Feature: CSR account management
In order to manage dispute calls
As a CSR
I want to create an account to login to the system
Scenario: Successful account creation
Given a login with "" and password "secret"
And login is the same as email address
When I provide my login and desired password
Then I should receive an account activation email at ""
Scenario: Successful account activation
Given a valid activation link ""
When I follow the activation link
Then my account should be activated
And I should be able to login using the login credentials provided during registration
Scenario: Successful login
Given a valid user name "" and password "secret"
When I provide my login credentials
Then I should be logged in to my account with CSR role
And I should be able to add additional users with CSR role
Scenario: Forgot password
Given a valid user name ""
And I follow forgot password link
When I provide my email that I used during account registration
Then I should receive a link to reset my password
And I should be redirected to password recovery instructions page
Scenario: Reset Password
Given a valid reset password link "" for my account in the password reset email
When I follow the reset password link
Then I should be able to provide a new password and confirm password
And I should be able to login with my new password
And the system sends password reset confirmation link for security purpose
Scenario: Change the login id for logging into the system
Given a valid login id ""
When I provide my new desired login id ""
Then I should be able to login using my new login id ""
Scenario: Add new CSR account
Given a CSR is logged-in
When I provide new account details with valid login "", password "verysecret" and confirm password "verysecret"
Then the system should send account activation email to the new csr's email address (login id)
Scenario: Successful logout
Given a valid user name "" and password "secret"
When I logout
Then the system should log me out of the system
And I should not be able to use the features available only to logged in users
Scenario: Features only available to logged in users
Given a user is logged in
When I go to my dashboard
Then I should be able to add new account, update my login id, search, forgot password and logout
Scenario: Features not available to users who are not logged in
Given a user is not logged in
When they access the CSR application
Then I should not be able to add new account, update login id, search and logout
And I should be able to login and also use forgot password feature
Scenario: Failed account creation
Given a login with characters that is not in the whitelist
When I provide my login (email address) and password
Then I should not receive an account activation email
And I should get an error message stating the password policy (8 to 40 characters in length with list of allowed characters)
And the system prevents SQL inject attacks
Scenario: Automatic login
Given a valid login and the user enables remember me feature
When I login
Then I should be logged in automatically on subsequent visits to the site
Scenario Outline: Failed Login
Given the login id is "
" and password is "
When I enter "
" and "
Then the error message should be "
Scenarios: wrong login credentials
| login | password | error |
| wrong email | correct password | Email not found |
| correct email | wrong password | Wrong password |
| wrong email | wrong password | Login and Password does not match |