588: Forgot Password

Test Case #: 588	Test Case Name: Forgot Password
System: OpenLMIS	Subsystem: Auth
Test case designed by: Anna Czyrko	Design Date:24.08.2016
Short description: Acceptance: The OPenLMIS login screen offers a Forgot Password link. The link requests the email address of the User. If a matching user record is found, the systems marks the User record in a reset state, and sends an email to the user with a special reset link the user clicks the link and enters a web form, accepting a new password from the user. After saved, the user must login with the new password to access OpenLMIS the reset link is usable one time. Once clicked, it cannot be used again to reset a password. the reset link expires after a configurable amount of time, defaulted to 12 hours. if this is enabled via an API, the system-level authorization is required (so lower-authenticated users can't use the API to set other people's passwords!)

Pre – conditions:


Step	Action	Expected system response	Comment
1	In Postman enter: in URL: http://localhost:8080/api/users/forgotPassword?email=test@openlmis.org Method: POST		In console should appears password reset token.
2	Change password. In Postman enter: In URL: http://localhost:8080/api/users/changePassword Method: POST BODY: { "token": token from console, "newPassword": ... }
3	Check if the password is changed. In Postman enter: In URL: http://localhost:8080/oauth/token?grand_type=password&username=admin&password=passwordNew Basic authorization: username and password Method: POST
4	In Postman enter: In URL: http://localhost:8080/api/users?access_token= <generated token> Method: GET

Post – conditions: