openproject/features/users/password_complexity_checks....

#encoding: utf-8

#-- copyright
# OpenProject is a project management system.
#
# Copyright (C) 2012-2013 the OpenProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# See doc/COPYRIGHT.rdoc for more details.
#++

Feature: Password Complexity Checks
    Scenario: A user changing the password including attempts to set not complex enough passwords
        Given passwords must contain 2 of lowercase, uppercase, and numeric characters
        And passwords have a minimum length of 4 characters
        And I am logged in
        And I try to set my new password to "password"
        Then there should be an error message
        When I try to set my new password to "Password"
        Then the password change should succeed
        And I should be able to login using the new password

    Scenario: An admin can change the password complexity requirements and they are effective
        Given I am already admin
        When I go to the authentication tab of the settings page
        And I activate the lowercase, uppercase, and special password rules
        And I fill in "Minimum number of required classes" with "3"
        And I save the settings
        And I try to set my new password to "adminADMIN"
        Then there should be an error message
        And I try to set my new password to "adminADMIN123"
        Then there should be an error message
        And I try to set my new password to "adminADMIN!"
        Then the password change should succeed
Improve password complexity cukes, add copyright 12 years ago			`#encoding: utf-8`

			`#-- copyright`
			`# OpenProject is a project management system.`
			`#`
			`# Copyright (C) 2012-2013 the OpenProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# See doc/COPYRIGHT.rdoc for more details.`
			`#++`

Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10. 12 years ago			`Feature: Password Complexity Checks`
			`Scenario: A user changing the password including attempts to set not complex enough passwords`
			`Given passwords must contain 2 of lowercase, uppercase, and numeric characters`
			`And passwords have a minimum length of 4 characters`
			`And I am logged in`
			`And I try to set my new password to "password"`
Improve password complexity cukes, add copyright 12 years ago			`Then there should be an error message`
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10. 12 years ago			`When I try to set my new password to "Password"`
			`Then the password change should succeed`
			`And I should be able to login using the new password`

			`Scenario: An admin can change the password complexity requirements and they are effective`
improve spec and cuke performance 11 years ago			`Given I am already admin`
Improve password complexity cukes, add copyright 12 years ago			`When I go to the authentication tab of the settings page`
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10. 12 years ago			`And I activate the lowercase, uppercase, and special password rules`
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog 12 years ago			`And I fill in "Minimum number of required classes" with "3"`
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10. 12 years ago			`And I save the settings`
			`And I try to set my new password to "adminADMIN"`
Improve password complexity cukes, add copyright 12 years ago			`Then there should be an error message`
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10. 12 years ago			`And I try to set my new password to "adminADMIN123"`
Improve password complexity cukes, add copyright 12 years ago			`Then there should be an error message`
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10. 12 years ago			`And I try to set my new password to "adminADMIN!"`
			`Then the password change should succeed`