Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Test Case #: 588

Test Case Name: Forgot Password

System: OpenLMIS

Subsystem: Auth

Test case designed by: Anna Czyrko

Design Date:24.08.2016

Short description

 

Acceptance:

  • The OPenLMIS login screen offers a Forgot Password link.
  • The link requests the email address of the User. If a matching user record is found, the systems marks the User record in a reset state, and sends an email to the user with a special reset link
  • the user clicks the link and enters a web form, accepting a new password from the user. After saved, the user must login with the new password to access OpenLMIS
  • the reset link is usable one time. Once clicked, it cannot be used again to reset a password.
  • the reset link expires after a configurable amount of time, defaulted to 12 hours.
  • if this is enabled via an API, the system-level authorization is required (so lower-authenticated users can't use the API to set other people's passwords!)

                                                                                                                                                   

...