2017-10-08 22:28:46 +00:00
|
|
|
Feature: Authentication scenarii
|
2017-07-26 21:45:26 +00:00
|
|
|
|
|
|
|
Scenario: User succeeds first factor
|
2017-11-02 20:34:07 +00:00
|
|
|
Given I visit "https://login.example.com:8080/"
|
2017-07-26 21:45:26 +00:00
|
|
|
When I set field "username" to "bob"
|
|
|
|
And I set field "password" to "password"
|
|
|
|
And I click on "Sign in"
|
2017-11-02 20:34:07 +00:00
|
|
|
Then I'm redirected to "https://login.example.com:8080/secondfactor"
|
2017-07-26 21:45:26 +00:00
|
|
|
|
|
|
|
Scenario: User fails first factor
|
2017-11-02 20:34:07 +00:00
|
|
|
Given I visit "https://login.example.com:8080/"
|
2017-07-26 21:45:26 +00:00
|
|
|
When I set field "username" to "john"
|
|
|
|
And I set field "password" to "bad-password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
Then I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-07-26 21:45:26 +00:00
|
|
|
|
2017-09-21 20:07:34 +00:00
|
|
|
Scenario: User registers TOTP secret and succeeds authentication
|
2017-11-02 20:34:07 +00:00
|
|
|
Given I visit "https://login.example.com:8080/"
|
2017-07-26 21:45:26 +00:00
|
|
|
And I login with user "john" and password "password"
|
|
|
|
And I register a TOTP secret called "Sec0"
|
2017-11-02 20:34:07 +00:00
|
|
|
When I visit "https://admin.example.com:8080/secret.html"
|
|
|
|
And I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
2017-07-26 21:45:26 +00:00
|
|
|
And I login with user "john" and password "password"
|
|
|
|
And I use "Sec0" as TOTP token handle
|
2017-10-21 23:23:26 +00:00
|
|
|
And I click on "Sign in"
|
2017-11-02 20:34:07 +00:00
|
|
|
Then I'm redirected to "https://admin.example.com:8080/secret.html"
|
2017-07-26 21:45:26 +00:00
|
|
|
|
|
|
|
Scenario: User fails TOTP second factor
|
2017-11-02 20:34:07 +00:00
|
|
|
When I visit "https://admin.example.com:8080/secret.html"
|
|
|
|
And I'm redirected to "https://login.example.com:8080/?redirect=https%3A%2F%2Fadmin.example.com%3A8080%2Fsecret.html"
|
2017-09-02 23:25:43 +00:00
|
|
|
And I login with user "john" and password "password"
|
2017-07-26 21:45:26 +00:00
|
|
|
And I use "BADTOKEN" as TOTP token
|
2017-10-21 23:23:26 +00:00
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
Then I get a notification of type "error" with message "Authentication failed. Have you already registered your secret?"
|
2017-07-26 21:45:26 +00:00
|
|
|
|
2017-09-21 20:07:34 +00:00
|
|
|
Scenario: Logout redirects user to redirect URL given in parameter
|
2017-11-02 20:34:07 +00:00
|
|
|
When I visit "https://login.example.com:8080/logout?redirect=https://home.example.com:8080/"
|
|
|
|
Then I'm redirected to "https://home.example.com:8080/"
|