Commit 7d321848 authored by Aaron Wells's avatar Aaron Wells Committed by Jinelle Foley-Barnes
Browse files

Behat test for limit login attempts (Bug 1465928)

Change-Id: Ic0ec62e93967d47e318d216ecd8af454345db29f
parent 0dee5e35
@javascript @core @core_account
Feature: Limit password attempts to 5 tries
In order to make sure you can't make more than 5 bad password attempts at a time
As an admin/user
So I can prevent dictionary attacks on my passwords
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| userA | Password1 | test01@example.com | Pete | Mc | mahara | internal | member |
Scenario: Too many bad password attempts
# I should not see any error message on the first 5 attempts
When I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
Then I should not see "You have exceeded the maximum login attempts."
And I should see "Login"
# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
When I log in as "userA" with password "Password1"
Then I should see "You have exceeded the maximum login attempts."
And I should see "Login"
# The cron should reset the limit, allowing me to log in again
When I trigger cron
And I log in as "userA" with password "Password1"
# I'm logged in!
Then I should see "Dashboard"
@javascript @core @core_account
Feature: Limit password attempts to 5 tries
In order to make sure you can't make more than 5 bad password attempts at a time
As an admin/user
So I can prevent dictionary attacks on my passwords
Scenario: Too many bad password attempts
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| userA | Password1 | test01@example.com | Pete | Mc | mahara | internal | member |
# I should not see any error message on the first 5 attempts
When I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
And I log in as "userA" with password "wrongpassword"
Then I should not see "You have exceeded the maximum login attempts."
And I should see "Login"
# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
When I log in as "userA" with password "Password1"
Then I should see "You have exceeded the maximum login attempts."
And I should see "Login"
# The cron should reset the limit, allowing me to log in again
When I trigger cron
And I log in as "userA" with password "Password1"
# I'm logged in!
Then I should see "Dashboard"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment