Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
7d321848
Commit
7d321848
authored
Jun 17, 2015
by
Aaron Wells
Committed by
Jinelle Foley-Barnes
Jun 20, 2015
Browse files
Behat test for limit login attempts (Bug 1465928)
Change-Id: Ic0ec62e93967d47e318d216ecd8af454345db29f
parent
0dee5e35
Changes
2
Hide whitespace changes
Inline
Side-by-side
test/behat/features/account/login_attempts.feature
0 → 100644
View file @
7d321848
@javascript
@core
@core_account
Feature
:
Limit password attempts to 5 tries
In order to make sure you can't make more than 5 bad password attempts at a time
As an admin/user
So I can prevent dictionary attacks on my passwords
Background
:
Given the following "users" exist
:
|
username
|
password
|
email
|
firstname
|
lastname
|
institution
|
authname
|
role
|
|
userA
|
Password1
|
test01@example.com
|
Pete
|
Mc
|
mahara
|
internal
|
member
|
Scenario
:
Too many bad password attempts
# I should not see any error message on the first 5 attempts
When
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
Then
I should not see
"You have exceeded the maximum login attempts."
And
I should see
"Login"
# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
When
I log in as
"userA"
with password
"Password1"
Then
I should see
"You have exceeded the maximum login attempts."
And
I should see
"Login"
# The cron should reset the limit, allowing me to log in again
When
I trigger cron
And
I log in as
"userA"
with password
"Password1"
# I'm logged in!
Then
I should see
"Dashboard"
test/behat/features/account/loginattempts.feature
0 → 100644
View file @
7d321848
@javascript
@core
@core_account
Feature
:
Limit password attempts to 5 tries
In order to make sure you can't make more than 5 bad password attempts at a time
As an admin/user
So I can prevent dictionary attacks on my passwords
Scenario
:
Too many bad password attempts
Given the following "users" exist
:
|
username
|
password
|
email
|
firstname
|
lastname
|
institution
|
authname
|
role
|
|
userA
|
Password1
|
test01@example.com
|
Pete
|
Mc
|
mahara
|
internal
|
member
|
# I should not see any error message on the first 5 attempts
When
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
And
I log in as
"userA"
with password
"wrongpassword"
Then
I should not see
"You have exceeded the maximum login attempts."
And
I should see
"Login"
# I've failed 5 times. Now even if I log in with the correct password I'm locked out.
When
I log in as
"userA"
with password
"Password1"
Then
I should see
"You have exceeded the maximum login attempts."
And
I should see
"Login"
# The cron should reset the limit, allowing me to log in again
When
I trigger cron
And
I log in as
"userA"
with password
"Password1"
# I'm logged in!
Then
I should see
"Dashboard"
Aaron Wells
@aaronw
mentioned in commit
395b730b
·
Jun 25, 2015
mentioned in commit
395b730b
mentioned in commit 395b730bbffb73dfb25e8d701f377edc5e591512
Toggle commit list
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
