From 08379d18dadd849bcc23c213b39b660bfdfc0ebd Mon Sep 17 00:00:00 2001 From: jramos Date: Wed, 28 Jan 2026 15:14:37 -0700 Subject: [PATCH] Add Feature: Login Test Cases --- Feature%3A-Login-Test-Cases.md | 166 +++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 Feature%3A-Login-Test-Cases.md diff --git a/Feature%3A-Login-Test-Cases.md b/Feature%3A-Login-Test-Cases.md new file mode 100644 index 0000000..22efc40 --- /dev/null +++ b/Feature%3A-Login-Test-Cases.md @@ -0,0 +1,166 @@ +[[_TOC_]] + +# Authentication Feature - Test Cases + +**Feature Branch:** feature/login +**Date:** 2026-01-28 +**Tester:** _______________ + +--- + +## Pre-Test Setup +- [ ] Backend server running on port 3001 +- [ ] Frontend server running on port 3000 +- [ ] Database has been set up with `node setup.js` +- [ ] Can access http://[SERVER_IP]:3000 in browser + +--- + +## 1. Login Page Display +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 1.1 | Navigate to app URL when not logged in | Login page displays | | +| 1.2 | Login page shows username field | Field is visible and editable | | +| 1.3 | Login page shows password field | Field is visible and editable | | +| 1.4 | Login page shows "Sign In" button | Button is visible | | +| 1.5 | Default credentials hint is shown | Shows "admin / admin123" | | + +--- + +## 2. Login Functionality +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 2.1 | Login with valid credentials (admin/admin123) | Redirects to dashboard | | +| 2.2 | Login with invalid username | Shows "Invalid username or password" | | +| 2.3 | Login with invalid password | Shows "Invalid username or password" | | +| 2.4 | Login with empty username | Form validation prevents submit | | +| 2.5 | Login with empty password | Form validation prevents submit | | +| 2.6 | Press Enter in password field | Submits form (same as clicking Sign In) | | + +--- + +## 3. Session Persistence +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 3.1 | Refresh page after login | Stays logged in, dashboard displays | | +| 3.2 | Open new browser tab to same URL | Already logged in | | +| 3.3 | Close browser, reopen, navigate to app | Still logged in (within 24hrs) | | + +--- + +## 4. Logout +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 4.1 | Click user menu in header | Dropdown menu appears | | +| 4.2 | Click "Sign Out" in dropdown | Returns to login page | | +| 4.3 | After logout, try to access dashboard URL directly | Redirects to login page | | +| 4.4 | After logout, check browser cookies | session_id cookie is cleared | | + +--- + +## 5. User Menu Display +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 5.1 | User menu shows username | Displays "admin" | | +| 5.2 | User menu shows role | Displays "admin" role | | +| 5.3 | User menu dropdown shows email | Shows admin@localhost | | +| 5.4 | Admin user sees "Manage Users" option | Option is visible | | + +--- + +## 6. Role-Based UI - Admin Role +*Login as: admin/admin123* + +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 6.1 | "Add CVE/Vendor" button in header | Visible | | +| 6.2 | "Upload Document" button on CVE records | Visible | | +| 6.3 | "Delete" button on documents | Visible | | +| 6.4 | "Manage Users" in user menu | Visible | | +| 6.5 | Can open User Management panel | Panel opens | | + +--- + +## 7. User Management (Admin) +*Login as: admin/admin123* + +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 7.1 | Open User Management panel | Shows list of users | | +| 7.2 | Click "Add User" button | Add user form appears | | +| 7.3 | Create user: editor1 / editor1@test.com / password123 / Editor | User created successfully | | +| 7.4 | Create user: viewer1 / viewer1@test.com / password123 / Viewer | User created successfully | | +| 7.5 | Edit existing user (change email) | Changes saved | | +| 7.6 | Toggle user active status | Status changes | | +| 7.7 | Delete a user (not self) | User deleted | | +| 7.8 | Try to delete own account | Error: "Cannot delete your own account" | | +| 7.9 | Try to deactivate own account | Error: "Cannot deactivate your own account" | | +| 7.10 | Try to remove own admin role | Error: "Cannot remove your own admin role" | | +| 7.11 | Create duplicate username | Error: "Username or email already exists" | | + +--- + +## 8. Role-Based UI - Editor Role +*Logout and login as: editor1/password123* + +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 8.1 | "Add CVE/Vendor" button in header | Visible | | +| 8.2 | "Upload Document" button on CVE records | Visible | | +| 8.3 | "Delete" button on documents | NOT visible | | +| 8.4 | "Manage Users" in user menu | NOT visible | | +| 8.5 | Can add a new CVE | CVE created successfully | | +| 8.6 | Can upload a document | Document uploaded successfully | | + +--- + +## 9. Role-Based UI - Viewer Role +*Logout and login as: viewer1/password123* + +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 9.1 | "Add CVE/Vendor" button in header | NOT visible | | +| 9.2 | "Upload Document" button on CVE records | NOT visible | | +| 9.3 | "Delete" button on documents | NOT visible | | +| 9.4 | "Manage Users" in user menu | NOT visible | | +| 9.5 | Can view CVE list | CVEs display correctly | | +| 9.6 | Can view documents (click View) | Documents accessible | | +| 9.7 | Can use Quick CVE Status Check | Search works | | +| 9.8 | Can use filters (vendor, severity) | Filters work | | + +--- + +## 10. Deactivated User +*As admin, deactivate viewer1 account* + +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 10.1 | Try to login as deactivated user | Error: "Account is disabled" | | +| 10.2 | Reactivate user (as admin) | User can login again | | + +--- + +## 11. Error Handling +| # | Test Case | Expected Result | Pass/Fail | +|---|-----------|-----------------|-----------| +| 11.1 | Stop backend, try to login | Shows "Failed to fetch" or connection error | | +| 11.2 | Backend returns 500 error | Error message displayed to user | | + +--- + +## Sign-Off + +| Role | Name | Date | Signature | +|------|------|------|-----------| +| Tester | | | | +| Developer | | | | + +### Notes / Issues Found: +``` + + + + +``` + +### Final Status: [ ] PASS [ ] FAIL