Skip to content

Software Requirement Specification (SRS) - User Management System

FieldDetail
Company Nameruizdev7
Document TitleUser Management System - SRS
Document NumberSRS-006
Version1.0
Specification Date17-November-24
StatusImplemented
RoleNameDate
Project ManagerJoseph Ruiz17-November-24
Tech LeadJoseph Ruiz17-November-24
VersionDateChanges MadeAuthor
1.017-November-24Initial SRS DocumentationJoseph Ruiz

This document specifies the requirements for the implementation of a User Management System in the ruizdev7 Portfolio application.
The objective is to provide comprehensive user account lifecycle management including registration, authentication, profile management, password reset, role assignment, and administrative controls with audit logging.

The User Management System includes the following components:

  • User Registration: Account creation with email verification support.
  • User Profile Management: View and update user information (name, email, password).
  • Password Management: Secure password change and reset functionality with email tokens.
  • Role Assignment: Administrative capability to assign and manage user roles.
  • User Listing: Administrative interface for viewing all users.
  • Account Deactivation: Soft delete capability for disabling accounts.
  • Email Verification: Token-based email confirmation (future enhancement).
  • Password Reset via Email: Secure token-based password recovery.
  • Multi-Tab Synchronization: Logout synchronization across browser tabs.
  • Audit Logging: Track all user management actions.

The implementation ensures:

  • Secure password hashing with bcrypt
  • Data validation and sanitization
  • Authorization checks for sensitive operations
  • Integration with authentication and authorization systems
  • User Profile: Complete user information including personal details and account metadata.
  • Password Hash: Bcrypt-hashed password stored in database.
  • Reset Token: Time-limited token for password reset via email.
  • Account ID: Unique identifier generated for each user account.
  • Role Assignment: Process of granting permissions to users via role associations.
  • Soft Delete: Marking account as inactive without physical deletion.
  • Multi-Tab Sync: Coordinating authentication state across browser tabs using localStorage events.

Priority: High
Description:

FieldDetail
Use Case NameUser Registration
Subject AreaAccount Management
Business EventThis use case applies when new users want to create an account.
ActorsNew user, Administrator (for admin-created accounts), ruizdev7 Platform.
Use Case OverviewThis use case covers creating new user accounts with validation and security measures.
PreconditionsEmail must not be already registered. For admin creation: admin must be authenticated with users.create permission.
Termination OutcomeNew user account is created with hashed password and unique account ID.
Condition Affecting OutcomeDuplicate email, invalid input format, or database errors.
Use Case DescriptionThe system validates user input (first name, middle name, last name, email, password), checks for duplicate email, hashes the password using bcrypt, generates unique account ID, creates user record, and logs the action.
Use Case AssociationsUC-042: User Login (SRS-005), UC-045: Assign User Role.
Traceability ToSRS-006.
Input SummaryFirst name, middle name (optional), last name, email (unique), password (min 8 chars).
Output SummaryCreated user with sanitized data (no password in response).
Usability IndexCritical, entry point for new users.
Use Case NotesPassword must meet complexity requirements. Email format validated. Account ID generated automatically.
CriterionDescription / Acceptance Condition
User CreationNew users can register with unique email addresses.
Password SecurityPasswords hashed with bcrypt, never stored or returned in plain text.
Profile ViewingUsers can view their own profile; admins can view all profiles.
Profile UpdatesUsers can update name and email with proper validation.
Password ChangesUsers can change password with current password verification.
Password ResetUsers can reset forgotten passwords via email token.
Role AssignmentAdmins can assign multiple roles to users.
Email UniquenessSystem prevents duplicate email registrations.
Token SecurityReset tokens expire after 1 hour and are single-use.
Audit LoggingAll user management actions are logged with details.
AuthorizationProper permission checks for all administrative operations.
CategoryRequirement
PerformanceUser operations <300ms, list queries <500ms.
SecurityBcrypt password hashing (cost factor 12), secure token generation, HTTPS required in production.
Availability99.95% uptime for user management services.
ScalabilitySupport for 100,000+ user accounts.
UsabilityIntuitive profile management interface, clear error messages.
Data IntegrityEmail uniqueness constraints, foreign key integrity.
AuditabilityComplete audit trail for all account modifications.
ComplianceGDPR-compliant data handling, right to erasure support.

Table: tbl_users

  • ccn_user (Primary Key, Auto-increment)
  • first_name (String, Max 50 chars, Required)
  • middle_name (String, Max 50 chars, Optional)
  • last_name (String, Max 50 chars, Required)
  • email (String, Unique, Required, Indexed)
  • password (String, Bcrypt hash, Required)
  • account_id (String, Unique, Auto-generated)
  • is_active (Boolean, Default: True)
  • email_verified (Boolean, Default: False)
  • created_at (Timestamp, Auto-generated)
  • updated_at (Timestamp, Auto-updated)
  • last_login (Timestamp, Nullable)

Relationships:

  • One-to-Many with tbl_user_roles
  • One-to-Many with tbl_posts (as author)
  • One-to-Many with tbl_pumps (as owner)
MethodEndpointDescriptionAuthPermission
POST/api/v1/usersCreate userYesusers.create (admin) or None (self-registration)
GET/api/v1/usersList all usersYesusers.read
GET/api/v1/users/{id}Get user detailsYesusers.read or self
PUT/api/v1/users/{id}Update userYesusers.update or self
DELETE/api/v1/users/{id}Deactivate userYesusers.delete
GET/api/v1/whoamiGet current userYesNone
PUT/api/v1/users/{id}/emailChange emailYesSelf only
PUT/api/v1/users/{id}/passwordChange passwordYesSelf only
POST/api/v1/forgot-passwordRequest reset tokenNoNone
POST/api/v1/reset-passwordReset password with tokenNoNone
POST/api/v1/users/{id}/rolesAssign roleYesusers.update
DELETE/api/v1/users/{id}/roles/{role}Remove roleYesusers.update

SchemaUser (Marshmallow):

  • first_name: Required, String, 1-50 chars
  • middle_name: Optional, String, max 50 chars
  • last_name: Required, String, 1-50 chars
  • email: Required, Valid email format, unique
  • password: Required on creation, min 8 chars, complexity requirements

UpdateEmailSchema:

  • current_password: Required for verification
  • new_email: Required, valid email format, unique

UpdatePasswordSchema:

  • current_password: Required for verification
  • new_password: Required, min 8 chars, must differ from current

ForgotPasswordSchema:

  • email: Required, must exist in system

ResetPasswordSchema:

  • token: Required, must be valid and not expired
  • new_password: Required, min 8 chars
  1. Request Reset:

    • POST /api/v1/forgot-password with email
    • System generates secure random token
    • Token stored with 1-hour expiration
    • Email sent with reset link: /reset-password?token={token}
  2. Reset Password:

    • User clicks link, enters new password
    • POST /api/v1/reset-password with token and new password
    • System validates token and expiration
    • Password updated, token invalidated
    • User redirected to login

Authentication:

  • Login.jsx - User login form
  • SignUp.jsx - User registration form
  • ForgetPassword.jsx - Password reset request
  • ChangePassword.jsx - Password change form

User Management:

  • UserProfile.jsx - Profile display and edit
  • UserView.jsx - User detail view
  • UserManagement.jsx - Admin user list

Authorization:

  • PermissionGuard.jsx - Component-level permission checks
  • RoleGuard.jsx - Component-level role checks
  • PermissionsDashboard.jsx - User permissions overview
  1. Password Hashing:

    • Bcrypt with cost factor 12
    • Salt automatically generated
    • One-way hashing (cannot be decrypted)
  2. Password Requirements:

    • Minimum 8 characters
    • Recommended: mix of uppercase, lowercase, numbers, symbols
  3. Reset Token Security:

    • Cryptographically secure random generation (secrets.token_urlsafe)
    • 1-hour expiration
    • Single-use (invalidated after reset)
    • Stored securely (consider Redis in production)
  4. Authorization:

    • JWT token validation
    • Permission-based access control
    • Self-service operations (users can modify own data)
    • Admin-only operations protected
  5. Input Validation:

    • Email format validation
    • SQL injection prevention via ORM
    • XSS prevention through sanitization

Flask-Mail Setup:

  • SMTP configuration for password reset emails
  • HTML email templates
  • Asynchronous sending for performance
  • Delivery status tracking

Email Templates:

  • Password reset with secure link
  • Welcome email (optional)
  • Email verification (future)

Implementation:

  • localStorage for state persistence
  • Storage event listeners for cross-tab communication
  • Logout propagation across all tabs
  • Token refresh synchronization

Hook: useMultiTabSync.js

  • Monitors authentication state
  • Broadcasts logout events
  • Synchronizes token updates
FieldDetail
Stakeholdersruizdev7 Team, System Users, Administrators
Attachments[API_DOCUMENTATION.md], [ROLES_AND_PERMISSIONS.md]
Tech StackFlask, SQLAlchemy, Marshmallow, Flask-Mail, bcrypt, React
Frontend ComponentsLogin, SignUp, UserProfile, UserManagement, ChangePassword, ForgetPassword
Frontend HooksuseMultiTabSync, usePermissions
Name/TitleSignatureDate
Client Representativeruizdev717-November-24
Company Representativeruizdev717-November-24