http://wiki.github.com/dchelimsky/rspec/rails
Feature: CSR account management
In order to manage dispute calls
As a CSR
I want to create an account to login to the system
Scenario: Successful account creation
Given a login with "csr@somedomain.com" and password "secret"
And login is the same as email address
When I provide my login and desired password
Then I should receive an account activation email at "csr@somedomain.com"
Scenario: Successful account activation
Given a valid activation link "http://www.somedomain.com/activation-string-for-csr"
When I follow the activation link
Then my account should be activated
And I should be able to login using the login credentials provided during registration
Scenario: Successful login
Given a valid user name "csr@somedomain.com" and password "secret"
When I provide my login credentials
Then I should be logged in to my account with CSR role
And I should be able to add additional users with CSR role
Scenario: Forgot password
Given a valid user name "csr@somedomain.com"
And I follow forgot password link
When I provide my email that I used during account registration
Then I should receive a link to reset my password
And I should be redirected to password recovery instructions page
Scenario: Reset Password
Given a valid reset password link "csr@somedomain.com" for my account in the password reset email
When I follow the reset password link
Then I should be able to provide a new password and confirm password
And I should be able to login with my new password
And the system sends password reset confirmation link for security purpose
Scenario: Change the login id for logging into the system
Given a valid login id "csr@somedomain.com"
When I provide my new desired login id "csr@newdomain.com"
Then I should be able to login using my new login id "csr@newdomain.com"
Scenario: Add new CSR account
Given a CSR is logged-in
When I provide new account details with valid login "newbie@something.com", password "verysecret" and confirm password "verysecret"
Then the system should send account activation email to the new csr's email address (login id)
Scenario: Successful logout
Given a valid user name "csr@somedomain.com" and password "secret"
When I logout
Then the system should log me out of the system
And I should not be able to use the features available only to logged in users
Scenario: Features only available to logged in users
Given a user is logged in
When I go to my dashboard
Then I should be able to add new account, update my login id, search, forgot password and logout
Scenario: Features not available to users who are not logged in
Given a user is not logged in
When they access the CSR application
Then I should not be able to add new account, update login id, search and logout
And I should be able to login and also use forgot password feature
Scenario: Failed account creation
Given a login with characters that is not in the whitelist
When I provide my login (email address) and password
Then I should not receive an account activation email
And I should get an error message stating the password policy (8 to 40 characters in length with list of allowed characters)
And the system prevents SQL inject attacks
Scenario: Automatic login
Given a valid login and the user enables remember me feature
When I login
Then I should be logged in automatically on subsequent visits to the site
Scenario Outline: Failed Login
Given the login id is "
When I enter "
Then the error message should be "
Scenarios: wrong login credentials
| login | password | error |
| wrong email | correct password | Email not found |
| correct email | wrong password | Wrong password |
| wrong email | wrong password | Login and Password does not match |
