Project Number Date
backend-test 0.0.1-SNAPSHOT 12 Jan 2026, 18:26

Feature Report

Steps Scenarios Features
Feature Passed Failed Skipped Pending Undefined Total Passed Failed Total Duration Status
Token Authentication with Device Tracking 68 5 58 0 11 142 0 16 16 0.956 Failed
Feature Token Authentication with Device Tracking
As a security-conscious application I want to authenticate users and track their devices So that I can ensure secure access and detect suspicious activities
0.007
Given the API endpoint is "/admin/token/" 0.006
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.227
Scenario Successful authentication with new device
Steps
Given the user credentials: 0.003
username samyfabiol@gmail.com
password #!Klivardev1
And the following request headers: 0.000
User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept-Language fr-FR,fr;q=0.9,en;q=0.8
Accept-Encoding gzip, deflate, br
X-Forwarded-For 102.244.98.235
When I send a POST request to "/admin/token/" 0.220
Then I should receive HTTP status code 423 0.003
org.opentest4j.AssertionFailedError: 
org.opentest4j.AssertionFailedError: Expected status code 423 but got 200 ==> expected: <423> but was: <200>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:150)
	at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:563)
	at com.klivar.backend_test.steps.auth.AuthServiceSteps.iShouldReceiveHttpStatusCode(AuthServiceSteps.java:253)
	at ✽.I should receive HTTP status code 423(classpath:features/Auth.feature:21)
And the response should contain: 0.000
verification_required true
message Nouvel appareil détecté. Un email de vérification a été envoyé.
device_info.device_name Windows - Chrome
device_info.device_type desktop
device_info.browser Chrome
And a device verification email should be sent 0.000
And the security log should contain "DEVICE_VERIFICATION_REQUIRED" 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.001
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.178
Scenario Successful authentication with verified device
Steps
Given a valid user with an already verified device 0.000
And the user credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And the same device headers as during initial registration 0.000
When I send a POST request to "/admin/token/" 0.178
Then I should receive HTTP status code 200 0.000
org.opentest4j.AssertionFailedError: 
org.opentest4j.AssertionFailedError: Expected status code 200 but got 403 ==> expected: <200> but was: <403>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:150)
	at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:563)
	at com.klivar.backend_test.steps.auth.AuthServiceSteps.iShouldReceiveHttpStatusCode(AuthServiceSteps.java:253)
	at ✽.I should receive HTTP status code 200(classpath:features/Auth.feature:38)
And the response should contain valid JWT tokens: 0.000
access [JWT token]
refresh [JWT token]
And the response should include device security information: 0.000
device_security.device_verified true
device_security.network_changed false
device_security.login_count [number]
And the audit log should contain "API_SUCCESS" 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.178
Scenario Authentication attempt with locked device
Steps
Given a user with a locked device 0.000
And the user credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And the request headers for the locked device 0.000
When I send a POST request to "/admin/token/" 0.177
Then I should receive HTTP status code 451 0.000
org.opentest4j.AssertionFailedError: 
org.opentest4j.AssertionFailedError: Expected status code 451 but got 403 ==> expected: <451> but was: <403>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:150)
	at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:563)
	at com.klivar.backend_test.steps.auth.AuthServiceSteps.iShouldReceiveHttpStatusCode(AuthServiceSteps.java:253)
	at ✽.I should receive HTTP status code 451(classpath:features/Auth.feature:55)
And the response should contain: 0.000
error UNAVAILABLE_FOR_LEGAL_REASONS
message Cet appareil a été verrouillé pour des raisons de sécurité.
contact_support true
status_code 451
And the security log should contain "UNAVAILABLE_FOR_LEGAL_REASONS" 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.178
Scenario Network change detection for verified device
Steps
Given a user with a verified device 0.000
And the device has been used from IP "102.244.98.235" 0.000
And the user credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And a new IP address in headers: 0.000
X-Forwarded-For 203.156.89.142
When I send a POST request to "/admin/token/" 0.176
Then I should receive HTTP status code 200 0.000
org.opentest4j.AssertionFailedError: 
org.opentest4j.AssertionFailedError: Expected status code 200 but got 403 ==> expected: <200> but was: <403>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:150)
	at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:563)
	at com.klivar.backend_test.steps.auth.AuthServiceSteps.iShouldReceiveHttpStatusCode(AuthServiceSteps.java:253)
	at ✽.I should receive HTTP status code 200(classpath:features/Auth.feature:72)
And the response should contain valid JWT tokens 0.000
And the response should include: 0.000
device_security.network_changed true
And a network change notification email should be sent 0.000
And the security log should contain "NETWORK_CHANGE_DETECTED" 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.178
Scenario Authentication with invalid credentials
Steps
Given invalid user credentials: 0.000
username invalid@example.com
password wrongpassword
And standard device headers 0.000
When I send a POST request to "/admin/token/" 0.177
Then I should receive HTTP status code 401 0.000
And the response should contain authentication error 0.000
org.opentest4j.AssertionFailedError: 
org.opentest4j.AssertionFailedError: Response should contain error message ==> expected: <true> but was: <false>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertTrue.failNotTrue(AssertTrue.java:63)
	at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:36)
	at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:214)
	at com.klivar.backend_test.steps.auth.AuthServiceSteps.theResponseShouldContainAuthenticationError(AuthServiceSteps.java:364)
	at ✽.the response should contain authentication error(classpath:features/Auth.feature:86)
And no device tracking should occur 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Device tracking error handling
Steps
Given valid user credentials 0.000
And standard device headers 0.000
And the device tracking system is unavailable 0.000
When I send a POST request to "/admin/token/" 0.000
Then I should receive HTTP status code 500 0.000
And the response should contain: 0.000
error DEVICE_TRACKING_ERROR
message Une erreur est survenue lors de la vérification de sécurité.
status_code 500
And the error log should contain "DEVICE_TRACKING_ERROR" 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.001
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Outline Authentication with different device types
Steps
Given a valid user with credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And device headers for "iPhone": 0.000
User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Mobile/15E148 Safari/604.1
When I send a POST request to "/admin/token/" 0.000
Then I should receive HTTP status code 423 0.000
And the detected device should have: 0.000
device_type mobile
os_name iOS
browser Mobile Safari
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Outline Authentication with different device types
Steps
Given a valid user with credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And device headers for "Android": 0.000
User-Agent Mozilla/5.0 (Linux; Android 13; SM-G998B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36
When I send a POST request to "/admin/token/" 0.000
Then I should receive HTTP status code 423 0.000
And the detected device should have: 0.000
device_type mobile
os_name Android
browser Chrome Mobile
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Outline Authentication with different device types
Steps
Given a valid user with credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And device headers for "Windows PC": 0.000
User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
When I send a POST request to "/admin/token/" 0.000
Then I should receive HTTP status code 423 0.000
And the detected device should have: 0.000
device_type desktop
os_name Windows
browser Chrome
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Outline Authentication with different device types
Steps
Given a valid user with credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And device headers for "macOS": 0.000
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
When I send a POST request to "/admin/token/" 0.000
Then I should receive HTTP status code 423 0.000
And the detected device should have: 0.000
device_type desktop
os_name Mac OS X
browser Chrome
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Outline Authentication with different device types
Steps
Given a valid user with credentials: 0.000
username gidewik536@ingitel.com
password !Klivardev1
And device headers for "iPad": 0.000
User-Agent Mozilla/5.0 (iPad; CPU OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Mobile/15E148 Safari/604.1
When I send a POST request to "/admin/token/" 0.000
Then I should receive HTTP status code 423 0.000
And the detected device should have: 0.000
device_type tablet
os_name iOS
browser Mobile Safari
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Multiple IP addresses in X-Forwarded-For header
Steps
Given a valid user with credentials 0.000
And the following forwarded IP chain: 0.000
X-Forwarded-For 102.244.98.235, 192.168.1.1, 10.0.0.1
When I send a POST request to "/admin/token/" 0.000
Then the system should use the first public IP "102.244.98.235" 0.000
And device tracking should use this IP for fingerprinting 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Request logging and audit trail
Steps
Given a valid user with a verified device 0.000
When I send a POST request to "/admin/token/" 0.000
Then the following logs should be created: 0.000
log_type log_level message_pattern
audit INFO API_START POST /admin/token/
audit INFO API_SUCCESS POST /admin/token/
security INFO DEVICE_UPDATED
And the logs should include: 0.000
user_ip 102.244.98.235
username testuser@example.com
duration [execution_time]
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.001
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Slow request detection
Steps
Given a valid user with credentials 0.000
And the authentication process takes more than 2 seconds 0.000
When I send a POST request to "/admin/token/" 0.000
Then a slow request warning should be logged: 0.000
log_level WARNING
message SLOW_REQUEST POST /admin/token/
And the duration should be included in the log 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario File upload validation during authentication
Steps
Given a user attempting authentication 0.000
And the request includes file uploads 0.000
When I send a POST request to "/admin/token/" 0.000
Then file validation should be performed 0.000
And only allowed file types should be accepted: 0.000
extensions .jpg, .jpeg, .png, .gif, .csv, .txt, .doc, .docx, .pdf
mime_types image/jpeg, image/png, image/gif, text/csv, text/plain, application/msword, application/vnd.openxmlformats-officedocument.wordprocessingml.document, application/pdf
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000
0.000
Given the API endpoint is "/admin/token/" 0.000
And the request method is "POST" 0.000
And the content type is "application/json" 0.000
0.000
Scenario Security headers validation
Steps
Given a successful authentication request 0.000
When I receive the response 0.000
Then the response should include appropriate security information 0.000
And sensitive data should be masked in logs 0.000
And request body logging should exclude password fields 0.000
After com.klivar.backend_test.steps.auditeur.comment.CommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.followUp.FollowUpSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.test.TestSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.mission.MissionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.missionType.MissionTypeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.planEvaluation.PlanEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.ficheEvaluation.FicheEvaluationCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.document.DocumentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.avis.AvisSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.compteRendu.CompteRenduSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.RecommendationClusterAnswerSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterCommentSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterObservationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.cluster.ClusterSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.recommendation.RecommendationSteps.cleanup() 0.000
After com.klivar.backend_test.steps.auditeur.demande.DemandeSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.TaskSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.decision.DecisionSteps.cleanup() 0.000
After com.klivar.backend_test.steps.boardMember.instance.InstanceSteps.cleanup() 0.000