arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
xtablo-source/.planning/phases/08-social-sign-in/08-UAT.md
Arthur Belleville bc617f4632
test(08): complete UAT - 7 passed, 0 issues
2026-05-15 21:46:30 +02:00

2.6 KiB
Raw Blame History

status phase source started updated
complete 08-social-sign-in
08-01-SUMMARY.md
08-02-SUMMARY.md
08-03-SUMMARY.md
08-04-SUMMARY.md
08-05-SUMMARY.md
2026-05-15T19:29:29Z 2026-05-15T19:46:05Z

Current Test

[testing complete]

Tests

1. Cold Start Smoke Test

expected: Kill any running backend process. From backend/, start the app with just dev. Postgres and MinIO start, generation completes, migrations apply, and the web server comes up on http://localhost:8080 without startup errors. Loading the login page returns the Xtablo auth UI. result: pass

2. Auth Pages Show Provider Controls

expected: Visiting /login and /signup shows the Google provider control above the email/password form, followed by an or separator. When Google env vars are missing, the Google control is visible but disabled and non-clickable. When Google env vars are configured, the control links to /auth/google/start. Apple sign-in controls are not shown. result: pass

3. Google Sign-in Flow

expected: With Google OAuth env vars configured, clicking Continue with Google starts Google sign-in. After completing the provider flow, Xtablo creates or links the local account, issues the normal server-managed session cookie, and redirects to / as a signed-in user. result: pass

4. Apple Sign-in Disabled

expected: Apple sign-in is not shown on /login or /signup. There is no Continue with Apple button, no Apple disabled-state copy, and no link to /auth/apple/start. Direct requests to /auth/apple/start and /auth/apple/callback return 404. result: pass

5. Existing Email/Password Auth Still Works

expected: Email/password signup, login, logout, CSRF validation, and rate-limited invalid login behavior still work as before. Social sign-in controls do not submit or break the email/password form. result: pass

6. Social-only Account Guardrails

expected: For an email that already belongs to a social-only user, password signup shows An account already exists for this email. Sign in with your provider. Password login does not reveal provider details and fails with the normal invalid-credentials behavior. result: pass

7. Linked Providers View

expected: /account/providers requires authentication. When signed in, it shows Linked providers with a Google row. The row shows Connected with the stored provider email when linked, or Not connected when no Google identity is linked. No Apple row, unlink action, or add-password action is shown. result: pass

Summary

total: 7 passed: 7 issues: 0 pending: 0 skipped: 0 blocked: 0

Gaps

[none yet]