You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scenario: User authentication and session management.
Given an authenticated user connection.
When the user wishes to terminate the connection gracefully,
Then they should be presented a message saying farewell.
And their connection should be terminated.
When the user sits idle with no I/O for a given period of time,
Then they should be presented a message saying good riddance.
And their connection should be terminated.
When a member of Staff adds the user to a blacklist
Then the user should be presented a blacklist message.
And their connection should be terminated.
And the relevant details of the act should be sent to an audit log.
Given an anonymous user connection.
And an existing account.
When authentication is requested by a non-VIP while VIP is enabled:
Or invalid VIP credentials are provided while VIP is enabled:
Then the request should fail.
And no session should persist.
And the user should be notified of the reason.
And the user should be disconnected.
When authentication is requested with invalid credentials while VIP is disabled:
Then the request should fail.
And no session should persist.
And the user should be given three opportunities before being disconnected.
And a notice should be written to an audit log.
When authentication is requested with valid credentials while VIP is disabled:
And the user is present on a blacklist
Then the request should fail.
And no session should persist.
And the user should be notified of the reason.
And notice should be written to an audit log.
And they should be disconnected.
Or valid VIP credentials are provided while VIP is enabled:
Then the request should succeed.
And the account should be logged in.
And the act logged to an audit log, ensuring sensitive materials are not stored.
And no account exists.
When attempting to create a character with an invalid or reserved name:
Or attempting to create a character with a name that already exists:
Then the request should fail.
And the user should be given a message advising they have selected an invalid user name.
And the connection should remain open for successive attempts.
When attempting to create a character with a password below minimum requirements:
Or attempting to create a character with data reaching malicious levels of memory consumption:
Then the request should fail.
And the user should be given a message advising them of password requirements.
And the user should be prompted to enter a valid password at most 3 times before being disconnected.
When attempting to create a character with valid credentials
Then the request should succeed.
And the account should be logged in.
And the act logged to an audit log, ensuring sensitive materials are not stored.
And their email should be confirmed.
And character creation has been disabled
Or VIP access is enabled:
Then the request should fail.
And no session should persist.
And the user should be notified of the reason.
And the user should be disconnected.
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: