Improve 🥒 *must* fail if not implemented

cc @mattwr18

cypress/integration/ChangePassword.feature

@@ -1,14 +0,0 @@
-Feature: Change password
-  As a user
-  I want to change my password in my settings
-  Because this is a basic security feature, e.g. if I exposed my password by accident
-
-  Background: 
-    Given I have a user account
-    And I am logged in
-    And I am on the "settings" page
-  
-  Scenario: Change my password
-    Given I click on the "Security" link
-    Then I should be on the "Security" settings page
-    And I should be able to change my password

cypress/integration/common/settings.js

@@ -61,32 +61,3 @@ Then(
   'I can see my new name {string} when I click on my profile picture in the top right',
   name => matchNameInUserMenu(name)
 )
-
-When('I click on the {string} link', link => {
-  cy.get('a')
-    .contains(link)
-    .click()
-})
-
-Then('I should be on the {string} settings page', page => {
-  const pathname = `/settings/${page.toLowerCase()}`
-  cy.location()
-    .should(loc => {
-      expect(loc.pathname).to.eq(pathname)
-    })
-    .get('h3')
-    .should('contain', page)
-})
-
-Then('I should be able to change my password', () => {
-  cy.get('input[id=oldPassword]')
-    .type('1234')
-    .get('input[id=newPassword]')
-    .type('12345')
-    .get('input[id=confirmPassword]')
-    .type('12345')
-    .get('button')
-    .contains('Submit')
-    .get('.iziToast-message')
-    .should('contain', 'Password updated successfully.')
-})

cypress/integration/common/steps.js

@@ -5,7 +5,7 @@ import { getLangByName } from '../../support/helpers'
 
 let lastPost = {}
 
-const loginCredentials = {
+let loginCredentials = {
   email: 'peterpan@example.org',
   password: '1234'
 }
@@ -244,3 +244,43 @@ Then(
     cy.get('.error').should('contain', message)
   }
 )
+
+Given('my user account has the following login credentials:', table => {
+  loginCredentials = {
+    ...loginCredentials,
+    ...table.hashes()[0]
+  }
+  cy.factory().create('User', {
+    ...loginCredentials
+  })
+})
+
+When('I fill the password form with:', table => {
+  table = table.rowsHash()
+  cy.get('input[id=oldPassword]')
+    .type(table['Your old password'])
+    .get('input[id=newPassword]')
+    .type(table['Your new passsword'])
+    .get('input[id=confirmPassword]')
+    .type(table['Confirm new password'])
+})
+
+When('submit the form', () => {
+  cy.get('form').submit()
+})
+
+Then('I cannot login anymore with password {string}', password => {
+  cy.login({
+    ...loginCredentials,
+    ...{password}
+  })
+  cy.get('.iziToast-wrapper').should('contain', "Incorrect email or password")
+})
+
+Then('I can login successfully with password {string}', password => {
+  cy.login({
+    ...loginCredentials,
+    ...{password}
+  })
+  cy.get('.iziToast-wrapper').should('contain', "You are logged in!")
+})

cypress/integration/settings/ChangePassword.feature

@@ -0,0 +1,31 @@
+Feature: Change password
+  As a user
+  I want to change my password in my settings
+  For security, e.g. if I exposed my password by accident
+
+  Login via email and password is a well-known authentication procedure and you
+  can assure to the server that you are who you claim to be. Either if you
+  exposed your password by acccident and you want to invalidate the exposed
+  password or just out of an good habit, you want to change your password.
+
+  Background:
+    Given my user account has the following login credentials:
+      | email            | passsword |
+      | user@example.org | 1234      |
+    And I am logged in
+
+  Scenario: Change my password
+    Given I am on the "settings" page
+    And I click on "Security"
+    When I fill the password form with:
+      | Your old password    | 1234  |
+      | Your new passsword   | 12345 |
+      | Confirm new password | 12345 |
+    And submit the form
+    And I see a success message:
+    """
+    Password updated successfully
+    """
+    And I log out through the menu in the top right corner
+    Then I cannot login anymore with password "1234"
+    But I can login successfully with password "12345"