Behat test for limit login attempts (Bug 1465928)

Change-Id: Ic0ec62e93967d47e318d216ecd8af454345db29f

Behat test for limit login attempts (Bug 1465928)
Change-Id: Ic0ec62e93967d47e318d216ecd8af454345db29f
7d321848 · Aaron Wells · Jinelle Foley-Barnes · 0dee5e35 · 7d321848 · 7d321848
Commit 7d321848 authored Jun 17, 2015 by Aaron Wells Committed by Jinelle Foley-Barnes Jun 20, 2015
Showing with 59 additions and 0 deletions

test/behat/features/account/login_attempts.feature test/behat/features/account/login_attempts.feature +29 -0

test/behat/features/account/loginattempts.feature test/behat/features/account/loginattempts.feature +30 -0

No files found.
--- a/test/behat/features/account/login_attempts.feature
+++ b/test/behat/features/account/login_attempts.feature
+@javascript @core @core_account
+Feature: Limit password attempts to 5 tries
+In order to make sure you can't make more than 5 bad password attempts at a time
+As an admin/user
+So I can prevent dictionary attacks on my passwords
+
+Background:
+Given the following "users" exist:
+     | username | password | email | firstname | lastname | institution | authname | role |
+     | userA | Password1 | test01@example.com | Pete | Mc | mahara | internal | member |
+
+Scenario: Too many bad password attempts
+# I should not see any error message on the first 5 attempts
+When I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+Then I should not see "You have exceeded the maximum login attempts."
+And I should see "Login"
+# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
+When I log in as "userA" with password "Password1"
+Then I should see "You have exceeded the maximum login attempts."
+And I should see "Login"
+# The cron should reset the limit, allowing me to log in again
+When I trigger cron
+And I log in as "userA" with password "Password1"
+# I'm logged in!
+Then I should see "Dashboard"
--- a/test/behat/features/account/loginattempts.feature
+++ b/test/behat/features/account/loginattempts.feature
+@javascript @core @core_account
+Feature: Limit password attempts to 5 tries
+In order to make sure you can't make more than 5 bad password attempts at a time
+As an admin/user
+So I can prevent dictionary attacks on my passwords
+
+Scenario: Too many bad password attempts
+Given the following "users" exist:
+     | username | password | email | firstname | lastname | institution | authname | role |
+     | userA | Password1 | test01@example.com | Pete | Mc | mahara | internal | member |
+
+# I should not see any error message on the first 5 attempts
+When I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+And I log in as "userA" with password "wrongpassword"
+Then I should not see "You have exceeded the maximum login attempts."
+And I should see "Login"
+
+# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
+When I log in as "userA" with password "Password1"
+Then I should see "You have exceeded the maximum login attempts."
+And I should see "Login"
+
+# The cron should reset the limit, allowing me to log in again
+When I trigger cron
+And I log in as "userA" with password "Password1"
+# I'm logged in!
+Then I should see "Dashboard"