2017-10-16 22:38:10 +00:00
|
|
|
@needs-regulation-config
|
2017-09-02 23:25:43 +00:00
|
|
|
Feature: Authelia regulates authentication to avoid brute force
|
|
|
|
|
2017-09-21 20:07:34 +00:00
|
|
|
@need-registered-user-blackhat
|
2017-09-02 23:25:43 +00:00
|
|
|
Scenario: Attacker tries too many authentication in a short period of time and get banned
|
|
|
|
Given I visit "https://auth.test.local:8080/"
|
|
|
|
And I set field "username" to "blackhat"
|
|
|
|
And I set field "password" to "bad-password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
And I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-09-02 23:25:43 +00:00
|
|
|
And I set field "password" to "bad-password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
And I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-09-02 23:25:43 +00:00
|
|
|
And I set field "password" to "bad-password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
And I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-09-02 23:25:43 +00:00
|
|
|
When I set field "password" to "password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
Then I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-09-02 23:25:43 +00:00
|
|
|
|
2017-09-21 20:07:34 +00:00
|
|
|
@need-registered-user-blackhat
|
2017-09-02 23:25:43 +00:00
|
|
|
Scenario: User is unbanned after a configured amount of time
|
2017-09-21 20:07:34 +00:00
|
|
|
Given I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fpublic.test.local%3A8080%2Fsecret.html"
|
2017-09-02 23:25:43 +00:00
|
|
|
And I set field "username" to "blackhat"
|
|
|
|
And I set field "password" to "bad-password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
And I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-09-02 23:25:43 +00:00
|
|
|
And I set field "password" to "bad-password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
And I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-09-02 23:25:43 +00:00
|
|
|
And I set field "password" to "bad-password"
|
|
|
|
And I click on "Sign in"
|
2017-10-10 21:03:30 +00:00
|
|
|
And I get a notification of type "error" with message "Authentication failed. Please check your credentials."
|
2017-09-02 23:25:43 +00:00
|
|
|
When I wait 6 seconds
|
|
|
|
And I set field "password" to "password"
|
|
|
|
And I click on "Sign in"
|
2017-09-21 20:07:34 +00:00
|
|
|
And I use "REGISTERED" as TOTP token handle
|
2017-10-21 23:23:26 +00:00
|
|
|
And I click on "Sign in"
|
2017-10-08 15:13:29 +00:00
|
|
|
Then I'm redirected to "https://public.test.local:8080/secret.html"
|