# Authentication Feature - Test Cases **Feature Branch:** feature/login **Date:** 2026-01-28 **Tester:** _______________ --- ## Pre-Test Setup - [ ] Backend server running on port 3001 - [ ] Frontend server running on port 3000 - [ ] Database has been set up with `node setup.js` - [ ] Can access http://[SERVER_IP]:3000 in browser --- ## 1. Login Page Display | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 1.1 | Navigate to app URL when not logged in | Login page displays | | | 1.2 | Login page shows username field | Field is visible and editable | | | 1.3 | Login page shows password field | Field is visible and editable | | | 1.4 | Login page shows "Sign In" button | Button is visible | | | 1.5 | Default credentials hint is shown | Shows "admin / admin123" | | --- ## 2. Login Functionality | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 2.1 | Login with valid credentials (admin/admin123) | Redirects to dashboard | | | 2.2 | Login with invalid username | Shows "Invalid username or password" | | | 2.3 | Login with invalid password | Shows "Invalid username or password" | | | 2.4 | Login with empty username | Form validation prevents submit | | | 2.5 | Login with empty password | Form validation prevents submit | | | 2.6 | Press Enter in password field | Submits form (same as clicking Sign In) | | --- ## 3. Session Persistence | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 3.1 | Refresh page after login | Stays logged in, dashboard displays | | | 3.2 | Open new browser tab to same URL | Already logged in | | | 3.3 | Close browser, reopen, navigate to app | Still logged in (within 24hrs) | | --- ## 4. Logout | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 4.1 | Click user menu in header | Dropdown menu appears | | | 4.2 | Click "Sign Out" in dropdown | Returns to login page | | | 4.3 | After logout, try to access dashboard URL directly | Redirects to login page | | | 4.4 | After logout, check browser cookies | session_id cookie is cleared | | --- ## 5. User Menu Display | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 5.1 | User menu shows username | Displays "admin" | | | 5.2 | User menu shows role | Displays "admin" role | | | 5.3 | User menu dropdown shows email | Shows admin@localhost | | | 5.4 | Admin user sees "Manage Users" option | Option is visible | | --- ## 6. Role-Based UI - Admin Role *Login as: admin/admin123* | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 6.1 | "Add CVE/Vendor" button in header | Visible | | | 6.2 | "Upload Document" button on CVE records | Visible | | | 6.3 | "Delete" button on documents | Visible | | | 6.4 | "Manage Users" in user menu | Visible | | | 6.5 | Can open User Management panel | Panel opens | | --- ## 7. User Management (Admin) *Login as: admin/admin123* | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 7.1 | Open User Management panel | Shows list of users | | | 7.2 | Click "Add User" button | Add user form appears | | | 7.3 | Create user: editor1 / editor1@test.com / password123 / Editor | User created successfully | | | 7.4 | Create user: viewer1 / viewer1@test.com / password123 / Viewer | User created successfully | | | 7.5 | Edit existing user (change email) | Changes saved | | | 7.6 | Toggle user active status | Status changes | | | 7.7 | Delete a user (not self) | User deleted | | | 7.8 | Try to delete own account | Error: "Cannot delete your own account" | | | 7.9 | Try to deactivate own account | Error: "Cannot deactivate your own account" | | | 7.10 | Try to remove own admin role | Error: "Cannot remove your own admin role" | | | 7.11 | Create duplicate username | Error: "Username or email already exists" | | --- ## 8. Role-Based UI - Editor Role *Logout and login as: editor1/password123* | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 8.1 | "Add CVE/Vendor" button in header | Visible | | | 8.2 | "Upload Document" button on CVE records | Visible | | | 8.3 | "Delete" button on documents | NOT visible | | | 8.4 | "Manage Users" in user menu | NOT visible | | | 8.5 | Can add a new CVE | CVE created successfully | | | 8.6 | Can upload a document | Document uploaded successfully | | --- ## 9. Role-Based UI - Viewer Role *Logout and login as: viewer1/password123* | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 9.1 | "Add CVE/Vendor" button in header | NOT visible | | | 9.2 | "Upload Document" button on CVE records | NOT visible | | | 9.3 | "Delete" button on documents | NOT visible | | | 9.4 | "Manage Users" in user menu | NOT visible | | | 9.5 | Can view CVE list | CVEs display correctly | | | 9.6 | Can view documents (click View) | Documents accessible | | | 9.7 | Can use Quick CVE Status Check | Search works | | | 9.8 | Can use filters (vendor, severity) | Filters work | | --- ## 10. Deactivated User *As admin, deactivate viewer1 account* | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 10.1 | Try to login as deactivated user | Error: "Account is disabled" | | | 10.2 | Reactivate user (as admin) | User can login again | | --- ## 11. Error Handling | # | Test Case | Expected Result | Pass/Fail | |---|-----------|-----------------|-----------| | 11.1 | Stop backend, try to login | Shows "Failed to fetch" or connection error | | | 11.2 | Backend returns 500 error | Error message displayed to user | | --- ## Sign-Off | Role | Name | Date | Signature | |------|------|------|-----------| | Tester | | | | | Developer | | | | ### Notes / Issues Found: ``` ``` ### Final Status: [ ] PASS [ ] FAIL