- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter) - Implement strict workflow with 9 stages and mandatory gates - Add comprehensive verification script and runtime status tracking - Create artifact-based evidence system with contracts and schemas - Add agent policy matrix with permissions and anti-cheat rules - Include test suite (44 tests passing) and CI-ready structure - Add documentation: README, HOWTO, CHECKPOINTS, templates - Configure model routing policies and token-aware task assignment - Add BDD/SDD specification guides and feature templates - Include starter pack for quick project onboarding All verification checks pass. Framework ready for production use.
70 lines
2.5 KiB
Gherkin
70 lines
2.5 KiB
Gherkin
@F-004 @auth @login
|
|
Feature: User Login
|
|
|
|
Background:
|
|
Given the user "alice@example.com" exists with password "SecurePass123!"
|
|
|
|
@positive
|
|
Scenario: Successful login with valid credentials
|
|
Given I have valid email "alice@example.com" and password "SecurePass123!"
|
|
When I attempt to login
|
|
Then I should receive an access token
|
|
And the access token should contain user_id claim
|
|
And the access token should contain email claim
|
|
And the access token should not be expired
|
|
|
|
@positive
|
|
Scenario: Login returns refresh token
|
|
Given I have valid credentials for "alice@example.com"
|
|
When I login successfully
|
|
Then I should receive a refresh token
|
|
And the refresh token should be different from access token
|
|
And the refresh token should have longer expiration
|
|
|
|
@positive
|
|
Scenario: Login email is case-insensitive
|
|
Given a user exists with email "bob@test.com" and password "TestPass99!"
|
|
When I login with email "BOB@TEST.COM" and password "TestPass99!"
|
|
Then login should be successful
|
|
|
|
@negative
|
|
Scenario: Login with wrong password
|
|
Given I have email "alice@example.com" and password "WrongPassword123!"
|
|
When I attempt to login
|
|
Then I should receive error "Credenciales inválidas"
|
|
And I should not receive any token
|
|
|
|
@negative
|
|
Scenario: Login with nonexistent user
|
|
Given I have email "nonexistent@test.com" and password "AnyPass123!"
|
|
When I attempt to login
|
|
Then I should receive error "Credenciales inválidas"
|
|
And I should not receive any token
|
|
|
|
@negative
|
|
Scenario: Login with empty password
|
|
Given I have email "alice@example.com" and empty password
|
|
When I attempt to login
|
|
Then I should receive validation error
|
|
And I should not receive any token
|
|
|
|
@negative
|
|
Scenario: Login with invalid email format
|
|
Given I have email "not-an-email" and password "ValidPass123!"
|
|
When I attempt to login
|
|
Then I should receive validation error
|
|
And I should not receive any token
|
|
|
|
@security @rate-limit
|
|
Scenario: Login blocked after 10 failed attempts
|
|
Given I have email "alice@example.com" and password "WrongPassword!"
|
|
When I attempt to login 10 times with wrong password
|
|
Then account should be temporarily locked
|
|
And next login attempt should return error "Cuenta bloqueada"
|
|
|
|
@smoke
|
|
Scenario: Login endpoint responds with JSON
|
|
Given I have valid credentials for "alice@example.com"
|
|
When I send a POST request to "/api/v1/auth/login"
|
|
Then response should be JSON format
|
|
And response should have correct content-type header |