# features/user_authentication.feature Feature: User Authentication As a user I want to authenticate with the system So I can access personalized features Scenario: Successful user authentication Given the server is running And a user "testuser" exists with password "testpass123" When I authenticate with username "testuser" and password "testpass123" Then the authentication should be successful And I should receive a valid JWT token Scenario: Failed authentication with wrong password Given the server is running And a user "testuser" exists with password "testpass123" When I authenticate with username "testuser" and password "wrongpassword" Then the authentication should fail And the response should contain error "invalid_credentials" Scenario: Failed authentication with non-existent user Given the server is running When I authenticate with username "nonexistent" and password "somepassword" Then the authentication should fail And the response should contain error "invalid_credentials" Scenario: Admin authentication with master password Given the server is running When I authenticate as admin with master password "admin123" Then the authentication should be successful And I should receive a valid JWT token And the token should contain admin claims Scenario: User registration Given the server is running When I register a new user "newuser_" with password "newpass123" Then the registration should be successful And I should be able to authenticate with the new credentials Scenario: Password reset request by admin Given the server is running And a user "resetuser" exists with password "oldpass123" And I am authenticated as admin When I request password reset for user "resetuser" Then the password reset should be allowed And the user should be flagged for password reset Scenario: User completes password reset Given the server is running And a user "resetuser" exists and is flagged for password reset When I complete password reset for "resetuser" with new password "newpass123" Then the password reset should be successful And I should be able to authenticate with the new password Scenario: Failed password reset for non-existent user Given the server is running When I request password reset for user "nonexistent" Then the password reset should fail And the response should contain error "server_error" Scenario: Failed password reset completion for non-existent user Given the server is running When I complete password reset for "nonexistent" with new password "newpass123" Then the password reset should fail And the response should contain error "server_error" Scenario: Failed password reset completion for user not flagged Given the server is running And a user "normaluser" exists with password "oldpass123" When I complete password reset for "normaluser" with new password "newpass123" Then the password reset should fail And the response should contain error "server_error" Scenario: Failed registration with existing username Given the server is running And a user "existinguser" exists with password "testpass123" When I register a new user "existinguser" with password "newpass123" Then the registration should fail And the response should contain error "user_exists" And the status code should be 409 Scenario: Failed registration with invalid username Given the server is running When I register a new user "ab" with password "validpass123" Then the registration should fail And the status code should be 400 Scenario: Failed registration with invalid password Given the server is running When I register a new user "validuser" with password "short" Then the registration should fail And the status code should be 400 Scenario: Failed authentication with empty username Given the server is running When I authenticate with username "" and password "somepassword" Then the authentication should fail with validation error And the status code should be 400 Scenario: Failed authentication with empty password Given the server is running When I authenticate with username "someuser" and password "" Then the authentication should fail with validation error And the status code should be 400 Scenario: Failed admin authentication with wrong password Given the server is running When I authenticate as admin with master password "wrongadmin" Then the authentication should fail And the response should contain error "invalid_credentials" Scenario: Multiple consecutive authentications Given the server is running And a user "multiuser" exists with password "testpass123" When I authenticate with username "multiuser" and password "testpass123" Then the authentication should be successful And I should receive a valid JWT token When I authenticate with username "multiuser" and password "testpass123" again Then the authentication should be successful And I should receive a different JWT token Scenario: JWT token validation Given the server is running And a user "tokenuser" exists with password "testpass123" When I authenticate with username "tokenuser" and password "testpass123" Then the authentication should be successful And I should receive a valid JWT token When I validate the received JWT token Then the token should be valid And it should contain the correct user ID Scenario: Authentication with expired JWT token Given the server is running And a user "expireduser" exists with password "testpass123" When I authenticate with username "expireduser" and password "testpass123" Then the authentication should be successful And I should receive a valid JWT token When I use an expired JWT token for authentication Then the authentication should fail And the response should contain error "invalid_token" Scenario: Authentication with JWT token signed with wrong secret Given the server is running When I use a JWT token signed with wrong secret for authentication Then the authentication should fail And the response should contain error "invalid_token" Scenario: Authentication with malformed JWT token Given the server is running When I use a malformed JWT token for authentication Then the authentication should fail And the response should contain error "invalid_token"