Gabriel Radureau
de2e03519e
✨ feat: add feature-based test organization per ADR 0024 🐛 fix: resolve compilation errors in suite_feature.go 📝 docs: add comprehensive BDD framework documentation ♻️ refactor: split monolithic tests into modular features 🧪 test: implement synchronization helpers and context management ⚡ perf: add parallel test execution capability 🔧 chore: add feature-specific test scripts and validation 📚 docs: move BDD_TAGS.md to features/ for better organization Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
54 lines
2.9 KiB
Gherkin
54 lines
2.9 KiB
Gherkin
# features/jwt_secret_rotation.feature
|
|
Feature: JWT Secret Rotation
|
|
As a system administrator
|
|
I want to rotate JWT secrets without disrupting users
|
|
So that we can maintain security while ensuring continuous service
|
|
|
|
Scenario: Authentication with multiple valid JWT secrets
|
|
Given the server is running with multiple JWT secrets
|
|
And a user "multiuser" exists with password "testpass123"
|
|
When I authenticate with username "multiuser" and password "testpass123"
|
|
Then the authentication should be successful
|
|
And I should receive a valid JWT token signed with the primary secret
|
|
|
|
Scenario: Token validation with multiple valid secrets
|
|
Given the server is running with multiple JWT secrets
|
|
And a user "tokenuser" exists with password "testpass123"
|
|
When I authenticate with username "tokenuser" and password "testpass123"
|
|
Then the authentication should be successful
|
|
And I should receive a valid JWT token
|
|
When I validate a JWT token signed with the secondary secret
|
|
Then the token should be valid
|
|
And it should contain the correct user ID
|
|
|
|
Scenario: Secret rotation - adding new secret while keeping old one valid
|
|
Given the server is running with primary JWT secret
|
|
And a user "rotateuser" exists with password "testpass123"
|
|
When I authenticate with username "rotateuser" and password "testpass123"
|
|
Then the authentication should be successful
|
|
And I should receive a valid JWT token signed with the primary secret
|
|
When I add a new secondary JWT secret to the server
|
|
And I authenticate with username "rotateuser" and password "testpass123" again
|
|
Then the authentication should be successful
|
|
And I should receive a valid JWT token signed with the new secondary secret
|
|
When I validate the old JWT token signed with primary secret
|
|
Then the token should still be valid
|
|
|
|
Scenario: Token rejection after secret expiration
|
|
Given the server is running with primary and expired secondary JWT secrets
|
|
When I use a JWT token signed with the expired secondary secret for authentication
|
|
Then the authentication should fail
|
|
And the response should contain error "invalid_token"
|
|
|
|
Scenario: Graceful secret rotation with user continuity
|
|
Given the server is running with primary JWT secret
|
|
And a user "gracefuluser" exists with password "testpass123"
|
|
When I authenticate with username "gracefuluser" and password "testpass123"
|
|
Then the authentication should be successful
|
|
And I should receive a valid JWT token signed with the primary secret
|
|
When I add a new secondary JWT secret and rotate to it
|
|
And I use the old JWT token signed with primary secret
|
|
Then the token should still be valid during retention period
|
|
When I authenticate with username "gracefuluser" and password "testpass123" after rotation
|
|
Then the authentication should be successful
|
|
And I should receive a valid JWT token signed with the new secondary secret |