# features/user_authentication.feature
Feature: User Authentication
  As a user
  I want to authenticate with the system
  So I can access personalized features

  Scenario: Successful user authentication
    Given the server is running
    And a user "testuser" exists with password "testpass123"
    When I authenticate with username "testuser" and password "testpass123"
    Then the authentication should be successful
    And I should receive a valid JWT token

  Scenario: Failed authentication with wrong password
    Given the server is running
    And a user "testuser" exists with password "testpass123"
    When I authenticate with username "testuser" and password "wrongpassword"
    Then the authentication should fail
    And the response should contain error "invalid_credentials"

  Scenario: Failed authentication with non-existent user
    Given the server is running
    When I authenticate with username "nonexistent" and password "somepassword"
    Then the authentication should fail
    And the response should contain error "invalid_credentials"

  Scenario: Admin authentication with master password
    Given the server is running
    When I authenticate as admin with master password "admin123"
    Then the authentication should be successful
    And I should receive a valid JWT token
    And the token should contain admin claims

  Scenario: User registration
    Given the server is running
    When I register a new user "newuser_" with password "newpass123"
    Then the registration should be successful
    And I should be able to authenticate with the new credentials

  Scenario: Password reset request by admin
    Given the server is running
    And a user "resetuser" exists with password "oldpass123"
    And I am authenticated as admin
    When I request password reset for user "resetuser"
    Then the password reset should be allowed
    And the user should be flagged for password reset

  Scenario: User completes password reset
    Given the server is running
    And a user "resetuser" exists and is flagged for password reset
    When I complete password reset for "resetuser" with new password "newpass123"
    Then the password reset should be successful
    And I should be able to authenticate with the new password