cve-dashboard/test_cases_auth.md

# Authentication Feature - Test Cases

**Feature Branch:** feature/login
**Date:** 2026-01-28
**Tester:** _______________

---

## Pre-Test Setup
- [ ] Backend server running on port 3001
- [ ] Frontend server running on port 3000
- [ ] Database has been set up with `node setup.js`
- [ ] Can access http://[SERVER_IP]:3000 in browser

---

## 1. Login Page Display
| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 1.1 | Navigate to app URL when not logged in | Login page displays | |
| 1.2 | Login page shows username field | Field is visible and editable | |
| 1.3 | Login page shows password field | Field is visible and editable | |
| 1.4 | Login page shows "Sign In" button | Button is visible | |
| 1.5 | Default credentials hint is shown | Shows "admin / admin123" | |

---

## 2. Login Functionality
| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 2.1 | Login with valid credentials (admin/admin123) | Redirects to dashboard | |
| 2.2 | Login with invalid username | Shows "Invalid username or password" | |
| 2.3 | Login with invalid password | Shows "Invalid username or password" | |
| 2.4 | Login with empty username | Form validation prevents submit | |
| 2.5 | Login with empty password | Form validation prevents submit | |
| 2.6 | Press Enter in password field | Submits form (same as clicking Sign In) | |

---

## 3. Session Persistence
| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 3.1 | Refresh page after login | Stays logged in, dashboard displays | |
| 3.2 | Open new browser tab to same URL | Already logged in | |
| 3.3 | Close browser, reopen, navigate to app | Still logged in (within 24hrs) | |

---

## 4. Logout
| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 4.1 | Click user menu in header | Dropdown menu appears | |
| 4.2 | Click "Sign Out" in dropdown | Returns to login page | |
| 4.3 | After logout, try to access dashboard URL directly | Redirects to login page | |
| 4.4 | After logout, check browser cookies | session_id cookie is cleared | |

---

## 5. User Menu Display
| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 5.1 | User menu shows username | Displays "admin" | |
| 5.2 | User menu shows role | Displays "admin" role | |
| 5.3 | User menu dropdown shows email | Shows admin@localhost | |
| 5.4 | Admin user sees "Manage Users" option | Option is visible | |

---

## 6. Role-Based UI - Admin Role
*Login as: admin/admin123*

| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 6.1 | "Add CVE/Vendor" button in header | Visible | |
| 6.2 | "Upload Document" button on CVE records | Visible | |
| 6.3 | "Delete" button on documents | Visible | |
| 6.4 | "Manage Users" in user menu | Visible | |
| 6.5 | Can open User Management panel | Panel opens | |

---

## 7. User Management (Admin)
*Login as: admin/admin123*

| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 7.1 | Open User Management panel | Shows list of users | |
| 7.2 | Click "Add User" button | Add user form appears | |
| 7.3 | Create user: editor1 / editor1@test.com / password123 / Editor | User created successfully | |
| 7.4 | Create user: viewer1 / viewer1@test.com / password123 / Viewer | User created successfully | |
| 7.5 | Edit existing user (change email) | Changes saved | |
| 7.6 | Toggle user active status | Status changes | |
| 7.7 | Delete a user (not self) | User deleted | |
| 7.8 | Try to delete own account | Error: "Cannot delete your own account" | |
| 7.9 | Try to deactivate own account | Error: "Cannot deactivate your own account" | |
| 7.10 | Try to remove own admin role | Error: "Cannot remove your own admin role" | |
| 7.11 | Create duplicate username | Error: "Username or email already exists" | |

---

## 8. Role-Based UI - Editor Role
*Logout and login as: editor1/password123*

| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 8.1 | "Add CVE/Vendor" button in header | Visible | |
| 8.2 | "Upload Document" button on CVE records | Visible | |
| 8.3 | "Delete" button on documents | NOT visible | |
| 8.4 | "Manage Users" in user menu | NOT visible | |
| 8.5 | Can add a new CVE | CVE created successfully | |
| 8.6 | Can upload a document | Document uploaded successfully | |

---

## 9. Role-Based UI - Viewer Role
*Logout and login as: viewer1/password123*

| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 9.1 | "Add CVE/Vendor" button in header | NOT visible | |
| 9.2 | "Upload Document" button on CVE records | NOT visible | |
| 9.3 | "Delete" button on documents | NOT visible | |
| 9.4 | "Manage Users" in user menu | NOT visible | |
| 9.5 | Can view CVE list | CVEs display correctly | |
| 9.6 | Can view documents (click View) | Documents accessible | |
| 9.7 | Can use Quick CVE Status Check | Search works | |
| 9.8 | Can use filters (vendor, severity) | Filters work | |

---

## 10. Deactivated User
*As admin, deactivate viewer1 account*

| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 10.1 | Try to login as deactivated user | Error: "Account is disabled" | |
| 10.2 | Reactivate user (as admin) | User can login again | |

---

## 11. Error Handling
| # | Test Case | Expected Result | Pass/Fail |
|---|-----------|-----------------|-----------|
| 11.1 | Stop backend, try to login | Shows "Failed to fetch" or connection error | |
| 11.2 | Backend returns 500 error | Error message displayed to user | |

---

## Sign-Off

| Role | Name | Date | Signature |
|------|------|------|-----------|
| Tester | | | |
| Developer | | | |

### Notes / Issues Found:
```




```

### Final Status: [ ] PASS  [ ] FAIL