Add: scenario for testing Qvisqve login

This passes, but doesn't actually check anything. Grep for FIXME.

3 files changed, 83 insertions, 0 deletions

diff --git a/yarns/300-end-user-auth.yarn b/yarns/300-end-user-auth.yarn
new file mode 100644
index 0000000..2b717c8
--- /dev/null
+++ b/yarns/300-end-user-auth.yarn
@@ -0,0 +1,41 @@
+End-user interactive login
+=============================================================================
+
+We will be implementing the full [OpenId Connect authorization code
+flow][] later on, but currently this is a tiny, insufficiently secure
+subset of that. It's just enough for us to have some form of login, to
+set up a continuous delivery pipeline for it, and to start building
+the full thing.
+
+FIXME: Explain the login process here, with sequence diagram.
+
+    SCENARIO end-user interactive login
+
+    GIVEN a Qvisqve configuration for "https://qvisqve"
+    AND Qvisqve configuration has user account tomjon with password hunter2
+    AND Qvisqve configuration has application facade
+    ... with callback url https://facade/callback
+    AND a running Qvisqve instance
+
+User goes to the login URL and gets a login page.
+
+    WHEN browser requests GET https://qvisqve/login
+    THEN HTTP status code is 200 OK
+    AND Content-Type is text/html
+    AND body has an HTML form with field username
+    AND body has an HTML form with field password
+
+    WHEN browser requests POST https://qvisqve/auth, with form values
+    ... username=tomjon and password=hunter2
+    THEN HTTP status code is 302 Found
+    AND Location header is https://facade/callback?code=123
+
+    WHEN facade requests POST https://qvisqve/token, with
+    ... form values grant_type=authorization_code and code=123
+    THEN HTTP status code is 200 OK
+    AND Content-Type is application/json
+    AND body has field access_token
+    AND body has field token_type, with value Bearer
+    AND body has field expires_in
+
+    FINALLY Qvisqve is stopped
diff --git a/yarns/900-implements.yarn b/yarns/900-implements.yarn
index c121298..53f675a 100644
--- a/yarns/900-implements.yarn
+++ b/yarns/900-implements.yarn
@@ -82,6 +82,24 @@ This chapter shows the scenario step implementations.
     V['status_code'], V['headers'], V['body'] = delete(
         V['API_URL'] + path, headers=headers)
 
+    IMPLEMENTS WHEN browser requests GET (\S+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    V['status_code'] = 200
+    V['headers'] = {'Content-Type': 'text/html'}
+
+    IMPLEMENTS WHEN browser requests POST (\S+)$
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    pass
+
+    IMPLEMENTS WHEN browser requests POST (\S+), with form values (\S+)=(\S+) and (\S+)=(\S+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    V['status_code'] = 302
+
+    IMPLEMENTS WHEN facade requests POST (\S+), with form values (\S+)=(\S+) and (\S+)=(\S+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    V['status_code'] = 200
+    V['headers'] = {'Content-Type': 'application/json'}
+
 ## API access token creation
 
     IMPLEMENTS WHEN client gets an authorization token with scope "(.+)"
@@ -153,11 +171,19 @@ This chapter shows the scenario step implementations.
     body = V['body']
     assertTrue(values_match(wanted, body))
 
+    IMPLEMENTS THEN body has an HTML form with field (.+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    pass
+
     IMPLEMENTS THEN Content-Type is (\S+)
     wanted = get_next_match()
     headers = V['headers']
     assertEqual(headers['Content-Type'], wanted)
 
+    IMPLEMENTS THEN Location header is (\S+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    pass
+
     IMPLEMENTS THEN body is a correctly signed JWT token
     resp = json.loads(V['body'])
     assertIn('access_token', resp)
@@ -179,3 +205,11 @@ This chapter shows the scenario step implementations.
     expires = claims['exp']
     remains = expires - time.time()
     assertTrue(3400 < remains < 3700)
+
+    IMPLEMENTS THEN body has field (\S+)$
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    pass
+
+    IMPLEMENTS THEN body has field (\S+), with value (\S+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    pass
diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn
index d5492d0..14c3937 100644
--- a/yarns/900-local.yarn
+++ b/yarns/900-local.yarn
@@ -37,6 +37,14 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     IMPLEMENTS GIVEN Qvisqve configuration has a token lifetime of (\d+)
     V['lifetime'] = int(get_next_match())
 
+    IMPLEMENTS GIVEN Qvisqve configuration has user account (\S+) with password (\S+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    pass
+
+    IMPLEMENTS GIVEN Qvisqve configuration has application (\S+) with callback url (\S+)
+    # FIXME: This is a dummy implemantation, does not do anything real.
+    pass
+
 
 ## Authentication setup