46 lines
1.7 KiB
Gherkin
46 lines
1.7 KiB
Gherkin
@authentication
|
|
Feature: Authentication and User Management
|
|
|
|
Background:
|
|
Given the Fellowship SUT is running
|
|
And I navigate to the "login page"
|
|
|
|
Scenario: User can log in with valid credentials
|
|
When I log in with username "frodo_baggins" and password "fellowship123"
|
|
Then I should be redirected to the dashboard
|
|
And the dashboard should display a personalized greeting for "Frodo"
|
|
|
|
Scenario: User sees error on invalid credentials
|
|
When I log in with username "invalid_user" and password "wrongpassword"
|
|
Then I should see an error message containing "Invalid credentials"
|
|
|
|
Scenario: User can sign up with new credentials
|
|
When I navigate to the signup page
|
|
And I sign up with username "newuser" and password "newpass123"
|
|
Then I should be logged in as "newuser"
|
|
And I should land on the dashboard
|
|
|
|
Scenario: Session persists after page refresh
|
|
When I log in with username "samwise_gamgee" and password "fellowship123"
|
|
And I am on the dashboard
|
|
And I refresh the page
|
|
Then I should still be logged in
|
|
And the dashboard should be loaded
|
|
|
|
Scenario: User can log out
|
|
When I log in with username "aragorn" and password "fellowship123"
|
|
And I am on the dashboard
|
|
And I click the logout button
|
|
Then I should be redirected to the login page
|
|
And the session should be cleared
|
|
|
|
Scenario: Protected actions are blocked for unauthenticated users
|
|
When I try to create a quest without being logged in
|
|
Then I should receive an unauthorized error
|
|
|
|
@cors
|
|
Scenario: CORS preflight is allowed for login endpoint
|
|
When I verify CORS preflight for the login endpoint
|
|
Then the response should allow POST requests
|
|
And the response should include proper CORS headers
|