2011-09-05 22:06:37 +02:00
|
|
|
Feature: Handling users with deprecated passwords hashes
|
|
|
|
|
In order to have my password hashed with BCrypt
|
|
|
|
|
As a user with password hashed with SHA1
|
|
|
|
|
I have to be redirected to the password resetting form
|
|
|
|
|
|
|
|
|
|
Background:
|
|
|
|
|
Given the following user records
|
|
|
|
|
| login | password_with_algorithm |
|
|
|
|
|
| new_hash_user | first_secret bcrypt |
|
|
|
|
|
| old_hash_user | another_secret sha1 |
|
|
|
|
|
|
2011-09-05 22:54:40 +02:00
|
|
|
Scenario Outline: A user with SHA1 password
|
2011-09-05 22:06:37 +02:00
|
|
|
Given I have logged in as "old_hash_user" with password "another_secret"
|
2011-09-05 22:54:40 +02:00
|
|
|
When I go to the <name> page
|
2011-09-05 22:06:37 +02:00
|
|
|
Then I should be redirected to the change password page
|
|
|
|
|
And I should see "You have to reset your password"
|
2011-09-05 22:45:52 +02:00
|
|
|
When I change my password to "newer_better_password"
|
|
|
|
|
Then I should be redirected to the preference page
|
2011-09-05 22:06:37 +02:00
|
|
|
|
2011-09-05 22:54:40 +02:00
|
|
|
Examples:
|
|
|
|
|
| name |
|
|
|
|
|
| home |
|
|
|
|
|
| preferences |
|
|
|
|
|
| notes |
|
|
|
|
|
| tickler |
|
|
|
|
|
|
|
|
|
|
Scenario: A user with SHA1 password goes straight to the change password page
|
|
|
|
|
Given I have logged in as "old_hash_user" with password "another_secret"
|
|
|
|
|
When I go to the change password page
|
|
|
|
|
Then I should be on the change password page
|
|
|
|
|
|
2011-09-05 22:06:37 +02:00
|
|
|
Scenario: A user with BCrypt password
|
|
|
|
|
Given I have logged in as "new_hash_user" with password "first_secret"
|
|
|
|
|
When I go to the homepage
|
|
|
|
|
Then I should be on the homepage
|
