Merge remote-tracking branch 'origin/develop'

We'll only use the master branch for development from now on.
author: Azul <azul@riseup.net> 2016-10-20 14:39:33 +0200
committer: Azul <azul@riseup.net> 2016-10-20 14:39:33 +0200
commit: b97daaed9b513006ace7e8eb5232a2211e965e77 (patch)
tree: e27002e8368e92410e5d4af2a945260c2ea6e2d1 /features/1/authentication.feature
parent: c6c4d9fd10b8ca8e24889112727e44c9bf68dd60 (diff)
parent: 6eb2dae802e5453e2a4361ab28f614cce9294f4c (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/features/1/authentication.feature b/features/1/authentication.feature
new file mode 100644
index 0000000..52b562f
--- /dev/null
+++ b/features/1/authentication.feature
@@ -0,0 +1,24 @@
+Feature: Authentication
+
+  Authentication is handled with SRP. Once the SRP handshake has been successful a token will be transmitted. This token is used to authenticate further requests.
+
+  In the scenarios MY_AUTH_TOKEN will serve as a placeholder for the actual token received.
+
+  Background:
+    Given I set headers:
+      | Accept        | application/json |
+      | Content-Type  | application/json |
+
+  Scenario: Submitting a valid token
+    Given I authenticated
+    And I set headers:
+      | Authorization | Token token="MY_AUTH_TOKEN" |
+    When I send a GET request to "/1/configs.json"
+    Then the response status should be "200"
+
+  Scenario: Submitting an invalid token
+    Given I authenticated
+    And I set headers:
+      | Authorization | Token token="InvalidToken" |
+    When I send a GET request to "/1/configs.json"
+    Then the response status should be "401"
author	Azul <azul@riseup.net>	2016-10-20 14:39:33 +0200
committer	Azul <azul@riseup.net>	2016-10-20 14:39:33 +0200
commit	b97daaed9b513006ace7e8eb5232a2211e965e77 (patch)
tree	e27002e8368e92410e5d4af2a945260c2ea6e2d1 /features/1/authentication.feature
parent	c6c4d9fd10b8ca8e24889112727e44c9bf68dd60 (diff)
parent	6eb2dae802e5453e2a4361ab28f614cce9294f4c (diff)