Purpose
The SayPro Registration/Login module is a critical feature that enables users to securely create, access, and manage their accounts on the SayPro online marketplace. It supports buyers, sellers, and administrators, ensuring personalized access to relevant marketplace functionalities like product listings, purchasing, selling, and order management.
1. Functional Requirements
1.1 User Registration
- Allow users to sign up using:
- Email and password
- Social logins (e.g., Google, Facebook – optional)
- Required fields:
- Full name
- Email (must be unique)
- Password (minimum 8 characters, at least one special character)
- Phone number (optional but verifiable)
- Confirm password match before submission
- Email verification step (clickable link sent to inbox)
1.2 User Login
- Allow login using:
- Email + Password
- Social logins (if integrated)
- Include:
- “Remember Me” option (persistent session)
- “Forgot Password” flow (reset via email)
- Lock account after multiple failed login attempts (e.g., 5 tries)
1.3 Account Management
- Users can:
- View and edit profile information (name, phone, etc.)
- Change password (requires current password)
- Manage email/phone verification
- View login history (security feature)
2. Security Requirements
- Passwords:
- Stored using bcrypt or Argon2 hashing
- Email verification links expire after 24 hours
- Use HTTPS for all communication
- Implement reCAPTCHA (v2 or v3) on login/registration forms
- JWT or secure session-based authentication
3. Validation Rules
| Field | Rule |
|---|---|
| Full Name | Required, letters only |
| Required, valid format, unique | |
| Password | Required, min 8 characters, strong |
| Phone Number | Optional, must be valid (E.164 format) |
4. UI/UX Design Guidelines
- Clean, user-friendly registration/login forms
- Error feedback in real time (e.g., password strength meter)
- Auto-focus on first input field
- Allow tab navigation between input fields
- Toast or modal confirmations for account actions (e.g., “Profile updated”)
5. API Endpoints (REST Example)
| Endpoint | Method | Description |
|---|---|---|
/api/register | POST | Register new user |
/api/login | POST | Authenticate user |
/api/logout | POST | Logout user |
/api/forgot-password | POST | Send reset link |
/api/reset-password | POST | Set new password |
/api/profile | GET | Get current user profile |
/api/profile | PUT | Update user profile |
6. Database Schema (Simplified)
Users Table
| Field | Type | Constraints |
|---|---|---|
| id | UUID | Primary Key |
| name | String | Not null |
| String | Unique, not null | |
| password_hash | String | Not null |
| phone_number | String | Nullable |
| is_verified | Boolean | Default: false |
| created_at | Timestamp | Default: now() |
7. Acceptance Criteria
- User can successfully register and verify email
- User can log in using correct credentials
- Incorrect logins display proper error messages
- Password reset flow works securely
- Logged-in users can update their profile and password
- Registration and login are protected against common attacks (SQLi, XSS, brute force)