NEX-FS02 Login and Account Creation
The Peerplays NEX application functional requirements specification for the login and account creation functions.
1. Purpose
The purpose of this functional specification (FS) document is to detail functional requirements for the Peerplays NEX application (the “app”) relating to the login and account creation functions from a business and user perspective.
2. Document Tracking
2.1. Parent Document
This document is a child document of the NEX Requirements Specification (NEX-RS).
2.2. Categorization
This document relates to the following tags.
App Component
process
Page Fragment
3. Scope
This FS will describe the requirements and basic design for the app’s login and account creation functions.
3.1. Components
Specific components and features covered in this FS include:
account creation
login
logout
reauthentication
4. Document Conventions
For the purpose of traceability, the following code(s) will be used in this functional specification:
The keyword shall
indicates a requirement statement.
The keywords may
, could
, and should
are not requirements but rather indicate items related to requirements that are worthy of consideration.
5. Process Overviews
The processes which will be described here are as follows.
account creation
login
logout
reauthentication
5.1. Account Creation
The (unauthenticated) user navigates to the account creation page. This may have been from a variety of other pages which require the user to be logged in.
The app displays the account creation form. (See Adobe XD screen 16)
The user enters their desired username. Assuming the username is available for this example, an auto-generated master password will be created and displayed to the user. (See Adobe XD screen 17)
The user copies the master password into the confirmation field.
The user Downloads a generated file which contains the user’s master password and username.
The user clicks the “I understand Peerplays cannot recover my lost password” and “I have securely saved my password” check boxes.
The user clicks the “Create Account” button.
The app uses the info supplied by the user to create a new account via a Peerplays faucet.
The app stores the user session data in the local browser storage.
The app loads user specific data based on the local browser storage of user session data.
5.2. Login
The (unauthenticated) user navigates to the login page. This may have been from a variety of other pages which require the user to be logged in. (Adobe XD screen 1)
The app displays a form to the user which requires the user’s username and master password. (Adobe XD screen 2 or Adobe XD screen 18)
The user enters their username and master password and clicks the “Log in” button.
The app validates the username and master password on the blockchain and, if successful, stores the user session data in the local browser storage.
The app loads user specific data based on the local browser storage of user session data.
5.3. Logout
The user clicks or otherwise activates the logout function. This may have been from a menu in the app header or an option on another page.
The app deletes the user session data from the local browser storage.
The app loads generic data for unauthenticated views of app pages.
5.4. Reauthentication
Logged in (authenticated) users will be presented with reauthentication modals when attempting to perform transactional operations on the chain. This includes actions like asset transfers, voting, and placing orders. The user must enter their master password to continue with the transaction.
The app validates the username from the user session data along with the entered master password. If successful, the transaction will continue.
6. Context
The foundation of app security is in providing user accounts. This allows for a personalized experience and gives users a space to manage their data. User accounts also allow the app and the blockchain to operate with transactional operations so the system can fulfill its purposes. The functions of account creation and login/logout are fundamental to the system.
7. Design Wire-frames
Designs for the NEX app login and account creation functions are available here:
DEX Hifi - All tabs with Market
8. Requirements
Requirements specific to the items listed in this FS are as follows.
8.1. Account Creation
The account creation page:
NEX-FS02-1: shall provide user input controls for the following:
username
master password (auto-generated, read-only)
reenter master password (for confirmation)
Link to download master password file
check box for “I understand Peerplays cannot recover my lost password” disclaimer
check box for “I have securely saved my password” disclaimer
button to submit form for account creation
link to login page
NEX-FS02-2: shall perform field input validation which validates the following rules:
(username) Input is not blank
(username) Username is not taken
(username) Input is lowercase and begins with a letter
(username) Input either has no vowels, or has at least one hyphen (-), period (.), or number
(username) Input ends with a letter or number
(username) Input only contains lowercase letters, hyphens, periods, and numbers
(username) Input does not have adjacent hyphens (--) or periods (..)
(username) Input is between 3 and 63 characters long
Note: all of the above rules (except if the username is taken) are contained in this regex string:
(master password confirmation) Input must match the auto-generated master password.
(first disclaimer) Check box must be checked
(second disclaimer) Check box must be checked
NEX-FS02-3: when the download master password file link is clicked, shall initiate a download to the user’s local browser of a password file named Peerplays_account_recovery_<PeerplaysUsername>.txt
which contains the auto-generated master password.
NEX-FS02-4: shall not allow submitting the form until form validation is successful.
NEX-FS02-5: shall, once the validated form is submitted, use the info supplied by the user to create a new account via a Peerplays faucet, store the user session data in the local browser storage, and load either the page the user initially navigated from or the dashboard page.
8.2. Login
NEX-FS02-6: shall provide user input controls for the following:
username
master password
button to submit form for login
link to account creation page
NEX-FS02-7: shall perform field input validation which validates the following rules:
(username) Input is not blank
(master password) Input is not blank
NEX-FS02-8: shall not allow submitting the form until form validation is successful.
NEX-FS02-9: shall, once the validated form is submitted, use the info supplied by the user to validate the user credentials, store the user session data in the local browser storage, and load either the page the user initially navigated from or the dashboard page.
8.3. Logout
NEX-FS02-10: shall, upon user activation of the logout function, delete the user session data from the local browser storage and load the login page.
8.4. Reauthentication
NEX-FS02-11: shall, whenever the user attempts to perform an action that requires a transactional operation on the blockchain, challenge the user by presenting them a form requesting their master password.
NEX-FS02-12: shall provide user input controls for the following:
master password
button to submit form for reauthentication challenge
NEX-FS02-13: shall perform field input validation which validates the following rules:
(master password) Input is not blank
NEX-FS02-14: shall not allow submitting the form until form validation is successful.
NEX-FS02-15: shall, once the validated form is submitted, use the info supplied by the user to validate the user credentials.
NEX-FS02-16: shall, upon successful validation of the reauthentication challenge, allow the transactional operations to proceed using the private keys derived from the user’s master password provided in the form.
9. Appendix A: Glossary
Last updated