From 6e49e0944609c0f2fec9961263b2b972b84242f5 Mon Sep 17 00:00:00 2001
From: Matt H <matt_henderson@sil.org>
Date: Thu, 30 May 2024 14:38:18 -0400
Subject: [PATCH] Test both cases (right/wrong password for WebAuthn MFA API)

---
 application/features/authentication.feature           | 11 ++++++++---
 .../features/bootstrap/AuthenticationContext.php      |  8 ++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/application/features/authentication.feature b/application/features/authentication.feature
index 9c5cb8aa..12714977 100644
--- a/application/features/authentication.feature
+++ b/application/features/authentication.feature
@@ -295,13 +295,18 @@ Feature: Authentication
     And The user's current password should be marked as pwned
     And The user's password is expired
 
-  Scenario: Successfully authenticate even though WebAuthn MFA API is down
+  Scenario Outline: Successfully authenticate even though WebAuthn MFA API is down
     Given "shep_clark" has a valid WebAuthn MFA method
       And I provide the following valid data:
         | property  | value        |
         | username  | shep_clark   |
         | password  | govols!!!    |
-      But we have the wrong password for the WebAuthn MFA API
+      And we have the <rightOrWrongPassword> for the WebAuthn MFA API
     When I request "/authentication" be created
     Then the response status code should be 200
-      But the response body should not contain "publicKey"
+      And the response body should <containPublicKeyOrNot>
+
+    Examples:
+      | rightOrWrongPassword | containPublicKeyOrNot   |
+      | wrong password       | not contain "publicKey" |
+      | right password       | contain "publicKey"     |
diff --git a/application/features/bootstrap/AuthenticationContext.php b/application/features/bootstrap/AuthenticationContext.php
index 7c7c6103..e92359d3 100644
--- a/application/features/bootstrap/AuthenticationContext.php
+++ b/application/features/bootstrap/AuthenticationContext.php
@@ -84,4 +84,12 @@ protected function setWebAuthnApiSecretTo(string $newPlainTextApiSecret)
             'TableName' => Env::get('API_KEY_TABLE'),
         ]);
     }
+
+    /**
+     * @Given we have the right password for the WebAuthn MFA API
+     */
+    public function weHaveTheRightPasswordForTheWebauthnMfaApi()
+    {
+        $this->setWebAuthnApiSecretTo(Env::get('MFA_WEBAUTHN_apiSecret'));
+    }
 }