Commit 02642444 authored by Niranjan Bandi's avatar Niranjan Bandi Committed by Robert Lyon

Bug 1460911: Behat tests for login attempts, forgot passwords & suckypaswords

Change-Id: I493f44609844dd889f3f2d947e92099fb6b15aec
parent c9b18022
@javascript @core @core_account
@javascript @core @core_account @core_login
Feature: Limit password attempts to 5 tries
In order to make sure you can't make more than 5 bad password attempts at a time
As an admin/user
So I can prevent dictionary attacks on my passwords
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| userA | Kupuhipa1 | test01@example.com | Pete | Mc | mahara | internal | member |
And I am on homepage
And I follow "Lost username / password"
Scenario: Too many bad password attempts
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| userA | Kupuhipa1 | test01@example.com | Pete | Mc | mahara | internal | member |
# I should not see any error message on the first 5 attempts
When I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
Then I should not see "You have exceeded the maximum login attempts."
And I should see "Login"
# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
When I log in as "userA" with password "Kupuhipa1"
Then I should see "You have exceeded the maximum login attempts."
And I should see "Login"
# The cron should reset the limit, allowing me to log in again
When I trigger the cron
And I log in as "userA" with password "Kupuhipa1"
# I'm logged in!
Then I should see "Dashboard"
# I should not see any error message on the first 5 attempts
When I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
Then I should not see "You have exceeded the maximum login attempts."
And I should see "Login"
# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
When I log in as "userA" with password "Kupuhipa1"
Then I should see "You have exceeded the maximum login attempts."
And I should see "Login"
# The cron should reset the limit, allowing me to log in again
When I trigger the cron
And I log in as "userA" with password "Kupuhipa1"
# I'm logged in!
Then I should see "Dashboard"
And I log out
And I am on homepage
And I follow "Lost username / password"
Scenario: Asking for a username reminder (Bug 1460911)
When I fill in "Email address or username" with "test01@example.com"
And I press "Send request"
Then I should see "You should receive an email shortly with a link you can use to change the password for your account."
Scenario: Asking for a password reset (Bug 1460911)
When I fill in "Email address or username" with "userA"
And I press "Send request"
Then I should see "You should receive an email shortly with a link you can use to change the password for your account."
Scenario: Trying a username or password that doesn't exist (Bug 1460911)
When I fill in "Email address or username" with "nosuchuser"
And I press "Send request"
Then I should see "The email address or username you entered does not match any users for this site"
Scenario: Student can't change password to anything on suckypasswords list (Bug #844457)
Given I log in as "userA" with password "Kupuhipa1"
And I choose "Settings" from user menu
And I fill in "Current password" with "Kupuhipa1"
And I fill in "New password" with "abc123"
And I fill in "Confirm password" with "abc123"
And I press "Save"
And I should see "Your password is too easy"
And I fill in "Current password" with "Kupuhipa1"
And I fill in "New password" with "dragon"
And I fill in "Confirm password" with "dragon"
And I press "Save"
Then I should see "Your password is too easy"
And I log out
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment