Authentication v2 - cheehongw/functional_expressionism GitHub Wiki
Authentication :key:
In Authentication v2 we seek to create an authentication system which can match the possible improvements we have planned out after reviewing Authentication v1.
Authentication v2 includes these pages: Sign In, Sign Up, Forgot Password, Change Profile, Delete Account and One-time setup (for user who logs in for the first time to configure and customize their account). It also includes a context for the current user and sign out.
Testing
The tests are manually run and currently there is no script to automatically test these.
Sign in (Login) & Forget Password
Action |
Expected Result |
Result |
User attempts to log in using registered and verified email and password |
Login Success |
✔️ |
User attempts to log in using their Google account |
Login Success |
✔️ |
User logs in successfully |
Redirect to the main page or the One-time setup page |
✔️ |
User attempts to log in using unregistered email |
Login Fail |
✔️ |
User attempts to log in using registered email but non-verified |
Login Fail, Notify the user the email is not verified then Send a verification email to the registered email address |
✔️ |
User attempts to log in with the wrong password for the account |
Login Fail |
✔️ |
User attempts to log in using verified email address and correct password, and chose to persist the logged in state |
The user is still logged in after they close the tab or close the browser |
✔️ |
User attempts to log in using verified email address and correct password, and chose not to persist the logged in state |
The user is signed out after they close the tab or close the browser |
✔️ |
User logs in using their Google account |
The user is still logged in after they close the tab or close the browser |
✔️ |
User forgets their password and typed their account email to the forget password form |
A password reset email is sent which contains a link for password changing |
✔️ |
User can log in with a new password after password change |
Login Success |
✔️ |
User attempts to type in non-existant email in the password forget form |
An error is displayed on the screen |
✔️ |
Exploitative use of password reset email to spam password reset email to a email address of an existing account |
Limit the number of password reset email allowed per day |
❌ |
Sign up
Action |
Expected Result |
Result |
User attempts to create an account using their email account and safe password |
Sign up Success |
✔️ |
User attempts to create an account using their Google account |
Sign up Success, redirect the user to the main page or one time |
✔️ |
User creates their account successfully |
Send a verification email, redirect the user to the log in page |
✔️ |
User attempts to create an account with existing email |
Sign up Fail, an error is displayed on the screen |
✔️ |
User attempts to create an account with weak password or no password |
Sign up Fail |
✔️ |
User attempts to sign up using an illegal, but correct syntax email (e.g [email protected]) |
Sign up Fail |
❌ |
User attempts to sign up using a wrong syntax email |
Sign up Fail |
✔️ |
One-time Setup
Action |
Expected Result |
Result |
User logs in for the first time |
Redirect to One-time Setup page |
✔️ |
User provide a unique account username and an image for the account avatar |
User is signed in, gets redirected to the main page |
✔️ |
User does not provide a unique username for the account |
One-time Setup Fail, an error is displayed on the screen |
✔️ |
User does not provide an image to use as the account avatar |
One-time Setup Fail, an error is displayed on the screen |
✔️ |
User logs in using Google account |
User is logged in, does not get redirected to One-time Setup page, instead the main page |
✔️ |
Change Profile (includes Password Change, Avatar Change, Username Change and Delete Account)
Action |
Expected Result |
Result |
User attempts to change their password with a safe password |
User have to type the current password and the new password to a form |
✔️ |
User attempts to change their password with a unsafe password |
Change Password Fail, an error is displayed on the screen |
✔️ |
User attempts to change their password but type in the wrong current password |
Change Password Fail, an error is displayed on the screen |
✔️ |
User changes their password successfully |
Redirect the user to the profile page |
✔️ |
User attempts to change their avatar picture and has selected an image |
Change Avatar Success |
✔️ |
User attempts to change their avatar picture but has not selected an image |
Change Avatar Fail |
✔️ |
User changes their avatar image successfully |
Redirect the user to the profile page with the new avatar image |
✔️ |
User attempts to change their username with a unique username |
Change Username Success |
✔️ |
User attempts to change their username with a invalid or existing username |
Change Username Fail, an error is displayed on the screen |
✔️ |
User changes their username successfully |
Redirect the user to the profile page with the new username |
✔️ |
User attempts to delete their account |
User has to type their current password before deleting the account |
✔️ |
User attempts to delete their account using the wrong password |
Delete Account Fail |
✔️ |
User attemps to delete a Google signed-in account |
Delete Account Success |
❌ |
User deletes their account successfully |
Redirect to the main page, signed out |
✔️ |
User attempts to log in using a deleted account |
Log in Fail, an error is displayed on the screen |
✔️ |
User Context & Page Accessibility & Sign out
Action |
Expected Result |
Result |
User signed in successfully |
Information of the current signed in user (Email, Avatar Image URL, Username) is available to every component when requested by other component |
✔️ |
Signed in user attempts to access pages restricted to signed in users |
User can access the pages |
✔️ |
Non signed in user attempts to access pages restricted to signed in users |
User can not access the pages, instead get redirected to the login page |
✔️ |
Signed in user attempts to access pages not restricted to signed in users |
User can access the pages |
✔️ |
Non signed in user attempts to access pages not restricted to signed in users |
User can access the pages |
✔️ |
User attempts to sign out |
Sign out Success |
✔️ |
Signed out user attempts to access pages restricted to signed in users |
User can not access the pages, instead get redirected to the login page |
✔️ |
Signed out user attempts to go back to pages restricted to signed in users |
User can not access the pages, instead get redirected to the login page |
✔️ |
Signed in user attempts to go to the Sign In, Sign Up and One-time setup page |
Redirect to the main page |
✔️ |
User signing in for the first time and has not done the One-time setup page and attempts to access restricted pages to signed in users |
Redirect to the One-time setup page |
✔️ |
User signing in, attempts to bypass the One-time setup page and go to the pages not restricted to signed in users |
The user is not signed in, avatar icon on the header does not show up |
✔️ |
Non signed in user attempts to access the One-time setup page |
User get redirected to the Login page |
✔️ |