Commit 9c26c145 authored by Gregor Anzelj's avatar Gregor Anzelj Committed by Robert Lyon
Browse files

Bug 845263: Password policy

Improve the password policy enforcement and configuration in Mahara.
Have a pre-defined password policy of a minimum of 8 characters with
type "alphanumeric mixed case + symbols".

Also allow site administrators to set the desired password policy in
Site Options > Security Settings. In all locations where password
is set, the password input should also include a password strength
indicator.

Change-Id: I020af58a6cf1635fe295f5434783ce5b6f6daacb
parent f3d614cb
......@@ -5,7 +5,7 @@ As a user
The big homepage buttons should navigate to their correct places
Scenario: Checking navigation of the big homepage buttons
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
And I click on "Develop your portfolio"
Then I should see "Pages and collections" in the "h1 heading" property
And I am on homepage
......
......@@ -11,12 +11,12 @@ Background:
| insttwo | Institution Two | ON | ON |
And the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuhipa1 | UserB@example.org | Bob | User | instone | internal | member |
| UserC | Kupuhipa1 | UserC@example.org | Cecilia | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuh1pa! | UserB@example.org | Bob | User | instone | internal | member |
| UserC | Kupuh1pa! | UserC@example.org | Cecilia | User | mahara | internal | member |
Scenario: Viewing user statistics
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
# Users without an institution
When I choose "Reports" from administration menu
And I press "Configure report"
......
......@@ -11,13 +11,13 @@ Given the following "institutions" exist:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuhipa1 | UserB@example.org | Bob | Staff | mahara | internal | staff |
| UserC | Kupuhipa1 | UserC@example.org | Cecilia | Staff | instone | internal | staff |
| AdminA | Kupuhipa1 | AdminA@example.org | Angela | Admin | instone | internal | admin |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuh1pa! | UserB@example.org | Bob | Staff | mahara | internal | staff |
| UserC | Kupuh1pa! | UserC@example.org | Cecilia | Staff | instone | internal | staff |
| AdminA | Kupuh1pa! | AdminA@example.org | Angela | Admin | instone | internal | admin |
Scenario: Checking menu items are available as a student (Bug 1467368)
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
# Checking the main menu navigation headings
When I click on "Show main menu"
And I follow "Dashboard"
......@@ -57,7 +57,7 @@ Scenario: Checking menu items are available as a student (Bug 1467368)
Scenario: Checking menu items are available as site staff (Bug 1467368)
Given I log in as "UserB" with password "Kupuhipa1"
Given I log in as "UserB" with password "Kupuh1pa!"
Then I should not see "Administration" in the "Main menu" property
# The one major difference a site staff has is site info link that leads to other links
And I click on "Show administration menu"
......@@ -67,7 +67,7 @@ Scenario: Checking menu items are available as site staff (Bug 1467368)
Scenario: Checking menu items are available as Admin User (Bug 1467368)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
# Checking the sub navigation in Administration
And I click on "Show administration menu"
Then I should see "Admin home" in the "Administration menu" property
......@@ -144,7 +144,7 @@ Scenario: Checking menu items are available as Admin User (Bug 1467368)
And I should see "Test client" in the "Web services sub-menu" property
Scenario: Checking menu items are available as Institution Administrator (Bug 1467368)
Given I log in as "AdminA" with password "Kupuhipa1"
Given I log in as "AdminA" with password "Kupuh1pa!"
# checking the sub navigation in Administration
And I click on "Show administration menu"
And I should not see "Configure site" in the "Administration menu" property
......
......@@ -7,8 +7,8 @@
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuhipa1 | UserB@example.org | Bob | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuh1pa! | UserB@example.org | Bob | User | mahara | internal | member |
And the following "pages" exist:
| title | description | ownertype | ownername |
......@@ -36,14 +36,14 @@
| Page UserA_22 | Page 22 | user | UserA |
Scenario: Checking the jump list of the paginator (Bug 1409370)
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
And I choose "Shared by me" in "Portfolio" from main menu
And I click on "Edit access" in "Page UserA_01" row
And I set the select2 value "Page UserA_01, Page UserA_02, Page UserA_03, Page UserA_04, Page UserA_05, Page UserA_06, Page UserA_07, Page UserA_08, Page UserA_09, Page UserA_10, Page UserA_11, Page UserA_12, Page UserA_13, Page UserA_14, Page UserA_15, Page UserA_16, Page UserA_17, Page UserA_18, Page UserA_19, Page UserA_20, Page UserA_21" for "editaccess_views"
And I select "Public" from "accesslist[0][searchtype]"
And I press "editaccess_submit"
And I log out
And I log in as "UserB" with password "Kupuhipa1"
And I log in as "UserB" with password "Kupuh1pa!"
And I choose "Shared with me" in "Portfolio" from main menu
And I check "Registered users"
And I check "Public"
......
......@@ -6,7 +6,7 @@ Feature: Random clicking test
Scenario: Clicking randomly around Mahara (Bug: 1426983)
# Log in as an Admin user
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
# Verifying log in was successful
And I should see "Admin User"
# Checking Content Menu
......
......@@ -5,6 +5,6 @@
So I can know that it can only be accessed by registered users
Scenario: Changing "logged-in users" to "registered users" (Bug 1373095)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
When I choose "Shared by me" in "Portfolio" from main menu
Then I should see "Registered users"
......@@ -5,7 +5,7 @@ Feature: Missing language string when resizing images in plugin administration
So I know what I'm turning on or off.
Scenario: Checking the language string is visible (Bug 1446488)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
When I go to "admin/extensions/pluginconfig.php?plugintype=artefact&pluginname=file&type=file"
And I follow "Resize images on upload"
Then I should see "Automatically resize large images on upload"
......
......@@ -7,9 +7,9 @@ Feature: List of shared pages to a group
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuhipa1 | UserB@example.org | Bob | User | mahara | internal | member |
| UserC | Kupuhipa1 | UserC@example.org | Cecilia | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuh1pa! | UserB@example.org | Bob | User | mahara | internal | member |
| UserC | Kupuh1pa! | UserC@example.org | Cecilia | User | mahara | internal | member |
And the following "groups" exist:
| name | owner | description | grouptype | open | invitefriends | editroles | submittableto | allowarchives | members | staff |
| GroupA | UserB | GroupA owned by UserB | standard | ON | OFF | all | OFF | OFF | UserA | |
......@@ -37,7 +37,7 @@ Background:
Scenario: Share pages and collections to a group.
The list of shared pages must take into account of access date (Bug 1374163)
# Log in as a normal user
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
# Edit access for Page 01
And I choose "Shared by me" in "Portfolio" from main menu
And I follow "Pages"
......@@ -120,7 +120,7 @@ The list of shared pages must take into account of access date (Bug 1374163)
And I should not see "Collection UserA_01"
And I log out
#Displaying shared pages in most recently updated order (Bug 1490569)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "Groups" from main menu
And I follow "GroupB"
And I follow "Edit"
......
......@@ -5,7 +5,7 @@ Feature: Switching switch on and off when editing a forum
I need to be able to flick the switch on and off
Scenario: Turning on and off switches in the group forums tab (Bug 1431569)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "My groups" in "Groups" from main menu
And I follow "Create group"
And I set the following fields to these values:
......
......@@ -5,7 +5,7 @@ As an admin
I need to be able to turn the switches on and off and save the page
Scenario: Turning on and off switches on Group Edit page (Bug 1431569)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "Groups" from main menu
And I follow "Create group"
And I set the following fields to these values:
......
......@@ -9,12 +9,12 @@ Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuhipa1 | UserB@example.org | Bob | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuh1pa! | UserB@example.org | Bob | User | mahara | internal | member |
Scenario: Verifying the "User search" box functionality
# Log in as a normal user
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
And I fill in "Bob" for "usf_query"
#click on the search icon
And I press "usf_submit"
......@@ -29,14 +29,14 @@ Given the following "users" exist:
#Log out as UserA
And I log out
#Log in as UserB and verify the display names
Given I log in as "UserB" with password "Kupuhipa1"
Given I log in as "UserB" with password "Kupuh1pa!"
And I fill in "Alpha" for "usf_query"
And I press "usf_submit"
And I should see "Angela"
#Log out as UserB
And I log out
#Log in as admin and change the display name settings
Then I log in as "admin" with password "Kupuhipa1"
Then I log in as "admin" with password "Kupuh1pa!"
And I choose "Site options" in "Configure site" from administration menu
And I expand all fieldsets
And I set the following fields to these values:
......@@ -45,7 +45,7 @@ Given the following "users" exist:
#Log out as admin user
And I log out
#Verify if the never display username functionality works
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
And I fill in "UserB" for "usf_query"
And I press "usf_submit"
And I should see "No search results found"
......@@ -17,7 +17,7 @@ Background:
| Collection admin_01 | Collection 01 | user | admin | Page admin_01, Page admin_02, Page admin_03, Page admin_04 |
Scenario: Accessing annotation block
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
# Navigating to admin block to turn it on
And I choose "Plugin administration" in "Extensions" from administration menu
And I press "activate_blocktype_annotation_submit"
......
......@@ -10,7 +10,7 @@ Background:
| Page admin_01 | Page 01 | admin | admin |
Scenario: Accessing annotation block (Bug 1443730)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
# Checking if annotation block is available by default
And I follow "Page admin_01"
And I follow "Edit"
......
......@@ -6,7 +6,7 @@ Feature: The external block should be added and configured in a page
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
And the following "pages" exist:
| title | description | ownertype | ownername |
......@@ -15,7 +15,7 @@ Background:
Scenario: Add some externalfeed blocks
# Externalfeed block should be added in a page from several feed sources in
# RSS or Atom format
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
And I choose "Pages and collections" in "Portfolio" from main menu
And I click on "Page UserA_01" panel menu
And I click on "Edit" in "Page UserA_01" panel menu
......
......@@ -9,7 +9,7 @@ Mahara institution
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | admin |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | admin |
And the following "pages" exist:
| title | description | ownertype | ownername |
......@@ -31,7 +31,7 @@ Background:
| Collection admin_01 | public |
Scenario: Installing framework module and activating for an institution
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "Plugin administration" in "Extensions" from administration menu
Then I should see "smartevidence"
And I should see "Hide" in the "smartevidence" property
......@@ -100,7 +100,7 @@ Scenario: Installing framework module and activating for an institution
And I log out
# Try as another admin
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
And I follow "Collection admin_01"
And I click on the matrix point "3,4"
And I wait "1" seconds
......
......@@ -11,8 +11,8 @@ Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuhipa1 | UserB@example.org | Bob | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuh1pa! | UserB@example.org | Bob | User | mahara | internal | member |
And the following "pages" exist:
| title | description | ownertype | ownername |
......@@ -69,7 +69,7 @@ Background:
| Page UserA_51 | Page 51 | user | UserA |
Scenario: Making sure that the max items per page drop down limits to correct amount of pages (Bug 1409369)
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
And I choose "Pages and collections" in "Portfolio" from main menu
And I select "atoz" from "orderby"
And I scroll to the base of id "searchviews_submit"
......@@ -80,7 +80,7 @@ Scenario: Making sure that the max items per page drop down limits to correct am
And I select "Public" from "accesslist[0][searchtype]"
And I press "Save"
And I log out
And I log in as "UserB" with password "Kupuhipa1"
And I log in as "UserB" with password "Kupuh1pa!"
And I choose "Shared with me" in "Portfolio" from main menu
And I check "Registered users"
And I check "Public"
......
......@@ -6,7 +6,7 @@ Feature: The openbadges block should be present
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
And the following "pages" exist:
| title | description | ownertype | ownername |
......@@ -16,7 +16,7 @@ Scenario: Open badges block
# As the open badges block normally fetches user data from third
# party site we can't currently test that part and ship the details in this test
# So all we can do is check that the block exists and saves to a page
Given I log in as "UserA" with password "Kupuhipa1"
Given I log in as "UserA" with password "Kupuh1pa!"
And I choose "Pages and collections" in "Portfolio" from main menu
And I click on "Page UserA_01" panel menu
And I click on "Edit" in "Page UserA_01" panel menu
......
......@@ -6,7 +6,7 @@ Feature: Strict privacy switch
I should be required to accept the privacy statement
Scenario: Create user who logs in with strict privacy enabled
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "Site options" in "Configure site" from administration menu
And I expand "Institution settings" node
# Need to disable multiple inst first, or set strict privacy doesn't work.
......@@ -22,13 +22,14 @@ Scenario: Create user who logs in with strict privacy enabled
| Last name | One |
| Email | UserB@example.com |
| Username | bob |
| password | Kupuhipa1 |
| password | Kupuh1pa! |
And I scroll to the top
And I press "Create user"
And I disable the switch "Force password change on next login"
And I enable the switch "Disable email"
And I press "Save changes"
And I log out
Given I log in as "bob" with password "Kupuhipa1"
Given I log in as "bob" with password "Kupuh1pa!"
Then I should see "Before entering your account, please read the information displayed below."
# Try to ignore privacy statement
And I choose "Pages and collections" in "Portfolio" from main menu
......
......@@ -10,7 +10,7 @@ Background:
| Page mahara_01 | Page 01 | institution | mahara |
Scenario: Making adjustments to the mathslate plugin for mahara (Bug 1472446)
Given I log in as "admin" with password "Kupuhipa1"
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "Site options" in "Configure site" from administration menu
And I follow "General settings"
And I enable the switch "Enable MathJax"
......
......@@ -7,8 +7,8 @@ I follow unsubscription link in email
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| UserA | Kupuhipa1 | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuhipa1 | UserB@example.org | Bob | User | mahara | internal | member |
| UserA | Kupuh1pa! | UserA@example.org | Angela | User | mahara | internal | member |
| UserB | Kupuh1pa! | UserB@example.org | Bob | User | mahara | internal | member |
And the following "pages" exist:
| title | description | ownertype | ownername |
......@@ -20,7 +20,7 @@ And the following "permissions" exist:
| Page UserA_01 | loggedin |
Scenario: Viewing a list of pages I watch from the dashboard (Bug 1444784)
Given I log in as "UserB" with password "Kupuhipa1"
Given I log in as "UserB" with password "Kupuh1pa!"
And I choose "Notifications" in "Settings" from user menu
And I select "Email" from "Watchlist"
And I press "Save"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment