Bluejade/openid_authentication.feature

## openid_authentication.feature
Feature: openid authentication
  In order to simplify management of web app accounts
  People can use OpenID to create and sign into their accounts

  Scenario: creating a new account using OpenID
    Given I am a visitor without an account
    And I am on the home page
    When I follow "Sign up"
    And I choose "single_sign_on_openid"
    And I fill in the following:
      | Email             | snoopy@peanuts.com                                 |
      | OpenID identifier | http://localhost:1123/john.doe?openid.success=true |
      | Name (or alias)   | Snoopy                                             |
    And I check "I agree to the Terms of Service"
    And I press "Sign up"
    Then I should receive a response from the OpenID Server
    And I should see "A confirmation email has been sent to snoopy@peanuts.com. Please follow the instructions in the email to confirm your account."
    And "snoopy@peanuts.com" should receive an email
    When "snoopy@peanuts.com" opens the email
    And I click the first link in the email
    Then I should be on the index of courses

  Scenario: creating a new account with an OpenID identifier and without an email
    Given I am a visitor without an account
    And I am on the home page
    When I follow "Sign up"
    And I choose "single_sign_on_openid"
    And I fill in the following:
      | OpenID identifier | http://localhost:1123/john.doe?openid.success=true |
      | Name (or alias)   | Snoopy                                             |
    And I check "I agree to the Terms of Service"
    And I press "Sign up"
    Then I should receive a response from the OpenID Server
    And I should be on the welcome page

  Scenario: signing in using OpenID
    Given I am a user with OpenID "http://localhost:1123/john.doe?openid.success=true"
    When I am on the sign in page
    And I fill in "user_session_openid_identifier" with "http://localhost:1123/john.doe?openid.success=true"
    And I press "Verify"
    Then I should receive a response from the OpenID Server
    And I should be on the index of courses

  Scenario: someone without an account tries to sign in using OpenID
    Given I am a visitor without an account
    When I am on the sign in page
    And I fill in "user_session_openid_identifier" with "http://localhost:1123/john.doe?openid.success=true"
    And I press "Verify"
    Then I should receive a response from the OpenID Server
    And I should see "That OpenID identifier is not associated with an existing account"

  Scenario: The user cancels the OpenID authentication
    When I am on the sign in page
    And I fill in "user_session_openid_identifier" with "http://localhost:1123/john.doe"
    And I press "verify"
    Then I should receive a response from the OpenID Server
    And I should be on the sign in page

  Scenario: The user provides an invalid identity url
    When I am on the sign in page
    And I fill in "user_session_openid_identifier" with "http://google.com"
    And I press "verify"
    Then I should see "'http://google.com' is not a valid OpenID"


  Scenario: I should be able to sign into a secure session and change my password when my sign in is an OpenID
    Given I am signed in as a user with an OpenID
    And I am on the edit profile page
    When I follow "Change password or single sign-on"
    And I receive a response from the OpenID Server
    And I fill in "New password" with "newsecret"
    And I fill in "Password confirmation" with "newsecret"
    And I press "Save"
    Then I should see "Password successfully updated"
    And then
    When I sign out
    And I complete and submit the sign in form
    Then I should see "Sign in failed. Please check your email and password."

  Scenario: I should not be able to change my password if I signed up with an OpenID but not an email address
    Given I am signed in as a user with an OpenID and no email
    And I am on the edit profile page
    When I follow "Change password or single sign-on"
    And I receive a response from the OpenID Server
    Then I should not see "New password"
    And I should not see "Password confirmation"
	Feature: openid authentication
	In order to simplify management of web app accounts
	People can use OpenID to create and sign into their accounts

	Scenario: creating a new account using OpenID
	Given I am a visitor without an account
	And I am on the home page
	When I follow "Sign up"
	And I choose "single_sign_on_openid"
	And I fill in the following:
	\| Email \| snoopy@peanuts.com \|
	\| OpenID identifier \| http://localhost:1123/john.doe?openid.success=true \|
	\| Name (or alias) \| Snoopy \|
	And I check "I agree to the Terms of Service"
	And I press "Sign up"
	Then I should receive a response from the OpenID Server
	And I should see "A confirmation email has been sent to snoopy@peanuts.com. Please follow the instructions in the email to confirm your account."
	And "snoopy@peanuts.com" should receive an email
	When "snoopy@peanuts.com" opens the email
	And I click the first link in the email
	Then I should be on the index of courses

	Scenario: creating a new account with an OpenID identifier and without an email
	Given I am a visitor without an account
	And I am on the home page
	When I follow "Sign up"
	And I choose "single_sign_on_openid"
	And I fill in the following:
	\| OpenID identifier \| http://localhost:1123/john.doe?openid.success=true \|
	\| Name (or alias) \| Snoopy \|
	And I check "I agree to the Terms of Service"
	And I press "Sign up"
	Then I should receive a response from the OpenID Server
	And I should be on the welcome page

	Scenario: signing in using OpenID
	Given I am a user with OpenID "http://localhost:1123/john.doe?openid.success=true"
	When I am on the sign in page
	And I fill in "user_session_openid_identifier" with "http://localhost:1123/john.doe?openid.success=true"
	And I press "Verify"
	Then I should receive a response from the OpenID Server
	And I should be on the index of courses

	Scenario: someone without an account tries to sign in using OpenID
	Given I am a visitor without an account
	When I am on the sign in page
	And I fill in "user_session_openid_identifier" with "http://localhost:1123/john.doe?openid.success=true"
	And I press "Verify"
	Then I should receive a response from the OpenID Server
	And I should see "That OpenID identifier is not associated with an existing account"

	Scenario: The user cancels the OpenID authentication
	When I am on the sign in page
	And I fill in "user_session_openid_identifier" with "http://localhost:1123/john.doe"
	And I press "verify"
	Then I should receive a response from the OpenID Server
	And I should be on the sign in page

	Scenario: The user provides an invalid identity url
	When I am on the sign in page
	And I fill in "user_session_openid_identifier" with "http://google.com"
	And I press "verify"
	Then I should see "'http://google.com' is not a valid OpenID"


	Scenario: I should be able to sign into a secure session and change my password when my sign in is an OpenID
	Given I am signed in as a user with an OpenID
	And I am on the edit profile page
	When I follow "Change password or single sign-on"
	And I receive a response from the OpenID Server
	And I fill in "New password" with "newsecret"
	And I fill in "Password confirmation" with "newsecret"
	And I press "Save"
	Then I should see "Password successfully updated"
	And then
	When I sign out
	And I complete and submit the sign in form
	Then I should see "Sign in failed. Please check your email and password."

	Scenario: I should not be able to change my password if I signed up with an OpenID but not an email address
	Given I am signed in as a user with an OpenID and no email
	And I am on the edit profile page
	When I follow "Change password or single sign-on"
	And I receive a response from the OpenID Server
	Then I should not see "New password"
	And I should not see "Password confirmation"