Feature: Non authenticated users have no access to certain pages
Scenario: Anonymous user has no access to protected pages
Then I get the following status code when requesting:
| url | code | method |
| https://login.example.com:8080/secondfactor | 401 | GET |
| https://login.example.com:8080/secondfactor/u2f/identity/start | 401 | GET |
| https://login.example.com:8080/secondfactor/u2f/identity/finish | 401 | GET |
| https://login.example.com:8080/secondfactor/totp/identity/start | 401 | GET |
| https://login.example.com:8080/secondfactor/totp/identity/finish | 401 | GET |
| https://login.example.com:8080/loggedin | 401 | GET |
| https://login.example.com:8080/api/totp | 401 | POST |
| https://login.example.com:8080/api/u2f/sign_request | 401 | GET |
| https://login.example.com:8080/api/u2f/sign | 401 | POST |
| https://login.example.com:8080/api/u2f/register_request | 401 | GET |
| https://login.example.com:8080/api/u2f/register | 401 | POST |
@needs-single_factor-config
@need-registered-user-john
Scenario: User does not have acces to second factor related endpoints when in single factor mode
Given I post "https://login.example.com:8080/api/firstfactor" with body:
| key | value |
| username | john |
| password | password |
Then I get the following status code when requesting:
| url | code | method |
| https://login.example.com:8080/secondfactor | 401 | GET |
| https://login.example.com:8080/secondfactor/u2f/identity/start | 401 | GET |
| https://login.example.com:8080/secondfactor/u2f/identity/finish | 401 | GET |
| https://login.example.com:8080/secondfactor/totp/identity/start | 401 | GET |
| https://login.example.com:8080/secondfactor/totp/identity/finish | 401 | GET |
| https://login.example.com:8080/api/totp | 401 | POST |
| https://login.example.com:8080/api/u2f/sign_request | 401 | GET |
| https://login.example.com:8080/api/u2f/sign | 401 | POST |
| https://login.example.com:8080/api/u2f/register_request | 401 | GET |
| https://login.example.com:8080/api/u2f/register | 401 | POST |