020 ease of access vs security.feature

Documentation: edge-infra.dev/pkg/edge/iam/device/test

     1Feature: Ease of access vs security
     2    In order to authenticate as quickly and as easy as possible, 
     3    taking security into considation, as a customer, I want to
     4    a) control for the username:
     5    - its min (1) and max (12) length
     6    - if its numeric only or alphanumeric
     7    b) control for the password (or PIN, depending):
     8    - its min (4) and max (12) length
     9    - if its numeric only or alphanumeric
    10    - if it can expire and the days before it expires (0-365)
    11    - how many times you can attempt and fail before the account gets locked for 30sec 
    12    - number of new unique passwords that have to be used before an old password can be reused 
    13    - if a password is required at all
    14    c) associates to change a password after a manager sets it
    15
    16    Scenario: Sign in with ease
    17        Given the min, max, and numeric-only have been configured
    18        When the associate tries to sign in
    19        Then the fields are limited in length to min and max
    20        And if they are numeric-only you can only enter numbers
    21
    22    Scenario: Show a numpad instead of a keyboard
    23        Expect for when you dont ask for a password at all
    24
    25        Given both username and password are set to numeric only
    26        When the associate tries to sign in
    27        Then they get a always visible numpad instead of a full-fledged keyboard
    28
    29    # backlog: needed for hospitality, not for retail - so we leave it for now
    30    Scenario: No password required
    31        Given the customer allows that
    32        Then our UI will block it, cause its a required field
    33
    34    Scenario: Password expired
    35        Given the associate's password is expired
    36        When they try to sign in
    37        Then they are informed that the password is expired
    38        And that they need to enter a new one before they can continue
    39        And they are asked to enter the old one
    40        And they are asked to enter a new one
    41        When they enter matching passwords
    42        And they fit the policy
    43        Then their password is changed
    44        And they are informed about that
    45        And they are sent back to device sign in
    46
    47    Scenario: Password must change
    48        Same as expired just a different message
    49
    50    Scenario: New password does not match policy
    51        Given the associate tried to sign in
    52        And is asked to set a new password
    53        When the new password does not match the configured policy
    54        Then they are informed about it
    55        And they cannot set it
View as plain text