test(08): complete UAT - 7 passed, 0 issues
This commit is contained in:
Arthur Belleville
parent
90af9bdaef
commit
bc617f4632
1 changed files with 59 additions and 0 deletions
59
.planning/phases/08-social-sign-in/08-UAT.md
Normal file
59
.planning/phases/08-social-sign-in/08-UAT.md
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
status: complete
|
||||
phase: 08-social-sign-in
|
||||
source:
|
||||
- 08-01-SUMMARY.md
|
||||
- 08-02-SUMMARY.md
|
||||
- 08-03-SUMMARY.md
|
||||
- 08-04-SUMMARY.md
|
||||
- 08-05-SUMMARY.md
|
||||
started: 2026-05-15T19:29:29Z
|
||||
updated: 2026-05-15T19:46:05Z
|
||||
---
|
||||
|
||||
## Current Test
|
||||
|
||||
[testing complete]
|
||||
|
||||
## Tests
|
||||
|
||||
### 1. Cold Start Smoke Test
|
||||
expected: Kill any running backend process. From `backend/`, start the app with `just dev`. Postgres and MinIO start, generation completes, migrations apply, and the web server comes up on `http://localhost:8080` without startup errors. Loading the login page returns the Xtablo auth UI.
|
||||
result: pass
|
||||
|
||||
### 2. Auth Pages Show Provider Controls
|
||||
expected: Visiting `/login` and `/signup` shows the Google provider control above the email/password form, followed by an `or` separator. When Google env vars are missing, the Google control is visible but disabled and non-clickable. When Google env vars are configured, the control links to `/auth/google/start`. Apple sign-in controls are not shown.
|
||||
result: pass
|
||||
|
||||
### 3. Google Sign-in Flow
|
||||
expected: With Google OAuth env vars configured, clicking `Continue with Google` starts Google sign-in. After completing the provider flow, Xtablo creates or links the local account, issues the normal server-managed session cookie, and redirects to `/` as a signed-in user.
|
||||
result: pass
|
||||
|
||||
### 4. Apple Sign-in Disabled
|
||||
expected: Apple sign-in is not shown on `/login` or `/signup`. There is no `Continue with Apple` button, no Apple disabled-state copy, and no link to `/auth/apple/start`. Direct requests to `/auth/apple/start` and `/auth/apple/callback` return 404.
|
||||
result: pass
|
||||
|
||||
### 5. Existing Email/Password Auth Still Works
|
||||
expected: Email/password signup, login, logout, CSRF validation, and rate-limited invalid login behavior still work as before. Social sign-in controls do not submit or break the email/password form.
|
||||
result: pass
|
||||
|
||||
### 6. Social-only Account Guardrails
|
||||
expected: For an email that already belongs to a social-only user, password signup shows `An account already exists for this email. Sign in with your provider.` Password login does not reveal provider details and fails with the normal invalid-credentials behavior.
|
||||
result: pass
|
||||
|
||||
### 7. Linked Providers View
|
||||
expected: `/account/providers` requires authentication. When signed in, it shows `Linked providers` with a Google row. The row shows `Connected` with the stored provider email when linked, or `Not connected` when no Google identity is linked. No Apple row, unlink action, or add-password action is shown.
|
||||
result: pass
|
||||
|
||||
## Summary
|
||||
|
||||
total: 7
|
||||
passed: 7
|
||||
issues: 0
|
||||
pending: 0
|
||||
skipped: 0
|
||||
blocked: 0
|
||||
|
||||
## Gaps
|
||||
|
||||
[none yet]
|
||||
Loading…
Reference in a new issue