BRS for Forgot Sign in Info interaction

History:
Date Name Details Initial Version Version 1.0

9/24/2012 Shankar Krish

BRS for Forgot Sign in Info interaction

Table of Contents
1 2 Project Purpose/Vision ................................................................................................................................................... 3 Functional Requirements ................................................................................................................................................ 3 2.1 2.2 2.3 Flow Chart - Optional .............................................................................................................................................. 3 Forgot Signin/Password page ................................................................................................................................. 3 Reset Password ....................................................................................................................................................... 5

Last Saved 2013-08-31 01:05:00

Page 2

BRS for Forgot Sign in Info interaction

1 Project Purpose/Vision
The intent is to change the current interaction for processing the Forgot Signin/Password interaction with a more a secure and cleaner one.

2 Functional Requirements
2.1 Flow Chart - Optional
The process flow for the forgot signin/password is depicted by the diagram below, replacing the current flow in the application.
Start

Report that email provided is invalid

Forgot Sigin or Password page

No

Check if user provided email is on guru.com

Yes

Email to user includes link to click for next steps

Send email to user

Check validity of parameters and email (age)

Not Valid

Display message that email is invalid or has expired

Valid

Present Reset Password screen

2.2 Forgot Signin/Password page

The user is taken to this page by clicking on the Forgot Your Username or Password on the sign in page. The layout f or the page is displayed below.

Last Saved 2013-08-31 01:05:00

Page 3

BRS for Forgot Sign in Info interaction

The user is required to enter the email address associated with the account and then click on the Submit button. Default Text Email Address Help Text Not to be displayed Validations Required Field Must be a valid email address Limit to 50 characters Must be a valid email address The email address entered is not associated on Guru.com with any account on Guru.com. Enter a different email or register now. register now will link to the register page. In the event of error in the email information entered (required field and valid email format), the error text will be displayed as shown below. Error Text As in registration page As in registration page

Ignore the difference in the background color in the layout image above. On clicking the submit button: 1. If the user clicks the submit button without entering the email address or the email provided is not on Guru.com, a page level error will be displayed under the Forgot Your Sign in Info? line, using the format as in the register page and the appropriate error text. 2. The database will be updated to indicate that the user was sent an email using the forgot password page 3. The timestamp the entry was made 4. Send an email using the email template. The link in the template will be constructed to include the following details in an encrypted format: 1. Users email address Last Saved 2013-08-31 01:05:00 Page 4

BRS for Forgot Sign in Info interaction 2. Timestamp value saved for the user in the database (point 2) 3. The URL will be www.guru.com/resetpassword?pass=<encrypted-info> 4. Display the information below on the screen without refreshing the page (asynchronously)

If the user does remember the password and logs in, the user will be permitted to login.

2.3 Reset Password

The user arrives at this page by clicking on the link in the email sent to the user. On loading of the page, the following process will be initiated: 1. The query string for pass will be decrypted and analyzed to extract the email address and time stamp values 2. If the timestamp indicates that the email was sent more than 72 hours ago, then the user will be taken to the error page. 3. Search the user information in the database using the email address. If there is no entry or the entry indicates that the user had not requested for reset password Take the user to the error page. 4. Display the page with the layout below

Default Text New password

Help Text Not to be displayed

Validations

Error Text

Validations as in registration Errors as in registration page page

Repeat Password

Not to be displayed

In the event of error in the email information entered, the error text will be displayed as shown below.

Last Saved 2013-08-31 01:05:00

Page 5

BRS for Forgot Sign in Info interaction

Ignore the difference in the background color in the layout image above. On clicking the submit button: 1. Ensure that the two password fields are identical 2. If the user clicks the submit button without entering the password fields or the passwords entered do not match, a page level error will be displayed under the Change Your Password. line, using the format as in the register page and the appropriate error text. 3. Update the database with the new password information 4. Reset the flag indicating that the user had requested for reset password 5. Display the page with the layout below

Sign in will link to the Sign In page.

Last Saved 2013-08-31 01:05:00

Page 6