[AUTH] - Login a user with email and password
AndrewAllison opened this issue · comments
Overview
We need to be able to login a user with an email and password
Criteria
Scenario 1 - Valid email and password
- The user sends an email and password to the server
- The email and password are validate
- The system returns a success status with an access token
Scenario 2 - Unrecognised email
- The user sends an email and password to the server
- The email provided is not recognised by the system
- The system returns a 401 Unauthenticated status with a message left ambiguous as to if it was teh password failed or if it was n unrecognised email. This follows OWASP best practices.
Scenario 3 - Invalid
- The user sends an email and password to the server
- The password provided is invalid
- The system returns a 401 Unauthenticated status with a message left ambiguous as to if it was teh password failed or if it was n unrecognised email. This follows OWASP best practices.