Add doc on sign up

1efd8ff6 · FORESTIER Fabien · 4a54e0e0 · 1efd8ff6 · 4a54e0e0 · 1efd8ff6
Commit 1efd8ff6 authored 5 years ago by FORESTIER Fabien
--- a/docs/components/custom-apps/web-app/header.md
+++ b/docs/components/custom-apps/web-app/header.md
@@ -50,4 +50,4 @@ This button can have different behaviors. If the user is anonymous, a click will

 * access to the user profil page
 * access to the user data accesses page
-* sign out
\ No newline at end of file
+* sign out
--- a/docs/components/custom-apps/web-app/sign-up-in-out.md
+++ b/docs/components/custom-apps/web-app/sign-up-in-out.md
--- a/docs/components/custom-apps/web-app/user-management.md
+++ b/docs/components/custom-apps/web-app/user-management.md
+# User management
+
+## Sign up
+
+There are two steps to create an account on data.grandlyon.com.
+
+First of all the user must go to the sign up page accessible from the login page and fill the form. A few information are required such as the firstname, the lastname and the email. A password also has to be entered. It must:
+
+* have at least 6 characters
+* contain at least one special character
+* contain at least one uppercased character
+* contain at least one lowercased character
+* contain at least one number
+
+Passwords are always encrypted with a public key retrieved from the `legacy auth middleware` before they are sent accross the network. Only the legacy auth middleware knows the private key that allow the decryption of the password.
+
+Before being able to submit the form, the user has to accept the general terms of use and the processing of its information.
+
+When the form is submitted, the account is not directly created. In fact, a request is made to the [legacy auth middleware](../../middlewares/legacy-auth.md). The service stores temporarily the user account information in a Redis database and send an email to the user's email address through the [email service](../../services/mailer.md). The purpose of this email is to confirm the validity of the user's email address. Indeed the email contains a unique link which expires after 24h.
+
+The link is actually a link to the login page of our application that includes a `token` query param. When the `LoginComponent` of the Angular app detects a `token` param in the url, it sends an HTTP request to the `Legacy auth middleware` including the token. If the token is still valid the user account associated with this token is created in the real user database of the [legacy auth service](../../core/legacy-auth.md).
+
+For more information about this process read [this](../../../miscellaneous/authentication&authorization.md) section of the documentation.
+
+## Sign in
+
+## Sign out
+
+## Account deletion