diff --git a/docs/PHASE3-TESTING-PLAN.md b/docs/PHASE3-TESTING-PLAN.md new file mode 100644 index 00000000..b8b45975 --- /dev/null +++ b/docs/PHASE3-TESTING-PLAN.md @@ -0,0 +1,547 @@ +# Phase 3 Testing Plan + +## Pre-Testing Requirements + +Before running tests, ensure: + +1. **Environment variables are set:** + ```bash + VITE_FOUNDATION_URL=https://aethex.foundation # or staging/localhost + FOUNDATION_OAUTH_CLIENT_SECRET= + VITE_API_BASE=https://aethex.dev # or http://localhost:5173 + ``` + +2. **Foundation is operational:** + - aethex.foundation is running + - OAuth endpoints are accessible + - Test user accounts exist + +3. **App is running:** + ```bash + npm run dev # or equivalent for your setup + ``` + +--- + +## Test Scenarios + +### Test 1: Login Page Loads Correctly + +**Objective:** Verify the login page displays Foundation OAuth button + +**Steps:** +1. Navigate to `http://localhost:5173/login` (or prod URL) +2. Look for "Login with Foundation" button +3. Verify button is visible and clickable + +**Expected Result:** +``` +✓ Login page displays +✓ "Login with Foundation" button visible +✓ Other options (Roblox, Ethereum) still available +✓ Email/password form visible +``` + +**Success Criteria:** ✅ Button visible and no console errors + +--- + +### Test 2: Foundation Redirect + +**Objective:** Verify clicking the button redirects to Foundation + +**Steps:** +1. On login page, click "Login with Foundation" button +2. Observe browser URL change +3. Check redirect parameters + +**Expected Result:** +``` +Redirected to: +https://aethex.foundation/api/oauth/authorize + ?client_id=aethex-corp + &redirect_uri=https://aethex.dev/api/auth/foundation-callback + &response_type=code + &scope=openid%20profile%20email + &state=... +``` + +**Success Criteria:** ✅ Redirected to Foundation OAuth authorize endpoint + +--- + +### Test 3: Foundation Authentication (Manual) + +**Objective:** User authenticates on Foundation + +**Steps:** +1. You're now on Foundation login page +2. Enter test credentials +3. If prompted, grant aethex.dev permissions +4. Click "Authorize" or similar + +**Expected Result:** +``` +✓ Foundation accepts credentials +✓ Permission screen appears (if configured) +✓ Successful authentication +``` + +**Success Criteria:** ✅ Authentication succeeds, no Foundation-side errors + +--- + +### Test 4: Callback Reception + +**Objective:** Verify Foundation redirects back with authorization code + +**Steps:** +1. After Foundation authentication completes +2. Observe browser URL change +3. Look for authorization code in URL + +**Expected Result:** +``` +Browser redirects to: +https://aethex.dev/api/auth/foundation-callback + ?code=AUTH_CODE_VALUE + &state=... + +Check browser console: +✓ No errors about code +✓ Processing message may appear +``` + +**Success Criteria:** ✅ Callback endpoint receives authorization code + +--- + +### Test 5: Token Exchange + +**Objective:** Backend exchanges code for access token + +**Steps:** +1. Monitor network requests in browser Dev Tools +2. Look for POST to `/api/auth/exchange-token` +3. Check response status + +**Expected Result:** +``` +Network: +POST /api/auth/exchange-token +Status: 200 OK +Response: { + "accessToken": "eyJ...", + "user": { + "id": "uuid", + "email": "user@example.com", + "username": "testuser", + "profile_complete": false + } +} + +Cookies set: +✓ foundation_access_token= +✓ auth_user_id= +``` + +**Success Criteria:** ✅ Token received, cookies set, no 401/403 errors + +--- + +### Test 6: User Profile Sync + +**Objective:** Verify user profile created/updated in local database + +**Steps:** +1. After successful login, check database +2. Query user_profiles table +3. Verify user exists with correct data + +**Database Query:** +```sql +-- Check user was created/updated +SELECT id, email, username, profile_completed, updated_at +FROM user_profiles +WHERE email = 'test@example.com' +ORDER BY updated_at DESC +LIMIT 1; + +-- Expected result: +/* +| id | email | username | profile_completed | updated_at | +|--------------|------------------|-----------|-------------------|---------------------| +| | test@example.com | testuser | false | 2024-01-XX HH:MM:SS | +*/ +``` + +**Success Criteria:** ✅ User profile exists in local database with correct data + +--- + +### Test 7: Dashboard Redirect + +**Objective:** User redirected to dashboard after authentication + +**Steps:** +1. After token exchange and profile sync +2. Browser should automatically redirect +3. Check final URL + +**Expected Result:** +``` +Browser URL: https://aethex.dev/dashboard +✓ Dashboard loads successfully +✓ User info displays correctly +✓ Profile data matches Foundation user +``` + +**Success Criteria:** ✅ Dashboard loads, user is authenticated + +--- + +### Test 8: Authenticated API Requests + +**Objective:** User can make authenticated API calls + +**Steps:** +1. On authenticated dashboard +2. Use browser console to test: + ```javascript + const token = document.cookie + .split(';') + .find(c => c.trim().startsWith('foundation_access_token=')) + ?.split('=')[1]; + + fetch('/api/user/profile', { + headers: { 'Authorization': `Bearer ${token}` }, + credentials: 'include' + }) + .then(r => r.json()) + .then(console.log); + ``` + +**Expected Result:** +```javascript +// Console output: +{ + "id": "uuid", + "email": "user@example.com", + "username": "testuser", + // ... other profile data +} +``` + +**Success Criteria:** ✅ API returns 200, user data correct + +--- + +### Test 9: Logout + +**Objective:** Verify logout clears Foundation auth + +**Steps:** +1. On authenticated dashboard +2. Click logout/settings +3. Trigger logout action +4. Verify redirect to login + +**Expected Result:** +``` +✓ Logout triggered +✓ Cookies cleared: + - foundation_access_token removed + - auth_user_id removed +✓ Redirected to /login +✓ Previous authenticated state lost +``` + +**Test command (if logout has UI): +```javascript +// Clear cookies manually in console +document.cookie = 'foundation_access_token=; expires=Thu, 01 Jan 1970 00:00:00 UTC;'; +document.cookie = 'auth_user_id=; expires=Thu, 01 Jan 1970 00:00:00 UTC;'; +``` + +**Success Criteria:** ✅ Cookies cleared, session terminated + +--- + +### Test 10: Redirect Destination (Optional) + +**Objective:** Verify redirect works when accessing protected page first + +**Steps:** +1. Logout (or clear cookies) +2. Visit protected page: `http://localhost:5173/dashboard?next=/admin` +3. Get redirected to login +4. Click "Login with Foundation" +5. After auth, should redirect to `/admin` instead of `/dashboard` + +**Expected Result:** +``` +✓ Initial redirect to /login with ?next=/admin +✓ After Foundation auth, redirected to /admin +``` + +**Success Criteria:** ✅ Redirect destination preserved through auth flow + +--- + +## Error Testing + +### Error 1: Invalid Authorization Code + +**How to trigger:** +1. Manually modify URL code parameter: `?code=invalid_code` +2. Let callback process + +**Expected Result:** +``` +Error: token_exchange +Message: Failed to exchange authorization code +Redirect to: /login?error=token_exchange +``` + +**Success Criteria:** ✅ Graceful error handling, user redirected to login + +--- + +### Error 2: Missing Client Secret + +**How to trigger:** +1. Unset `FOUNDATION_OAUTH_CLIENT_SECRET` env var +2. Attempt login + +**Expected Result:** +``` +Error: 500 or token_exchange error +Message: Missing environment variables +Redirect to: /login with error +``` + +**Success Criteria:** ✅ Clear error, server doesn't crash + +--- + +### Error 3: Foundation Unavailable + +**How to trigger:** +1. Stop Foundation service +2. Attempt login +3. Foundation authorize redirects back + +**Expected Result:** +``` +Error: Token exchange fails +Message: Failed to connect to Foundation +Redirect to: /login with error message +``` + +**Success Criteria:** ✅ Handles offline Foundation gracefully + +--- + +### Error 4: Expired Authorization Code + +**How to trigger:** +1. Wait >10 minutes after Foundation redirect +2. Complete the callback + +**Expected Result:** +``` +Error: invalid_grant or code_expired +Message: Authorization code has expired +Redirect to: /login?error=token_exchange +``` + +**Success Criteria:** ✅ Clear error, user redirected to login + +--- + +## Browser Compatibility Testing + +Test on multiple browsers: + +- [ ] Chrome/Chromium (latest) +- [ ] Firefox (latest) +- [ ] Safari (latest) +- [ ] Edge (latest) +- [ ] Mobile Chrome +- [ ] Mobile Safari + +**Checklist for each browser:** +- [ ] Login page renders correctly +- [ ] Redirect to Foundation works +- [ ] Cookies are set (check Dev Tools) +- [ ] Dashboard loads after auth +- [ ] Logout works + +--- + +## Performance Testing + +### Page Load Time + +```bash +# Test login page load +curl -w "@curl-format.txt" -o /dev/null -s https://aethex.dev/login +# Expected: < 2 seconds + +# Test dashboard load after auth +curl -H "Authorization: Bearer " -w "@curl-format.txt" -o /dev/null -s https://aethex.dev/api/user/profile +# Expected: < 500ms +``` + +### Token Exchange Time + +Time from receiving auth code to dashboard redirect: + +**Target:** < 2 seconds +**Acceptable:** 2-5 seconds +**Problematic:** > 5 seconds + +--- + +## User Flow Testing + +### Real User Journey + +**Step-by-step test with actual user:** + +1. **Visit login page** - Fresh browser tab +2. **Click "Login with Foundation"** - No pre-existing auth +3. **Enter test credentials** - On Foundation +4. **Authorize app** - If permission prompt appears +5. **Check redirect** - Should arrive at dashboard +6. **Verify profile** - Data should display +7. **Test API** - Make authenticated request +8. **Logout** - Clear session +9. **Re-login** - Ensure can login again + +**Success:** All steps complete without errors + +--- + +## Deployment Testing + +### Staging Environment + +Before deploying to production: + +1. [ ] Deploy Phase 3 code to staging +2. [ ] Set Foundation OAuth credentials +3. [ ] Test complete flow on staging +4. [ ] Verify Foundation integration stable +5. [ ] Check error handling +6. [ ] Review logs for issues +7. [ ] Get team sign-off + +### Production Deployment + +1. [ ] Backup current auth system +2. [ ] Deploy Phase 3 code +3. [ ] Monitor logs closely +4. [ ] Have rollback plan ready +5. [ ] Communicate with users +6. [ ] Watch for auth issues + +--- + +## Test Report Template + +```markdown +# Phase 3 Testing Report + +Date: YYYY-MM-DD +Tester: [Name] +Environment: [Staging/Production] + +## Test Results + +| Test | Status | Notes | +|------|--------|-------| +| Test 1: Login Page | ✅/❌ | | +| Test 2: Redirect | ✅/❌ | | +| Test 3: Foundation Auth | ✅/❌ | | +| Test 4: Callback | ✅/❌ | | +| Test 5: Token Exchange | ✅/❌ | | +| Test 6: Profile Sync | ✅/❌ | | +| Test 7: Dashboard | ✅/❌ | | +| Test 8: API Requests | ✅/❌ | | +| Test 9: Logout | ✅/❌ | | +| Test 10: Redirects | ✅/❌ | | + +## Errors Encountered + +[List any errors found] + +## Performance Metrics + +- Login page load: XXX ms +- Token exchange: XXX ms +- Dashboard load: XXX ms + +## Browser Compatibility + +- Chrome: ✅/❌ +- Firefox: ✅/❌ +- Safari: ✅/❌ +- Edge: ✅/❌ + +## Recommendation + +🟢 Ready for production / 🟡 Needs fixes / 🔴 Do not deploy + +[Explain any blockers] +``` + +--- + +## Monitoring After Deployment + +### Key Metrics to Monitor + +1. **Authentication Success Rate** + - Should be >99% + - Track failed logins + +2. **Error Categories** + - Code exchange failures + - Token validation failures + - Profile sync failures + +3. **Performance** + - Token exchange time (target <2s) + - Dashboard load time after auth + - API request latency + +4. **User Feedback** + - Support tickets about login + - Issues reported by users + - Accessibility issues + +### Alert Thresholds + +Set alerts for: +- Auth failure rate > 5% +- Token exchange time > 5 seconds +- Foundation connectivity issues +- Database sync failures + +--- + +## Rollback Triggers + +Immediately rollback if: +- Auth failure rate > 25% +- Unable to authenticate any new users +- Data corruption in user_profiles +- Foundation connection completely down +- Security vulnerability discovered + +--- + +**Testing Status:** ⏳ Ready to Test + +Once Foundation OAuth credentials are obtained and staging environment is ready, proceed with testing according to this plan.