Enable users to log into and out of TTA Smart Hub (IA-2)

[pamlo412]

User Story:
As a Regional TTA specialist, I want to log in to the TTA Smart Hub so I can view, create, or update an activity report. When done, I want to log out, so that I don't enable unauthorized access to the system.

Acceptance Criteria:

1. Navigate to the TTA Smart Hub landing page URL.

2. A welcome page displays. Design details will come later, in # . For this story, just include:

   • a heading that reads "Welcome to TTA Smart Hub!"
   • a link labeled "Log in via HSES"

3. Click the link to direct to the HSES login page.

4. The HSES login page displays: the UAT URL for this page is https://uat.hsesinfo.org/auth/login. (This UAT environment will be the URL for all pre-prod work.)

5. Enter a valid username and password. For MVP work, we can use the UAT credentials we were each provided. They will get us into our own app, but not into anything else on HSES.

6. The system logs the user in successfully and the user lands on the TTA Smart Hub home page, which for this story can be a mostly blank page with just:

   • a success message for us, such as "Welcome, Nancy!"
   • a logout button (any button, no design yet)

7. Click the logout button.

8. The user is logged out and returned to the welcome page, where this message displays: "You have successfully logged out."

Exclusions:

• Aricka's design will be implemented via a later story, Add Design to Login page #67
• Accessibility compliance: this will be testable with this story but it will need to be retested once the design is implemented.
• details on the post-login home page. This page will be implemented via Display list of Activity Reports #5
• logins that are unsuccessful because the username or password is invalid in HSES terms. Since our login leverages the HSES OAuth, HSES will handle these failures.
• help with a forgotten username or password. HSES also handle the forgot username/password functionality. The Help desk that handles access is handled via HSICC (Head Start Information and Communications Center).
• creating a new user. This functionality is also handled by HSES.
• logins that are unsuccessful because the username and password, although valid for HSES, are not valid for TTA Smart Hub. This need will be implemented via a later story
• handling timeouts due to inactivity. This need will be handled via a later story
• logout will log a user out of the Smart Hub but the HSES session remains open. This is fine; we aren't responsible for closing that session.

[rahearn]

Trying to answer some questions here from the card and the call:

1. Users will launch TTADP by navigating their browser to the TTADP URL (exact domain name TBD), or (eventually) by clicking links within HSES to launch TTADP directly to a given grantee
2. OAuth2 workflow means that HSES will maintain the code for validating usernames & passwords, creating new users, forgotten passwords.

The workflow will be the same as any website you currently use that lets you log in with google, facebook, or twitter. The user will get to TTADP, click a "log in with hses" button or link, get redirected to HSES to enter username and password and/or PIV credentials, then get redirected back to TTADP with a token that we can use to verify identity.

The two AC scenarios are valid, but we will just be checking whether we handle the proper responses from HSES, not in our direct handling of usernames and passwords.

[jasalisbury]

Some screenshots of my progress so far

[pamlo412]

@kryswisnaskas and @jasalisbury: we need a bit more information documented in this story:

• the specific URL starting point for logging in
• details on which credentials will work when this story is done: some of us? all of us?

[PatricePascual-ACF]

Very exciting to see the welcome!

Just flagging for myself and for design that the welcome will need to say HS by name - e.g.,
"Welcome to Head Start's TTA Smart Hub" (or the Office of Head Start's - I'll get Sharon's opinion)

(Pam let's talk next week about where I should note tasks like these.)

[pamlo412]

@PatricePascual-ACF Very glad to see you're taking a look at the stories! This version of the login is pre-design. It's purely about getting the functionality up and running. We will implement any content changes you want, as well as design changes requested by @arickalewis1, when we do story #67 . I recommend you note your tasks directly in that story.

[rahearn]

A lot of this work was merged in #69 but it does not work in production yet

[jasalisbury]

@kryswisnaskas and @jasalisbury: we need a bit more information documented in this story:

• the specific URL starting point for logging in

https://tta-smarthub-dev.app.cloud.gov/

• details on which credentials will work when this story is done: some of us? all of us?

The credentials to use are the ones used to login to the UAT HSES environment (https://uat.hsesinfo.org/auth/login)