Skip to content

Detailed Epic - User Login

Epic Overview

The User Management epic is the starting point of our feedback system. It establishes the foundation for authentication and authorization, allowing different types of users (employees, PDMs, and administrators) to access specific functionalities according to their roles.

This epic covers the following functionality:

  1. Platform Login: Allow employees and PDMs to log into the platform and, if it's their first time, set a password.

User View

AS an employee, PDM, or administrator I WANT to log into the platform SO THAT I can access my data and functionalities associated with my profile

Business Narrative

Allow employees, PDMs, and administrators to log into the platform and have access to the functionalities associated with their profiles. If it is the first access, allow the password to be set.

Screen Flow

LOGIN

  1. The user accesses the login page.
  2. The system displays fields for entering email and password.
  3. The user enters their email and password.
  4. The user clicks the "Login" button.
  5. The system validates the credentials:
    1. If there is an error, it displays an error message and allows a new attempt.
    2. If successful, it starts a session containing the logged-in user's data.
  6. The system redirects the user to the platform's home page.

FIRST ACCESS

  1. The user clicks the "First Access" button:
  2. The user enters their email, password, and password confirmation.
  3. The user clicks the "Save Password" button.
  4. The system validates if the user is already pre-registered.
    1. If not pre-registered, it displays an error message.
    2. If pre-registered, a new field is displayed for the user to enter the access code.
  5. The user receives the system-generated access code by email.
  6. The user enters this code.
  7. The system validates the code.
    1. If correct, the system displays a confirmation message that the password was set successfully, and the user is redirected to the login screen.
    2. If incorrect, it displays an error message.

FORGOT MY PASSWORD

  1. The user clicks the "Forgot Password" button:
  2. The user enters their email, new password, and password confirmation.
  3. The user clicks the "Save Password" button.
  4. The system validates if the user is already registered.
    1. If not registered, it displays an error message.
    2. If registered, a new field is displayed for the user to enter the access code.
  5. The user receives the system-generated access code by email.
  6. The user enters this code.
  7. The system validates the code.
    1. If correct, the system displays a confirmation message that the password was set successfully, and the user is redirected to the login screen.
    2. If incorrect, it displays an error message.

Non-Functional Requirements

  • The system must generate a JWT token with user data in the claims, including PDM information.

Acceptance Criteria

  • The system must allow employees, PDMs, and administrators to log in.
  • The system must display a screen to set a password if it is the user's first access.
  • The system must display a screen to reset the password if the user has forgotten it.
  • The administrator must also log into the system, but they are only registered via a command line.

Stories Overview

mmd

Platform Login

  1. Module Setup

    • Configure the Spring Boot project for the user management microservice.
    • Configure the PostgreSQL database.
    • Configure the security library for JWT.

  2. Create command line for administrator registration

    • Implement a CommandLineRunner for administrator registration.
    • Add password encryption with BCrypt.
    • Implement data validations.

  3. Set Password on First Login

    • Create the first access screen with fields for email, new password, and repeat new password.
    • Create a button to send the security code.
    • Implement an endpoint to send the security code, which generates the code and sends it via email (OTP).
    • Implement an endpoint for setting the password, which receives the password and security code.

  4. Login flow for employees, admin, and PDM

    • Implement the login screen with login and password fields.
    • Implement an endpoint for login, validating email and password (Use BCrypt for password validation and storage).
    • Implement error handling; the backend sends messages to be displayed on the frontend.

  5. Implementation of the security code (One Time Password)

    • After logging in with email and password, redirect to the security code (OTP) screen.
    • Implement the security code (OTP) validation screen.
    • Implement a service to send the security code (OTP).
    • Implement an endpoint to receive and validate the security code (OTP).

  6. User session management

    • Implement a service for JWT token generation.
    • Include relevant claims in the token (ID, name, email, type, PDM).
    • Configure the token expiration time.
    • Store the JWT token in local storage.
    • Implement an interceptor to include the token in requests.

  7. Apply admin access block filter

    • Implement the security filter for administrative routes in the backend.
    • Implement middleware that restricts access to private routes.
    • Configure role-based authorization (NextJS Middleware that checks access for specific roles to specific routes).