2019-04-24 21:52:08 +00:00
|
|
|
import { StartDriver, StopDriver } from "../../helpers/context/WithDriver";
|
|
|
|
import LoginAs from "../../helpers/LoginAs";
|
|
|
|
import VerifyNotificationDisplayed from "../../helpers/assertions/VerifyNotificationDisplayed";
|
|
|
|
import VerifyIsSecondFactorStage from "../../helpers/assertions/VerifyIsSecondFactorStage";
|
|
|
|
import ClearFieldById from "../behaviors/ClearFieldById";
|
|
|
|
|
|
|
|
export default function(regulationMilliseconds: number) {
|
|
|
|
return function () {
|
|
|
|
describe('Authelia regulates authentications when a hacker is brute forcing', function() {
|
|
|
|
this.timeout(30000);
|
|
|
|
beforeEach(async function() {
|
|
|
|
this.driver = await StartDriver();
|
|
|
|
});
|
|
|
|
|
|
|
|
afterEach(async function() {
|
|
|
|
await StopDriver(this.driver);
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should return an error message when providing correct credentials the 4th time.", async function() {
|
|
|
|
await LoginAs(this.driver, "james", "bad-password");
|
|
|
|
await VerifyNotificationDisplayed(this.driver, "Authentication failed. Check your credentials.");
|
|
|
|
await ClearFieldById(this.driver, "username");
|
|
|
|
|
|
|
|
await LoginAs(this.driver, "james", "bad-password");
|
|
|
|
await VerifyNotificationDisplayed(this.driver, "Authentication failed. Check your credentials.");
|
|
|
|
await ClearFieldById(this.driver, "username");
|
|
|
|
|
|
|
|
await LoginAs(this.driver, "james", "bad-password");
|
|
|
|
await VerifyNotificationDisplayed(this.driver, "Authentication failed. Check your credentials.");
|
|
|
|
await ClearFieldById(this.driver, "username");
|
|
|
|
|
|
|
|
// when providing good credentials, the hacker is regulated and see same message as previously.
|
|
|
|
await LoginAs(this.driver, "james", "bad-password");
|
2019-11-02 14:32:58 +00:00
|
|
|
await VerifyNotificationDisplayed(this.driver, "Please retry in a few minutes.");
|
2019-04-24 21:52:08 +00:00
|
|
|
await ClearFieldById(this.driver, "username");
|
|
|
|
|
|
|
|
// Wait the regulation ban time before retrying with correct credentials.
|
|
|
|
// It should authenticate normally.
|
|
|
|
await this.driver.sleep(regulationMilliseconds);
|
|
|
|
await LoginAs(this.driver, "james", "password");
|
|
|
|
await VerifyIsSecondFactorStage(this.driver);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|