Add account lockout test

tests/hawtio-test-suite/src/main/java/io/hawt/tests/features/pageobjects/pages/LoginPage.java

@@ -1,19 +1,20 @@
 package io.hawt.tests.features.pageobjects.pages;
 
-import static com.codeborne.selenide.Condition.editable;
-import static com.codeborne.selenide.Condition.enabled;
-import static com.codeborne.selenide.Condition.exist;
-import static com.codeborne.selenide.Condition.visible;
-import static com.codeborne.selenide.Selenide.$;
-
-import org.assertj.core.api.Assertions;
-
+import com.codeborne.selenide.Selenide;
 import com.codeborne.selenide.SelenideElement;
 import com.codeborne.selenide.WebDriverRunner;
 import com.codeborne.selenide.ex.ElementNotFound;
+import org.assertj.core.api.Assertions;
+import org.openqa.selenium.support.ui.ExpectedConditions;
 
 import java.time.Duration;
 
+import static com.codeborne.selenide.Condition.editable;
+import static com.codeborne.selenide.Condition.enabled;
+import static com.codeborne.selenide.Condition.exist;
+import static com.codeborne.selenide.Condition.visible;
+import static com.codeborne.selenide.Selenide.$;
+
 /**
  * Represents a Login page.
  */
@@ -23,22 +24,35 @@ public class LoginPage {
     private final static SelenideElement passwordInput = $("#pf-login-password-id");
     private final static SelenideElement loginButton = $("button[type='submit']");
 
+
     /**
      * Login to hawtio as given user with given password.
      */
+
     public void login(String username, String password) {
         try {
+            Selenide.Wait().until(ExpectedConditions.visibilityOf(loginButton));
             loginDiv.shouldBe(visible, Duration.ofSeconds(5)).should(exist);
             loginInput.shouldBe(editable).setValue(username);
             passwordInput.shouldBe(editable).setValue(password);
             loginButton.shouldBe(enabled).click();
+
         } catch (ElementNotFound e) {
             Assertions.assertThat(WebDriverRunner.url())
                 .withFailMessage(() -> "Failed to login on login page: " + e)
                 .doesNotContain("login");
         }
     }
 
+    public void throttling(String username, String invalidPassword) {
+
+        Selenide.Wait().until(ExpectedConditions.visibilityOf(loginButton));
+        loginInput.shouldBe(editable).setValue(username);
+        passwordInput.shouldBe(editable).setValue(invalidPassword);
+        loginButton.shouldBe(enabled).click();
+
+    }
+
     /**
      * Check whether the Login page is open and active
      */

tests/hawtio-test-suite/src/main/java/io/hawt/tests/features/stepdefinitions/security/ThrottlingStepDefs.java

@@ -0,0 +1,37 @@
+package io.hawt.tests.features.stepdefinitions.throttling;
+
+import io.cucumber.java.en.Given;
+import io.cucumber.java.en.Then;
+import io.cucumber.java.en.When;
+import io.hawt.tests.features.pageobjects.pages.LoginPage;
+import io.hawt.tests.features.setup.LoginLogout;
+import org.openqa.selenium.By;
+
+import static com.codeborne.selenide.Condition.text;
+import static com.codeborne.selenide.Selenide.$;
+
+public class ThrottlingStepDefs {
+    private final LoginPage loginPage = new LoginPage();
+    private static final By WARNING = By.cssSelector("p.pf-c-form__helper-text.pf-m-error");
+
+    @Given("User is on Login page")
+    public void userIsOnLoginPage() {
+        LoginLogout.logout();
+        loginPage.loginPageIsOpened();
+    }
+
+    @When("the user attempts to log in with incorrect credentials {int} times")
+    public void theUserAttemptsToLogInWithIncorrectCredentialsTimes(int attempts) {
+        for (int i = 0; i < attempts; i++) {
+            loginPage.throttling("username", "invalid");
+        }
+
+    }
+
+    @Then("the user should see a message indicating account lockout for {int} second(s)")
+    public void theUserShouldSeeAMessageIndicatingAccountLockoutForIntSeconds(int seconds) {
+        $(WARNING).shouldHave(text("Login attempt blocked. Retry after " + seconds));
+    }
+
+}
+

tests/hawtio-test-suite/src/test/resources/io/hawt/tests/features/security/throttling.feature

@@ -0,0 +1,8 @@
+Feature: Account Lockout (Throttling)
+
+  Scenario: User account gets locked out after multiple failed login attempts
+    Given User is on Login page
+    When the user attempts to log in with incorrect credentials 5 times
+    Then the user should see a message indicating account lockout for 1 second
+    When the user attempts to log in with incorrect credentials 2 times
+    Then the user should see a message indicating account lockout for 3 seconds