mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
0a33b2d5ee
Before this fix, the application was simply crashing during execution when connection to redis was failing. Now, it is correctly handled with failing promises and logs have been enabled to clearly see the problem
42 lines
2.2 KiB
Gherkin
42 lines
2.2 KiB
Gherkin
Feature: Authelia regulates authentication to avoid brute force
|
|
|
|
@needs-test-config
|
|
@need-registered-user-blackhat
|
|
Scenario: Attacker tries too many authentication in a short period of time and get banned
|
|
Given I visit "https://auth.test.local:8080/"
|
|
And I set field "username" to "blackhat"
|
|
And I set field "password" to "bad-password"
|
|
And I click on "Sign in"
|
|
And I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
And I set field "password" to "bad-password"
|
|
And I click on "Sign in"
|
|
And I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
And I set field "password" to "bad-password"
|
|
And I click on "Sign in"
|
|
And I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
When I set field "password" to "password"
|
|
And I click on "Sign in"
|
|
Then I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
|
|
@needs-test-config
|
|
@need-registered-user-blackhat
|
|
Scenario: User is unbanned after a configured amount of time
|
|
Given I visit "https://auth.test.local:8080/?redirect=https%3A%2F%2Fpublic.test.local%3A8080%2Fsecret.html"
|
|
And I set field "username" to "blackhat"
|
|
And I set field "password" to "bad-password"
|
|
And I click on "Sign in"
|
|
And I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
And I set field "password" to "bad-password"
|
|
And I click on "Sign in"
|
|
And I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
And I set field "password" to "bad-password"
|
|
And I click on "Sign in"
|
|
And I get a notification of type "error" with message "Authentication failed. Please double check your credentials."
|
|
When I wait 6 seconds
|
|
And I set field "password" to "password"
|
|
And I click on "Sign in"
|
|
And I use "REGISTERED" as TOTP token handle
|
|
And I click on "TOTP"
|
|
Then I have access to:
|
|
| url |
|
|
| https://public.test.local:8080/secret.html | |