diff options
Diffstat (limited to 'tests/integration/features/conversation/bruteforce-protection.feature')
-rw-r--r-- | tests/integration/features/conversation/bruteforce-protection.feature | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/tests/integration/features/conversation/bruteforce-protection.feature b/tests/integration/features/conversation/bruteforce-protection.feature index ce0880977..7f15ee33c 100644 --- a/tests/integration/features/conversation/bruteforce-protection.feature +++ b/tests/integration/features/conversation/bruteforce-protection.feature @@ -63,7 +63,6 @@ Feature: conversation/bruteforce-protection Then the following brute force attempts are registered And disable brute force protection - # Note: This test takes quite long … Scenario: User gets blocked after some attempts Given enable brute force protection Then the following brute force attempts are registered @@ -81,3 +80,20 @@ Feature: conversation/bruteforce-protection Then the following brute force attempts are registered | talkRoomToken | 11 | And disable brute force protection + + Scenario: Prevent brute forcing on an endpoint that is not meant to handle the password + Given enable brute force protection + And user "participant1" creates room "room" (v4) + | roomType | 3 | + | roomName | room | + And user "participant1" sets password "foobar" for room "room" with 200 (v4) + Then the following brute force attempts are registered + And user "participant2" joins room "room" with 403 (v4) + Then the following brute force attempts are registered + | talkRoomPassword | 1 | + When user "participant2" views URL "apps/spreed" with query parameters and status code 200 + | token | room | + | password | foobar | + Then the following brute force attempts are registered + | talkRoomPassword | 1 | + And disable brute force protection |