt lösenord" button, Then an email containing a password recovery link should be sent to the registered email address. And the user should see a confirmation message on the screen stating, "Ett mejl med återställningslänk har skickats."
AC5 SMS Recovery Process: Given that a user has entered a valid phone number, When they click the "Skicka nytt lösenord" button, Then an SMS containing a recovery code should be sent to the user's registered phone number. And the user should see a confirmation message on the screen stating, "Ett SMS har skickats till telefonnumret."
AC6 Entering the Recovery Code (SMS): Given that the user receives an SMS recovery code with simple instructions, When they return to the password recovery page and enter the code, Then they should be directed to the secure "Skapa nytt lösenord" page where they can create a new password.
AC7 Password Reset Link (Email): Given that a user receives the recovery email, When they click the recovery link, Then they should be directed to a secure "Skapa nytt lösenord" page where they can create a new password.
AC8 Password Requirements: Given that the user is on the "Reset Password" page, When they enter a new password, Then the system should ensure the new password meets the following requirements:
AC9 Successful Password Reset: Given that a user has entered a valid new password and clicked "Bekräfta", When the password is successfully updated, Then the user should be redirected to the login page with a success message, "Du har skapat ett nytt lösenord. Vänligen logga in med ditt nya lösenord."
AC10 Security Measures: Given that a user is resetting their password, When the new password is set, Then the system should invalidate any existing sessions to ensure account security.
Definition of Done
OK from wingmate Documented All subtasks done or cancelled