Cucumber Ltd / cucumber-pro

Reset passwordfeatures/authentication/reset_password.feature

Release Dasher II (patch 1) (2018-12-13)

Romain Gérard

Currently viewing

Feature: Reset Password

Rules

  • Email is only sent if account with matching email exists
  • Don't tell the user when no email was sent
  • Reset token expires after 2 days
  • Reset token can only be used once
  • It's ok to reuse the same password
  • Following the reset link logs out the current user
  • Confirming a new password logs you in
  • New password must be valid according to the same rules as sign up

Questions

  • Creating a new reset token invalidates previous ones?

Scenario: Successful password reset

  • Given Bob is logged out
  • And Bob has requested a password reset
  • When Bob provides the password reset token and a new password
  • Then Bob should be logged in
  • And Bob should be able to log in again with the new password

Scenario: The token doesn't match any account

  • When AnonymousVisitor provides an unknown password reset token
  • Then AnonymousVisitor should be told the token is invalid

Scenario: The token has been used

  • Given Bob is logged out
  • And Bob has requested a password reset
  • And Bob has provided the password reset token and a new password
  • When Bob provides the password reset token again
  • Then Bob should be told the token is invalid

Scenario: New password is invalid

  • Given Bob is logged out
  • And Bob has requested a password reset
  • When Bob provides the password reset token and a too-short password
  • Then Bob should be told to choose a longer password