User Stories - GaronSmith/Pursuit-of-empty GitHub Wiki
Login
As an unauthorized user, I want to be able to login to the website via a form, so that I can access my private information.
Questions
- Will the user enter a username or an email address to login?
- User will login via email or and password
- What routes should we use for login?
- User will login via /login route (maybe form at top page )
- Where should the user be redirected after login?
- User will be redirected to the / homepage
- Will we allow OAuth authentication via a third party?
- Not yet -- maybe in a future story
- What happens if the user doesn't exist yet?
- Show the message above the login form "Sorry the email or password was incorrect."
- What happens if the user enters the wrong password?
- Show the message above the login form "Sorry the email or password was incorrect."
- Should this story include allowing a user to reset their password?
- no as email correspondence is out of scope.
- Should logging in use session-based or use token-based authentication?
- This application will use token-based authentication.
Acceptance Criteria
- Given that I'm a logged-out user and
- When I'm on the /login route
- Then there will be a login modal with an email/username and password field and a "Login" button to submit the form.
- When I am on the / homepage
- Then there will be the lay out of current projects with a search bar
- When I try to fill out the form with an invalid email and password combination and press Enter or press the "Login" button
- Then at the top of the form, I will see a red message "Sorry the email or password was incorrect."
- When I try to fill out the form with an email that doesn't exist in the system and press Enter or press the "Login" button
- Then at the top of the form, I will see a red message "Sorry the email or password was incorrect."
- When I try to fill out the form with a valid email and password and press Enter or press the "Login" button
- Then I will be redirected to the homepage at the / route.
- Given that I am a logged-in user
- When I refresh the homepage at the / route then I will still be logged in
- When I view my homepage
- Then I will view the projects I own or am assigned to
- Then I will view the most recent updated projects
Sign-Up
As an unauthorized user, I want to be able to sign up for the website via a signup modal.
Questions
- How long should the user session last?
- 1 week
- What information are we collecting from the user?
- Username, First Name, Last Name, Email Address Password
- Will we confirm their password during signup?
- Yes
- What does the UX look like? What does the form look like? How simple is it?
- UX is a pop up modal
- Where should the user be redirected after signup?
- User will be redirected back to the homepage and logged in
- What happens if the user has signed up previously? What makes a user unique?
- Email and username should be what makes user unique.
- Show the message, "Sorry, that email address or username already exists."
- What are the password requirements?
- At least 6 characters, must include 1 Uppercase, 1 Lowercase, 1 Number
- What happens if the user's password isn't strong enough?
- Assuming the password and password confirm fields are right above the submit button, stay on the same page, and show the message, "Sorry, the password you entered does not meet our requirements."
- Are we allowing sign up via OAuth?
- Not at this time
- Do we need a confirmation email?
- No, as email correspondence is out of scope.
- What routes should we use for sign up?
- User will sign up via /signup route
- If sign up is successful, user will be redirected to /homepage
Log Out
As a user, I want to be able to log out of my account at my leisure. When I click the "Logout" button/link in the user dropdown menu, I want to be able to hide my account information from the rest of the users on this device.
Questions
- Will the user have access to the logout button on each page or just on their profile or homepage?
-
- this is available on each page in the global navbar
- What routes should we use for logout?
-
- /logout
- Where should the user be redirected after logging out?
-
- User should be redirected to the /homepage
Acceptance Criteria
- Given that I'm a user who is currently logged in
- When I'm on the / homepage route
- Then there will be a Logout button/link in the user drop down on the global navbarthat I can click at my leisure, so I will be able to hide my account information
- Given that I am a user that is logged in, when I click the Logout button/link
- Then, I will be redirected to the /homepage and my account information will be hidden