# frozen_string_literal: true
require "spec_helper"

feature "broken_auth" do
  before do
    UserFixture.reset_all_users
    @normal_user = UserFixture.normal_user
  end

  scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
    visit "/"
    within(".signup") do
      fill_in "email", with: @normal_user.email + "not"
      fill_in "password", with: @normal_user.clear_password
    end
    within(".actions") do
      click_on "Login"
    end
    pending if verifying_fixed?
    expect(find("div#flash_notice").text).to eq("#{@normal_user.email}not doesn't exist!")
  end

  scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
    visit "/"
    within(".signup") do
      fill_in "email", with: @normal_user.email
      fill_in "password", with: @normal_user.clear_password + "not"
    end
    within(".actions") do
      click_on "Login"
    end
    pending if verifying_fixed?
    expect(find("div#flash_notice").text).to eq("Incorrect Password!")
  end
end