refactor: complete bootstrap of ARNES agent harness framework
- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter) - Implement strict workflow with 9 stages and mandatory gates - Add comprehensive verification script and runtime status tracking - Create artifact-based evidence system with contracts and schemas - Add agent policy matrix with permissions and anti-cheat rules - Include test suite (44 tests passing) and CI-ready structure - Add documentation: README, HOWTO, CHECKPOINTS, templates - Configure model routing policies and token-aware task assignment - Add BDD/SDD specification guides and feature templates - Include starter pack for quick project onboarding All verification checks pass. Framework ready for production use.
This commit is contained in:
70
spec/bdd/features/auth/login.feature
Normal file
70
spec/bdd/features/auth/login.feature
Normal file
@@ -0,0 +1,70 @@
|
||||
@F-004 @auth @login
|
||||
Feature: User Login
|
||||
|
||||
Background:
|
||||
Given the user "alice@example.com" exists with password "SecurePass123!"
|
||||
|
||||
@positive
|
||||
Scenario: Successful login with valid credentials
|
||||
Given I have valid email "alice@example.com" and password "SecurePass123!"
|
||||
When I attempt to login
|
||||
Then I should receive an access token
|
||||
And the access token should contain user_id claim
|
||||
And the access token should contain email claim
|
||||
And the access token should not be expired
|
||||
|
||||
@positive
|
||||
Scenario: Login returns refresh token
|
||||
Given I have valid credentials for "alice@example.com"
|
||||
When I login successfully
|
||||
Then I should receive a refresh token
|
||||
And the refresh token should be different from access token
|
||||
And the refresh token should have longer expiration
|
||||
|
||||
@positive
|
||||
Scenario: Login email is case-insensitive
|
||||
Given a user exists with email "bob@test.com" and password "TestPass99!"
|
||||
When I login with email "BOB@TEST.COM" and password "TestPass99!"
|
||||
Then login should be successful
|
||||
|
||||
@negative
|
||||
Scenario: Login with wrong password
|
||||
Given I have email "alice@example.com" and password "WrongPassword123!"
|
||||
When I attempt to login
|
||||
Then I should receive error "Credenciales inválidas"
|
||||
And I should not receive any token
|
||||
|
||||
@negative
|
||||
Scenario: Login with nonexistent user
|
||||
Given I have email "nonexistent@test.com" and password "AnyPass123!"
|
||||
When I attempt to login
|
||||
Then I should receive error "Credenciales inválidas"
|
||||
And I should not receive any token
|
||||
|
||||
@negative
|
||||
Scenario: Login with empty password
|
||||
Given I have email "alice@example.com" and empty password
|
||||
When I attempt to login
|
||||
Then I should receive validation error
|
||||
And I should not receive any token
|
||||
|
||||
@negative
|
||||
Scenario: Login with invalid email format
|
||||
Given I have email "not-an-email" and password "ValidPass123!"
|
||||
When I attempt to login
|
||||
Then I should receive validation error
|
||||
And I should not receive any token
|
||||
|
||||
@security @rate-limit
|
||||
Scenario: Login blocked after 10 failed attempts
|
||||
Given I have email "alice@example.com" and password "WrongPassword!"
|
||||
When I attempt to login 10 times with wrong password
|
||||
Then account should be temporarily locked
|
||||
And next login attempt should return error "Cuenta bloqueada"
|
||||
|
||||
@smoke
|
||||
Scenario: Login endpoint responds with JSON
|
||||
Given I have valid credentials for "alice@example.com"
|
||||
When I send a POST request to "/api/v1/auth/login"
|
||||
Then response should be JSON format
|
||||
And response should have correct content-type header
|
||||
58
spec/bdd/features/auth/logout.feature
Normal file
58
spec/bdd/features/auth/logout.feature
Normal file
@@ -0,0 +1,58 @@
|
||||
@F-004 @auth @logout
|
||||
Feature: User Logout
|
||||
|
||||
Background:
|
||||
Given the user "alice@example.com" exists with password "SecurePass123!"
|
||||
And I am authenticated as "alice@example.com"
|
||||
|
||||
@positive
|
||||
Scenario: Successful logout invalidates current session
|
||||
Given my current access token is valid
|
||||
When I logout
|
||||
Then I should receive confirmation
|
||||
And my session should be marked as revoked
|
||||
And my access token should no longer be valid
|
||||
|
||||
@positive
|
||||
Scenario: Logout with refresh token also invalidates access
|
||||
Given I have a valid refresh token
|
||||
When I logout
|
||||
Then both access and refresh tokens should be invalid
|
||||
And I should not be able to get new access token with refresh
|
||||
|
||||
@positive
|
||||
Scenario: Logout all sessions for user
|
||||
Given I am logged in from device "desktop"
|
||||
And I am logged in from device "mobile"
|
||||
When I logout from all devices
|
||||
Then all my sessions should be invalidated
|
||||
And I should not be able to use any previous token
|
||||
|
||||
@negative
|
||||
Scenario: Using token after logout returns unauthorized
|
||||
Given I previously logged in successfully
|
||||
And I have logged out
|
||||
When I try to use my old access token
|
||||
Then I should receive 401 Unauthorized
|
||||
And I should not have access to protected resources
|
||||
|
||||
@negative
|
||||
Scenario: Logout with invalid token does nothing
|
||||
Given I have an invalid/expired token
|
||||
When I attempt to logout
|
||||
Then logout should not fail
|
||||
But no session should be affected
|
||||
|
||||
@security
|
||||
Scenario: Concurrent logout requests are handled correctly
|
||||
Given my session is valid
|
||||
When I send multiple logout requests simultaneously
|
||||
Then only one logout operation should occur
|
||||
And token should be invalidated only once
|
||||
|
||||
@smoke
|
||||
Scenario: Logout endpoint returns 200 on success
|
||||
Given I am authenticated as "alice@example.com"
|
||||
When I send POST request to "/api/v1/auth/logout"
|
||||
Then response should be 200 OK
|
||||
And response should indicate success
|
||||
Reference in New Issue
Block a user