arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
xtablo-source/.planning/phases/08-social-sign-in/08-UAT.md
Arthur Belleville bc617f4632
test(08): complete UAT - 7 passed, 0 issues
2026-05-15 21:46:30 +02:00

59 lines
2.6 KiB
Markdown
Raw Blame History

---
status: complete
phase: 08-social-sign-in
source:
- 08-01-SUMMARY.md
- 08-02-SUMMARY.md
- 08-03-SUMMARY.md
- 08-04-SUMMARY.md
- 08-05-SUMMARY.md
started: 2026-05-15T19:29:29Z
updated: 2026-05-15T19:46:05Z
---
## Current Test
[testing complete]
## Tests
### 1. Cold Start Smoke Test
expected: Kill any running backend process. From `backend/`, start the app with `just dev`. Postgres and MinIO start, generation completes, migrations apply, and the web server comes up on `http://localhost:8080` without startup errors. Loading the login page returns the Xtablo auth UI.
result: pass
### 2. Auth Pages Show Provider Controls
expected: Visiting `/login` and `/signup` shows the Google provider control above the email/password form, followed by an `or` separator. When Google env vars are missing, the Google control is visible but disabled and non-clickable. When Google env vars are configured, the control links to `/auth/google/start`. Apple sign-in controls are not shown.
result: pass
### 3. Google Sign-in Flow
expected: With Google OAuth env vars configured, clicking `Continue with Google` starts Google sign-in. After completing the provider flow, Xtablo creates or links the local account, issues the normal server-managed session cookie, and redirects to `/` as a signed-in user.
result: pass
### 4. Apple Sign-in Disabled
expected: Apple sign-in is not shown on `/login` or `/signup`. There is no `Continue with Apple` button, no Apple disabled-state copy, and no link to `/auth/apple/start`. Direct requests to `/auth/apple/start` and `/auth/apple/callback` return 404.
result: pass
### 5. Existing Email/Password Auth Still Works
expected: Email/password signup, login, logout, CSRF validation, and rate-limited invalid login behavior still work as before. Social sign-in controls do not submit or break the email/password form.
result: pass
### 6. Social-only Account Guardrails
expected: For an email that already belongs to a social-only user, password signup shows `An account already exists for this email. Sign in with your provider.` Password login does not reveal provider details and fails with the normal invalid-credentials behavior.
result: pass
### 7. Linked Providers View
expected: `/account/providers` requires authentication. When signed in, it shows `Linked providers` with a Google row. The row shows `Connected` with the stored provider email when linked, or `Not connected` when no Google identity is linked. No Apple row, unlink action, or add-password action is shown.
result: pass
## Summary
total: 7
passed: 7
issues: 0
pending: 0
skipped: 0
blocked: 0
## Gaps
[none yet]
Reference in a new issue View git blame Copy permalink