arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

🧪 test: add BDD exclusion tags and mark JWT scenarios as todo

Browse Source 
- Add @flaky, @todo, @skip tags to BDD_TAGS.md
- Modify all feature test suites to exclude these tags
- Update test scripts to exclude tagged scenarios
- Mark all JWT scenarios with pending steps as @todo

Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
This commit is contained in:
Gabriel Radureau
2026-04-10 09:09:34 +02:00
parent 520da07bfe
commit a75f87777b
11 changed files with 51 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
features/jwt/jwt_secret_rotation.feature
View File

@@ -4,6 +4,7 @@ Feature: JWT Secret Rotation
I want to rotate JWT secrets without disrupting users
So that we can maintain security while ensuring continuous service
@todo
Scenario: Authentication with multiple valid JWT secrets
Given the server is running with multiple JWT secrets
And a user "multiuser" exists with password "testpass123"
@@ -11,6 +12,7 @@ Feature: JWT Secret Rotation
Then the authentication should be successful
And I should receive a valid JWT token signed with the primary secret
@todo
Scenario: Token validation with multiple valid secrets
Given the server is running with multiple JWT secrets
And a user "tokenuser" exists with password "testpass123"
@@ -21,6 +23,7 @@ Feature: JWT Secret Rotation
Then the token should be valid
And it should contain the correct user ID
@todo
Scenario: Secret rotation - adding new secret while keeping old one valid
Given the server is running with primary JWT secret
And a user "rotateuser" exists with password "testpass123"
@@ -34,12 +37,14 @@ Feature: JWT Secret Rotation
When I validate the old JWT token signed with primary secret
Then the token should still be valid
@todo
Scenario: Token rejection after secret expiration
Given the server is running with primary and expired secondary JWT secrets
When I use a JWT token signed with the expired secondary secret for authentication
Then the authentication should fail
And the response should contain error "invalid_token"
@todo
Scenario: Graceful secret rotation with user continuity
Given the server is running with primary JWT secret
And a user "gracefuluser" exists with password "testpass123"