🧪 test: add comprehensive BDD test suite for user authentication

Added BDD test scenarios covering: - User registration with validation - Successful and failed authentication - Admin authentication with master password - JWT token generation and validation - Password reset workflow - Edge cases and error handling BDD Features: - 20+ authentication scenarios - JWT validation edge cases - Password reset security scenarios - Input validation tests - Error response verification BDD Infrastructure: - Step definitions for authentication workflows - Test server with user management endpoints - JWT parsing and validation utilities - Common step patterns for reuse Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
2026-04-09 00:25:48 +02:00
parent 52a4ce4139
commit a17eebc8f2
11 changed files with 1171 additions and 106 deletions
--- a/features/user_authentication.feature
+++ b/features/user_authentication.feature
@@ -0,0 +1,152 @@
+# features/user_authentication.feature
+Feature: User Authentication
+  As a user
+  I want to authenticate with the system
+  So I can access personalized features
+
+  Scenario: Successful user authentication
+    Given the server is running
+    And a user "testuser" exists with password "testpass123"
+    When I authenticate with username "testuser" and password "testpass123"
+    Then the authentication should be successful
+    And I should receive a valid JWT token
+
+  Scenario: Failed authentication with wrong password
+    Given the server is running
+    And a user "testuser" exists with password "testpass123"
+    When I authenticate with username "testuser" and password "wrongpassword"
+    Then the authentication should fail
+    And the response should contain error "invalid_credentials"
+
+  Scenario: Failed authentication with non-existent user
+    Given the server is running
+    When I authenticate with username "nonexistent" and password "somepassword"
+    Then the authentication should fail
+    And the response should contain error "invalid_credentials"
+
+  Scenario: Admin authentication with master password
+    Given the server is running
+    When I authenticate as admin with master password "admin123"
+    Then the authentication should be successful
+    And I should receive a valid JWT token
+    And the token should contain admin claims
+
+  Scenario: User registration
+    Given the server is running
+    When I register a new user "newuser_" with password "newpass123"
+    Then the registration should be successful
+    And I should be able to authenticate with the new credentials
+
+  Scenario: Password reset request by admin
+    Given the server is running
+    And a user "resetuser" exists with password "oldpass123"
+    And I am authenticated as admin
+    When I request password reset for user "resetuser"
+    Then the password reset should be allowed
+    And the user should be flagged for password reset
+
+  Scenario: User completes password reset
+    Given the server is running
+    And a user "resetuser" exists and is flagged for password reset
+    When I complete password reset for "resetuser" with new password "newpass123"
+    Then the password reset should be successful
+    And I should be able to authenticate with the new password
+
+  Scenario: Failed password reset for non-existent user
+    Given the server is running
+    When I request password reset for user "nonexistent"
+    Then the password reset should fail
+    And the response should contain error "server_error"
+
+  Scenario: Failed password reset completion for non-existent user
+    Given the server is running
+    When I complete password reset for "nonexistent" with new password "newpass123"
+    Then the password reset should fail
+    And the response should contain error "server_error"
+
+  Scenario: Failed password reset completion for user not flagged
+    Given the server is running
+    And a user "normaluser" exists with password "oldpass123"
+    When I complete password reset for "normaluser" with new password "newpass123"
+    Then the password reset should fail
+    And the response should contain error "server_error"
+
+  Scenario: Failed registration with existing username
+    Given the server is running
+    And a user "existinguser" exists with password "testpass123"
+    When I register a new user "existinguser" with password "newpass123"
+    Then the registration should fail
+    And the response should contain error "user_exists"
+    And the status code should be 409
+
+  Scenario: Failed registration with invalid username
+    Given the server is running
+    When I register a new user "ab" with password "validpass123"
+    Then the registration should fail
+    And the status code should be 400
+
+  Scenario: Failed registration with invalid password
+    Given the server is running
+    When I register a new user "validuser" with password "short"
+    Then the registration should fail
+    And the status code should be 400
+
+  Scenario: Failed authentication with empty username
+    Given the server is running
+    When I authenticate with username "" and password "somepassword"
+    Then the authentication should fail with validation error
+    And the status code should be 400
+
+  Scenario: Failed authentication with empty password
+    Given the server is running
+    When I authenticate with username "someuser" and password ""
+    Then the authentication should fail with validation error
+    And the status code should be 400
+
+  Scenario: Failed admin authentication with wrong password
+    Given the server is running
+    When I authenticate as admin with master password "wrongadmin"
+    Then the authentication should fail
+    And the response should contain error "invalid_credentials"
+
+  Scenario: Multiple consecutive authentications
+    Given the server is running
+    And a user "multiuser" exists with password "testpass123"
+    When I authenticate with username "multiuser" and password "testpass123"
+    Then the authentication should be successful
+    And I should receive a valid JWT token
+    When I authenticate with username "multiuser" and password "testpass123" again
+    Then the authentication should be successful
+    And I should receive a different JWT token
+
+  Scenario: JWT token validation
+    Given the server is running
+    And a user "tokenuser" exists with password "testpass123"
+    When I authenticate with username "tokenuser" and password "testpass123"
+    Then the authentication should be successful
+    And I should receive a valid JWT token
+    When I validate the received JWT token
+    Then the token should be valid
+    And it should contain the correct user ID
+
+  Scenario: Authentication with expired JWT token
+    Given the server is running
+    And a user "expireduser" exists with password "testpass123"
+    When I authenticate with username "expireduser" and password "testpass123"
+    Then the authentication should be successful
+    And I should receive a valid JWT token
+    When I use an expired JWT token for authentication
+    Then the authentication should fail
+    And the response should contain error "invalid_token"
+
+  Scenario: Authentication with JWT token signed with wrong secret
+    Given the server is running
+    When I use a JWT token signed with wrong secret for authentication
+    Then the authentication should fail
+    And the response should contain error "invalid_token"
+
+  Scenario: Authentication with malformed JWT token
+    Given the server is running
+    When I use a malformed JWT token for authentication
+    Then the authentication should fail
+    And the response should contain error "invalid_token"