Authentication v2 - cheehongw/functional_expressionism GitHub Wiki
Authentication :key:
In Authentication v2 we seek to create an authentication system which can match the possible improvements we have planned out after reviewing Authentication v1. Authentication v2 includes these pages: Sign In, Sign Up, Forgot Password, Change Profile, Delete Account and One-time setup (for user who logs in for the first time to configure and customize their account). It also includes a context for the current user and sign out.
Testing
The tests are manually run and currently there is no script to automatically test these.
Sign in (Login) & Forget Password
| Action | Expected Result | Result |
|---|---|---|
| User attempts to log in using registered and verified email and password | Login Success | ✔️ |
| User attempts to log in using their Google account | Login Success | ✔️ |
| User logs in successfully | Redirect to the main page or the One-time setup page | ✔️ |
| User attempts to log in using unregistered email | Login Fail | ✔️ |
| User attempts to log in using registered email but non-verified | Login Fail, Notify the user the email is not verified then Send a verification email to the registered email address | ✔️ |
| User attempts to log in with the wrong password for the account | Login Fail | ✔️ |
| User attempts to log in using verified email address and correct password, and chose to persist the logged in state | The user is still logged in after they close the tab or close the browser | ✔️ |
| User attempts to log in using verified email address and correct password, and chose not to persist the logged in state | The user is signed out after they close the tab or close the browser | ✔️ |
| User logs in using their Google account | The user is still logged in after they close the tab or close the browser | ✔️ |
| User forgets their password and typed their account email to the forget password form | A password reset email is sent which contains a link for password changing | ✔️ |
| User can log in with a new password after password change | Login Success | ✔️ |
| User attempts to type in non-existant email in the password forget form | An error is displayed on the screen | ✔️ |
| Exploitative use of password reset email to spam password reset email to a email address of an existing account | Limit the number of password reset email allowed per day | ❌ |
Sign up
| Action | Expected Result | Result |
|---|---|---|
| User attempts to create an account using their email account and safe password | Sign up Success | ✔️ |
| User attempts to create an account using their Google account | Sign up Success, redirect the user to the main page or one time | ✔️ |
| User creates their account successfully | Send a verification email, redirect the user to the log in page | ✔️ |
| User attempts to create an account with existing email | Sign up Fail, an error is displayed on the screen | ✔️ |
| User attempts to create an account with weak password or no password | Sign up Fail | ✔️ |
| User attempts to sign up using an illegal, but correct syntax email (e.g [email protected]) | Sign up Fail | ❌ |
| User attempts to sign up using a wrong syntax email | Sign up Fail | ✔️ |
One-time Setup
| Action | Expected Result | Result |
|---|---|---|
| User logs in for the first time | Redirect to One-time Setup page | ✔️ |
| User provide a unique account username and an image for the account avatar | User is signed in, gets redirected to the main page | ✔️ |
| User does not provide a unique username for the account | One-time Setup Fail, an error is displayed on the screen | ✔️ |
| User does not provide an image to use as the account avatar | One-time Setup Fail, an error is displayed on the screen | ✔️ |
| User logs in using Google account | User is logged in, does not get redirected to One-time Setup page, instead the main page | ✔️ |
Change Profile (includes Password Change, Avatar Change, Username Change and Delete Account)
| Action | Expected Result | Result |
|---|---|---|
| User attempts to change their password with a safe password | User have to type the current password and the new password to a form | ✔️ |
| User attempts to change their password with a unsafe password | Change Password Fail, an error is displayed on the screen | ✔️ |
| User attempts to change their password but type in the wrong current password | Change Password Fail, an error is displayed on the screen | ✔️ |
| User changes their password successfully | Redirect the user to the profile page | ✔️ |
| User attempts to change their avatar picture and has selected an image | Change Avatar Success | ✔️ |
| User attempts to change their avatar picture but has not selected an image | Change Avatar Fail | ✔️ |
| User changes their avatar image successfully | Redirect the user to the profile page with the new avatar image | ✔️ |
| User attempts to change their username with a unique username | Change Username Success | ✔️ |
| User attempts to change their username with a invalid or existing username | Change Username Fail, an error is displayed on the screen | ✔️ |
| User changes their username successfully | Redirect the user to the profile page with the new username | ✔️ |
| User attempts to delete their account | User has to type their current password before deleting the account | ✔️ |
| User attempts to delete their account using the wrong password | Delete Account Fail | ✔️ |
| User attemps to delete a Google signed-in account | Delete Account Success | ❌ |
| User deletes their account successfully | Redirect to the main page, signed out | ✔️ |
| User attempts to log in using a deleted account | Log in Fail, an error is displayed on the screen | ✔️ |
User Context & Page Accessibility & Sign out
| Action | Expected Result | Result |
|---|---|---|
| User signed in successfully | Information of the current signed in user (Email, Avatar Image URL, Username) is available to every component when requested by other component | ✔️ |
| Signed in user attempts to access pages restricted to signed in users | User can access the pages | ✔️ |
| Non signed in user attempts to access pages restricted to signed in users | User can not access the pages, instead get redirected to the login page | ✔️ |
| Signed in user attempts to access pages not restricted to signed in users | User can access the pages | ✔️ |
| Non signed in user attempts to access pages not restricted to signed in users | User can access the pages | ✔️ |
| User attempts to sign out | Sign out Success | ✔️ |
| Signed out user attempts to access pages restricted to signed in users | User can not access the pages, instead get redirected to the login page | ✔️ |
| Signed out user attempts to go back to pages restricted to signed in users | User can not access the pages, instead get redirected to the login page | ✔️ |
| Signed in user attempts to go to the Sign In, Sign Up and One-time setup page | Redirect to the main page | ✔️ |
| User signing in for the first time and has not done the One-time setup page and attempts to access restricted pages to signed in users | Redirect to the One-time setup page | ✔️ |
| User signing in, attempts to bypass the One-time setup page and go to the pages not restricted to signed in users | The user is not signed in, avatar icon on the header does not show up | ✔️ |
| Non signed in user attempts to access the One-time setup page | User get redirected to the Login page | ✔️ |