mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
7128970a53
Before this fix, the redirection URL was stored in the user session, but this has a big drawback since user could open several pages in browser and thus override the redirection URL leading the user to be incorrectly redirected.
54 lines
2.6 KiB
Gherkin
54 lines
2.6 KiB
Gherkin
Feature: User validate first factor
|
|
|
|
Scenario: User succeeds first factor
|
|
Given I visit "https://auth.test.local:8080/"
|
|
When I set field "username" to "bob"
|
|
And I set field "password" to "password"
|
|
And I click on "Sign in"
|
|
Then I'm redirected to "https://auth.test.local:8080/secondfactor"
|
|
|
|
Scenario: User fails first factor
|
|
Given I visit "https://auth.test.local:8080/"
|
|
When I set field "username" to "john"
|
|
And I set field "password" to "bad-password"
|
|
And I click on "Sign in"
|
|
Then I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
|
|
Scenario: User succeeds TOTP second factor
|
|
Given I visit "https://auth.test.local:8080/"
|
|
And I login with user "john" and password "password"
|
|
And I register a TOTP secret called "Sec0"
|
|
When I visit "https://secret.test.local:8080/secret.html" and get redirected "https://auth.test.local:8080/?redirect=https%3A%2F%2Fsecret.test.local%3A8080%2Fsecret.html"
|
|
And I login with user "john" and password "password"
|
|
And I use "Sec0" as TOTP token handle
|
|
And I click on "TOTP"
|
|
Then I'm redirected to "https://secret.test.local:8080/secret.html"
|
|
|
|
Scenario: User fails TOTP second factor
|
|
When I visit "https://secret.test.local:8080/secret.html" and get redirected "https://auth.test.local:8080/?redirect=https%3A%2F%2Fsecret.test.local%3A8080%2Fsecret.html"
|
|
And I login with user "john" and password "password"
|
|
And I use "BADTOKEN" as TOTP token
|
|
And I click on "TOTP"
|
|
Then I get a notification of type "error" with message "Problem with TOTP validation."
|
|
|
|
Scenario: User logs out
|
|
Given I visit "https://auth.test.local:8080/"
|
|
And I login with user "john" and password "password"
|
|
And I register a TOTP secret called "Sec0"
|
|
And I visit "https://auth.test.local:8080/"
|
|
And I login with user "john" and password "password"
|
|
And I use "Sec0" as TOTP token handle
|
|
When I visit "https://auth.test.local:8080/logout?redirect=https://www.google.fr"
|
|
And I visit "https://secret.test.local:8080/secret.html"
|
|
Then I'm redirected to "https://auth.test.local:8080/"
|
|
|
|
Scenario: Logout redirects user
|
|
Given I visit "https://auth.test.local:8080/"
|
|
And I login with user "john" and password "password"
|
|
And I register a TOTP secret called "Sec0"
|
|
And I visit "https://auth.test.local:8080/"
|
|
And I login with user "john" and password "password"
|
|
And I use "Sec0" as TOTP token handle
|
|
When I visit "https://auth.test.local:8080/logout?redirect=https://www.google.fr"
|
|
Then I'm redirected to "https://www.google.fr"
|