Authentication v2 - cheehongw/functional_expressionism GitHub Wiki

Authentication :key:

In Authentication v2 we seek to create an authentication system which can match the possible improvements we have planned out after reviewing Authentication v1. Authentication v2 includes these pages: Sign In, Sign Up, Forgot Password, Change Profile, Delete Account and One-time setup (for user who logs in for the first time to configure and customize their account). It also includes a context for the current user and sign out.

Testing

The tests are manually run and currently there is no script to automatically test these.

Sign in (Login) & Forget Password

Action Expected Result Result
User attempts to log in using registered and verified email and password Login Success ✔️
User attempts to log in using their Google account Login Success ✔️
User logs in successfully Redirect to the main page or the One-time setup page ✔️
User attempts to log in using unregistered email Login Fail ✔️
User attempts to log in using registered email but non-verified Login Fail, Notify the user the email is not verified then Send a verification email to the registered email address ✔️
User attempts to log in with the wrong password for the account Login Fail ✔️
User attempts to log in using verified email address and correct password, and chose to persist the logged in state The user is still logged in after they close the tab or close the browser ✔️
User attempts to log in using verified email address and correct password, and chose not to persist the logged in state The user is signed out after they close the tab or close the browser ✔️
User logs in using their Google account The user is still logged in after they close the tab or close the browser ✔️
User forgets their password and typed their account email to the forget password form A password reset email is sent which contains a link for password changing ✔️
User can log in with a new password after password change Login Success ✔️
User attempts to type in non-existant email in the password forget form An error is displayed on the screen ✔️
Exploitative use of password reset email to spam password reset email to a email address of an existing account Limit the number of password reset email allowed per day

Sign up

Action Expected Result Result
User attempts to create an account using their email account and safe password Sign up Success ✔️
User attempts to create an account using their Google account Sign up Success, redirect the user to the main page or one time ✔️
User creates their account successfully Send a verification email, redirect the user to the log in page ✔️
User attempts to create an account with existing email Sign up Fail, an error is displayed on the screen ✔️
User attempts to create an account with weak password or no password Sign up Fail ✔️
User attempts to sign up using an illegal, but correct syntax email (e.g [email protected]) Sign up Fail
User attempts to sign up using a wrong syntax email Sign up Fail ✔️

One-time Setup

Action Expected Result Result
User logs in for the first time Redirect to One-time Setup page ✔️
User provide a unique account username and an image for the account avatar User is signed in, gets redirected to the main page ✔️
User does not provide a unique username for the account One-time Setup Fail, an error is displayed on the screen ✔️
User does not provide an image to use as the account avatar One-time Setup Fail, an error is displayed on the screen ✔️
User logs in using Google account User is logged in, does not get redirected to One-time Setup page, instead the main page ✔️

Change Profile (includes Password Change, Avatar Change, Username Change and Delete Account)

Action Expected Result Result
User attempts to change their password with a safe password User have to type the current password and the new password to a form ✔️
User attempts to change their password with a unsafe password Change Password Fail, an error is displayed on the screen ✔️
User attempts to change their password but type in the wrong current password Change Password Fail, an error is displayed on the screen ✔️
User changes their password successfully Redirect the user to the profile page ✔️
User attempts to change their avatar picture and has selected an image Change Avatar Success ✔️
User attempts to change their avatar picture but has not selected an image Change Avatar Fail ✔️
User changes their avatar image successfully Redirect the user to the profile page with the new avatar image ✔️
User attempts to change their username with a unique username Change Username Success ✔️
User attempts to change their username with a invalid or existing username Change Username Fail, an error is displayed on the screen ✔️
User changes their username successfully Redirect the user to the profile page with the new username ✔️
User attempts to delete their account User has to type their current password before deleting the account ✔️
User attempts to delete their account using the wrong password Delete Account Fail ✔️
User attemps to delete a Google signed-in account Delete Account Success
User deletes their account successfully Redirect to the main page, signed out ✔️
User attempts to log in using a deleted account Log in Fail, an error is displayed on the screen ✔️

User Context & Page Accessibility & Sign out

Action Expected Result Result
User signed in successfully Information of the current signed in user (Email, Avatar Image URL, Username) is available to every component when requested by other component ✔️
Signed in user attempts to access pages restricted to signed in users User can access the pages ✔️
Non signed in user attempts to access pages restricted to signed in users User can not access the pages, instead get redirected to the login page ✔️
Signed in user attempts to access pages not restricted to signed in users User can access the pages ✔️
Non signed in user attempts to access pages not restricted to signed in users User can access the pages ✔️
User attempts to sign out Sign out Success ✔️
Signed out user attempts to access pages restricted to signed in users User can not access the pages, instead get redirected to the login page ✔️
Signed out user attempts to go back to pages restricted to signed in users User can not access the pages, instead get redirected to the login page ✔️
Signed in user attempts to go to the Sign In, Sign Up and One-time setup page Redirect to the main page ✔️
User signing in for the first time and has not done the One-time setup page and attempts to access restricted pages to signed in users Redirect to the One-time setup page ✔️
User signing in, attempts to bypass the One-time setup page and go to the pages not restricted to signed in users The user is not signed in, avatar icon on the header does not show up ✔️
Non signed in user attempts to access the One-time setup page User get redirected to the Login page ✔️