dox Executable Documentation

Authentication

Users can authenticate using their email address and a one-time-password sent via email. Sessions are valid for a long time to avoid frequent re-login.

The email address is used to identify a user. Thus no registration is necessary.

Redirect to login resource

Given the root resource throws a NotLoggedInException::$CLASS
When I get the resource ''
Then I should be redirected to 'http://xkdl/auth'

Send token by mail

Given the next randomly generated string is 'myChallenge'
Given the next randomly generated string is 'password'
Given I have entered the email 'foo@bar.baz'
When I request a login token
Then an email should be sent to 'foo@bar.baz' containing 'http://xkdl/auth?method=login'
Then an email should be sent to 'foo@bar.baz' containing the token 'password' after 'myChallenge'
Then there should be a response for 'myChallenge' with the token 'password' for 'foo@bar.baz'
Then 'created foo@bar.baz' should be logged
Then the response body should contain 'myChallenge'

Successful login

Given a challenge 'theChallenge' with the token 'theToken' was created for 'Foo@Bar.baz'
Given the next randomly generated string is 'nextChallenge'
When I login with the response of 'theChallenge' and the token 'theToken'
Then I should be logged in as 'foo@bar.baz'
Then there should be a response for 'nextChallenge' with the token 'theToken' after 'theChallenge' for 'Foo@Bar.baz'
Then 'login Foo@Bar.baz' should be logged
Then the response body should contain 'nextChallenge'

Wrong token

Given a challenge 'foobar' with the token 'password' was created for 'foo@bar.baz'
When I try to login with the response of 'foobar' and the token 'wrong'
Then an error with the status WebResponse::STATUS_UNAUTHORIZED should occur
Then I should not be logged in
Then there should be a response for 'foobar' with the token 'password' for 'foo@bar.baz'
Then 'Invalid login' should be logged

Time out

Given a challenge 'challenge' with the token 'password' was created for 'foo@bar.baz' '5 minutes 1 second ago'
When I try to login with the response of 'challenge' and the token 'password'
Then an error with the status WebResponse::STATUS_UNAUTHORIZED should occur
Then I should not be logged in
Then there should be no tokens
Then 'Login timed out for foo@bar.baz' should be logged

Logout

Given a challenge 'theChallenge' with the token 'theToken' was created for 'Foo@Bar.baz'
When I login with the response of 'theChallenge' and the token 'theToken'
When I log out
Then I should not be logged in
Then there should be no tokens
Then 'logout Foo@Bar.baz' should be logged
Then I should be redirected to 'http://xkdl'