arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
e9fd453a880bbe1910dba36ff3a9a77a03cf4560
dance-lessons-coach/features/jwt/jwt_secret_rotation.feature
Gabriel Radureau a75f87777b 🧪 test: add BDD exclusion tags and mark JWT scenarios as todo 
- Add @flaky, @todo, @skip tags to BDD_TAGS.md
- Modify all feature test suites to exclude these tags
- Update test scripts to exclude tagged scenarios
- Mark all JWT scenarios with pending steps as @todo

Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
2026-04-10 09:09:34 +02:00

59 lines
2.9 KiB
Gherkin
Raw Blame History

# features/jwt_secret_rotation.feature
Feature: JWT Secret Rotation
As a system administrator
I want to rotate JWT secrets without disrupting users
So that we can maintain security while ensuring continuous service
@todo
Scenario: Authentication with multiple valid JWT secrets
Given the server is running with multiple JWT secrets
And a user "multiuser" exists with password "testpass123"
When I authenticate with username "multiuser" and password "testpass123"
Then the authentication should be successful
And I should receive a valid JWT token signed with the primary secret
@todo
Scenario: Token validation with multiple valid secrets
Given the server is running with multiple JWT secrets
And a user "tokenuser" exists with password "testpass123"
When I authenticate with username "tokenuser" and password "testpass123"
Then the authentication should be successful
And I should receive a valid JWT token
When I validate a JWT token signed with the secondary secret
Then the token should be valid
And it should contain the correct user ID
@todo
Scenario: Secret rotation - adding new secret while keeping old one valid
Given the server is running with primary JWT secret
And a user "rotateuser" exists with password "testpass123"
When I authenticate with username "rotateuser" and password "testpass123"
Then the authentication should be successful
And I should receive a valid JWT token signed with the primary secret
When I add a new secondary JWT secret to the server
And I authenticate with username "rotateuser" and password "testpass123" again
Then the authentication should be successful
And I should receive a valid JWT token signed with the new secondary secret
When I validate the old JWT token signed with primary secret
Then the token should still be valid
@todo
Scenario: Token rejection after secret expiration
Given the server is running with primary and expired secondary JWT secrets
When I use a JWT token signed with the expired secondary secret for authentication
Then the authentication should fail
And the response should contain error "invalid_token"
@todo
Scenario: Graceful secret rotation with user continuity
Given the server is running with primary JWT secret
And a user "gracefuluser" exists with password "testpass123"
When I authenticate with username "gracefuluser" and password "testpass123"
Then the authentication should be successful
And I should receive a valid JWT token signed with the primary secret
When I add a new secondary JWT secret and rotate to it
And I use the old JWT token signed with primary secret
Then the token should still be valid during retention period
When I authenticate with username "gracefuluser" and password "testpass123" after rotation
Then the authentication should be successful
And I should receive a valid JWT token signed with the new secondary secret
Reference in New Issue View Git Blame Copy Permalink