authelia/test/features/restrictions.feature

Feature: Non authenticated users have no access to certain pages

  Scenario: Anonymous user has no access to protected pages
    Then I get the following status code when requesting:
      | url                                                            | code | method |
      | https://login.example.com:8080/secondfactor                      | 401  | GET    |
      | https://login.example.com:8080/secondfactor/u2f/identity/start   | 401  | GET    |
      | https://login.example.com:8080/secondfactor/u2f/identity/finish  | 401  | GET    |
      | https://login.example.com:8080/secondfactor/totp/identity/start  | 401  | GET    |
      | https://login.example.com:8080/secondfactor/totp/identity/finish | 401  | GET    |
      | https://login.example.com:8080/loggedin                          | 401  | GET    |
      | https://login.example.com:8080/api/totp                          | 401  | POST   |
      | https://login.example.com:8080/api/u2f/sign_request              | 401  | GET    |
      | https://login.example.com:8080/api/u2f/sign                      | 401  | POST   |
      | https://login.example.com:8080/api/u2f/register_request          | 401  | GET    |
      | https://login.example.com:8080/api/u2f/register                  | 401  | POST   |


  @needs-single_factor-config
  @need-registered-user-john
  Scenario: User does not have acces to second factor related endpoints when in single factor mode
    Given I post "https://login.example.com:8080/api/firstfactor" with body:
      | key         | value     |
      | username    | john      |
      | password    | password  |
    Then I get the following status code when requesting:
      | url                                                            | code | method |
      | https://login.example.com:8080/secondfactor                      | 401  | GET    |
      | https://login.example.com:8080/secondfactor/u2f/identity/start   | 401  | GET    |
      | https://login.example.com:8080/secondfactor/u2f/identity/finish  | 401  | GET    |
      | https://login.example.com:8080/secondfactor/totp/identity/start  | 401  | GET    |
      | https://login.example.com:8080/secondfactor/totp/identity/finish | 401  | GET    |
      | https://login.example.com:8080/api/totp                          | 401  | POST   |
      | https://login.example.com:8080/api/u2f/sign_request              | 401  | GET    |
      | https://login.example.com:8080/api/u2f/sign                      | 401  | POST   |
      | https://login.example.com:8080/api/u2f/register_request          | 401  | GET    |
      | https://login.example.com:8080/api/u2f/register                  | 401  | POST   |