Authentication Tests
Sign Up (/sign-up)
Section titled “Sign Up (/sign-up)”| Test ID | Description | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| AUTH-001 | Valid registration with email and password | No existing account with the test email | 1. Navigate to /sign-up. 2. Enter valid name, email, username, and password. 3. Accept terms. 4. Click “Sign Up”. | Account is created. User is redirected to email verification or onboarding. Success toast displayed. | P0 |
| AUTH-002 | Duplicate email rejected | Account with test@example.com already exists | 1. Navigate to /sign-up. 2. Enter test@example.com as email. 3. Fill remaining fields. 4. Click “Sign Up”. | Form displays error: email already in use. Account is not created. | P0 |
| AUTH-003 | Duplicate username rejected | Account with username existinguser already exists | 1. Navigate to /sign-up. 2. Enter existinguser as username. 3. Fill remaining fields. 4. Click “Sign Up”. | Form displays error: username already taken. Account is not created. | P1 |
| AUTH-004 | Weak password rejected | None | 1. Navigate to /sign-up. 2. Enter a password shorter than 8 characters. 3. Click “Sign Up”. | Form displays password strength error. Account is not created. | P1 |
| AUTH-005 | Email verification flow after sign up | Newly registered account | 1. Complete sign up. 2. Check email inbox for verification link. 3. Click verification link. | Email is marked verified. User can proceed to onboarding or dashboard. | P0 |
| AUTH-006 | Google OAuth sign up | No existing account linked to Google | 1. Navigate to /sign-up. 2. Click “Continue with Google”. 3. Complete Google OAuth consent. | Account is created and linked to Google. User is redirected to onboarding. | P0 |
| AUTH-007 | Required fields validation | None | 1. Navigate to /sign-up. 2. Leave all fields empty. 3. Click “Sign Up”. | Form displays validation errors for all required fields. | P1 |
| AUTH-008 | Invalid email format rejected | None | 1. Navigate to /sign-up. 2. Enter notanemail in email field. 3. Click “Sign Up”. | Form displays invalid email format error. | P1 |
Sign In (/sign-in)
Section titled “Sign In (/sign-in)”| Test ID | Description | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| AUTH-010 | Valid login with email and password | Verified account exists | 1. Navigate to /sign-in. 2. Enter valid email and password. 3. Click “Sign In”. | User is authenticated and redirected to /feed or last visited page. Session cookie is set. | P0 |
| AUTH-011 | Invalid credentials rejected | None | 1. Navigate to /sign-in. 2. Enter incorrect email or password. 3. Click “Sign In”. | Error message displayed: invalid credentials. User is not authenticated. | P0 |
| AUTH-012 | Google OAuth sign in | Account linked to Google exists | 1. Navigate to /sign-in. 2. Click “Continue with Google”. 3. Complete Google OAuth. | User is authenticated and redirected to dashboard. | P0 |
| AUTH-013 | Session persistence across page reload | User is signed in | 1. Sign in successfully. 2. Reload the page. 3. Navigate to a protected route. | User remains authenticated. No redirect to sign in. | P1 |
| AUTH-014 | Session persistence across tabs | User is signed in | 1. Sign in successfully. 2. Open a new browser tab. 3. Navigate to the app. | User is authenticated in the new tab. | P2 |
Password Reset (/forgot-password, /reset-password)
Section titled “Password Reset (/forgot-password, /reset-password)”| Test ID | Description | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| AUTH-020 | Request password reset | Account with email exists | 1. Navigate to /forgot-password. 2. Enter registered email. 3. Click “Send Reset Link”. | Success message displayed. Reset email sent to the address. | P0 |
| AUTH-021 | Reset password with valid token | Reset email received with valid token | 1. Click reset link from email. 2. Navigate to /reset-password with token. 3. Enter new password. 4. Click “Reset Password”. | Password is updated. User is redirected to sign in. Success message displayed. | P0 |
| AUTH-022 | Expired reset token rejected | Reset token older than expiry window | 1. Click an expired reset link. 2. Attempt to set new password. | Error message: token expired. User is prompted to request a new reset. | P1 |
| AUTH-023 | Reset for non-existent email | No account with the entered email | 1. Navigate to /forgot-password. 2. Enter unregistered email. 3. Click “Send Reset Link”. | Generic success message displayed (no information leak). No email sent. | P1 |
Sign Out
Section titled “Sign Out”| Test ID | Description | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| AUTH-030 | Successful sign out | User is signed in | 1. Click user menu. 2. Click “Sign Out”. | Session is destroyed. User is redirected to /sign-in. Protected routes are no longer accessible. | P0 |
| AUTH-031 | Session cookie cleared on sign out | User is signed in | 1. Sign out. 2. Check browser cookies. | Auth session cookie is removed or invalidated. | P1 |
| AUTH-032 | Back button after sign out | User just signed out | 1. Sign out. 2. Press browser back button. | User is not re-authenticated. Redirected to sign in if hitting a protected route. | P1 |
Route Guards
Section titled “Route Guards”| Test ID | Description | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| AUTH-040 | Protected route redirects unauthenticated user | User is not signed in | 1. Navigate directly to /feed. | User is redirected to /sign-in. Original URL is preserved for redirect after login. | P0 |
| AUTH-041 | Auth routes redirect authenticated user | User is signed in | 1. Navigate to /sign-in. | User is redirected to /feed or dashboard. Sign-in form is not shown. | P1 |
| AUTH-042 | Admin routes check role | User is signed in with non-admin role | 1. Navigate to /admin. | User is redirected to /feed or shown a 403 forbidden page. | P1 |
| AUTH-043 | Onboarding gate for incomplete profile | User is signed in but has not completed onboarding | 1. Navigate to /feed. | User is redirected to /onboarding. Cannot bypass until onboarding is complete. | P0 |
| AUTH-044 | Completed onboarding skips gate | User has completed onboarding | 1. Navigate to /onboarding. | User is redirected to /feed. Onboarding form is not shown again. | P2 |
Email Verification (/verify-email, /verify/[code])
Section titled “Email Verification (/verify-email, /verify/[code])”| Test ID | Description | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| AUTH-050 | Valid verification code | Unverified account with valid code | 1. Navigate to /verify/[valid-code]. | Email is marked verified. Success message displayed. User is redirected to onboarding or dashboard. | P0 |
| AUTH-051 | Expired verification code | Verification code past expiry window | 1. Navigate to /verify/[expired-code]. | Error message: code expired. Option to resend verification email. | P1 |
| AUTH-052 | Resend verification email | Unverified account, signed in | 1. Navigate to /verify-email. 2. Click “Resend Verification Email”. | New verification email sent. Success message displayed. Previous code is invalidated. | P1 |
| AUTH-053 | Invalid verification code | None | 1. Navigate to /verify/invalid-code-123. | Error message: invalid code. User is not verified. | P1 |