🧪 test: add JWT secret rotation BDD scenarios and step implementations (#12)
✨ merge: implement JWT secret rotation with BDD scenario isolation - Implement JWT secret rotation mechanism (closes #8) - Add per-scenario state isolation for BDD tests (closes #14) - Validate password reset workflow via BDD tests (closes #7) - Fix port conflicts in test validation - Add state tracer for debugging test execution - Document BDD isolation strategies in ADR 0025 - Fix PostgreSQL configuration environment variables Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai> Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>
This commit was merged in pull request #12.
This commit is contained in:
152
features/auth/user_authentication.feature
Normal file
152
features/auth/user_authentication.feature
Normal file
@@ -0,0 +1,152 @@
|
||||
# features/user_authentication.feature
|
||||
Feature: User Authentication
|
||||
As a user
|
||||
I want to authenticate with the system
|
||||
So I can access personalized features
|
||||
|
||||
Scenario: Successful user authentication
|
||||
Given the server is running
|
||||
And a user "testuser" exists with password "testpass123"
|
||||
When I authenticate with username "testuser" and password "testpass123"
|
||||
Then the authentication should be successful
|
||||
And I should receive a valid JWT token
|
||||
|
||||
Scenario: Failed authentication with wrong password
|
||||
Given the server is running
|
||||
And a user "testuser" exists with password "testpass123"
|
||||
When I authenticate with username "testuser" and password "wrongpassword"
|
||||
Then the authentication should fail
|
||||
And the response should contain error "invalid_credentials"
|
||||
|
||||
Scenario: Failed authentication with non-existent user
|
||||
Given the server is running
|
||||
When I authenticate with username "nonexistent" and password "somepassword"
|
||||
Then the authentication should fail
|
||||
And the response should contain error "invalid_credentials"
|
||||
|
||||
Scenario: Admin authentication with master password
|
||||
Given the server is running
|
||||
When I authenticate as admin with master password "admin123"
|
||||
Then the authentication should be successful
|
||||
And I should receive a valid JWT token
|
||||
And the token should contain admin claims
|
||||
|
||||
Scenario: User registration
|
||||
Given the server is running
|
||||
When I register a new user "newuser_" with password "newpass123"
|
||||
Then the registration should be successful
|
||||
And I should be able to authenticate with the new credentials
|
||||
|
||||
Scenario: Password reset request by admin
|
||||
Given the server is running
|
||||
And a user "resetuser" exists with password "oldpass123"
|
||||
And I am authenticated as admin
|
||||
When I request password reset for user "resetuser"
|
||||
Then the password reset should be allowed
|
||||
And the user should be flagged for password reset
|
||||
|
||||
Scenario: User completes password reset
|
||||
Given the server is running
|
||||
And a user "resetuser" exists and is flagged for password reset
|
||||
When I complete password reset for "resetuser" with new password "newpass123"
|
||||
Then the password reset should be successful
|
||||
And I should be able to authenticate with the new password
|
||||
|
||||
Scenario: Failed password reset for non-existent user
|
||||
Given the server is running
|
||||
When I request password reset for user "nonexistent"
|
||||
Then the password reset should fail
|
||||
And the response should contain error "server_error"
|
||||
|
||||
Scenario: Failed password reset completion for non-existent user
|
||||
Given the server is running
|
||||
When I complete password reset for "nonexistent" with new password "newpass123"
|
||||
Then the password reset should fail
|
||||
And the response should contain error "server_error"
|
||||
|
||||
Scenario: Failed password reset completion for user not flagged
|
||||
Given the server is running
|
||||
And a user "normaluser" exists with password "oldpass123"
|
||||
When I complete password reset for "normaluser" with new password "newpass123"
|
||||
Then the password reset should fail
|
||||
And the response should contain error "server_error"
|
||||
|
||||
Scenario: Failed registration with existing username
|
||||
Given the server is running
|
||||
And a user "existinguser" exists with password "testpass123"
|
||||
When I register a new user "existinguser" with password "newpass123"
|
||||
Then the registration should fail
|
||||
And the response should contain error "user_exists"
|
||||
And the status code should be 409
|
||||
|
||||
Scenario: Failed registration with invalid username
|
||||
Given the server is running
|
||||
When I register a new user "ab" with password "validpass123"
|
||||
Then the registration should fail
|
||||
And the status code should be 400
|
||||
|
||||
Scenario: Failed registration with invalid password
|
||||
Given the server is running
|
||||
When I register a new user "validuser" with password "short"
|
||||
Then the registration should fail
|
||||
And the status code should be 400
|
||||
|
||||
Scenario: Failed authentication with empty username
|
||||
Given the server is running
|
||||
When I authenticate with username "" and password "somepassword"
|
||||
Then the authentication should fail with validation error
|
||||
And the status code should be 400
|
||||
|
||||
Scenario: Failed authentication with empty password
|
||||
Given the server is running
|
||||
When I authenticate with username "someuser" and password ""
|
||||
Then the authentication should fail with validation error
|
||||
And the status code should be 400
|
||||
|
||||
Scenario: Failed admin authentication with wrong password
|
||||
Given the server is running
|
||||
When I authenticate as admin with master password "wrongadmin"
|
||||
Then the authentication should fail
|
||||
And the response should contain error "invalid_credentials"
|
||||
|
||||
Scenario: Multiple consecutive authentications
|
||||
Given the server is running
|
||||
And a user "multiuser" exists with password "testpass123"
|
||||
When I authenticate with username "multiuser" and password "testpass123"
|
||||
Then the authentication should be successful
|
||||
And I should receive a valid JWT token
|
||||
When I authenticate with username "multiuser" and password "testpass123" again
|
||||
Then the authentication should be successful
|
||||
And I should receive a different JWT token
|
||||
|
||||
Scenario: JWT token validation
|
||||
Given the server is running
|
||||
And a user "tokenuser" exists with password "testpass123"
|
||||
When I authenticate with username "tokenuser" and password "testpass123"
|
||||
Then the authentication should be successful
|
||||
And I should receive a valid JWT token
|
||||
When I validate the received JWT token
|
||||
Then the token should be valid
|
||||
And it should contain the correct user ID
|
||||
|
||||
Scenario: Authentication with expired JWT token
|
||||
Given the server is running
|
||||
And a user "expireduser" exists with password "testpass123"
|
||||
When I authenticate with username "expireduser" and password "testpass123"
|
||||
Then the authentication should be successful
|
||||
And I should receive a valid JWT token
|
||||
When I use an expired JWT token for authentication
|
||||
Then the authentication should fail
|
||||
And the response should contain error "invalid_token"
|
||||
|
||||
Scenario: Authentication with JWT token signed with wrong secret
|
||||
Given the server is running
|
||||
When I use a JWT token signed with wrong secret for authentication
|
||||
Then the authentication should fail
|
||||
And the response should contain error "invalid_token"
|
||||
|
||||
Scenario: Authentication with malformed JWT token
|
||||
Given the server is running
|
||||
When I use a malformed JWT token for authentication
|
||||
Then the authentication should fail
|
||||
And the response should contain error "invalid_token"
|
||||
Reference in New Issue
Block a user