Since this project was inherited from previous semesters, we will not be adding additional testing onto the current features. We will only be testing the new features (authorization).
End users:
- Admins (employees of UNC School of Psychiatry)
- Users (contractors for the UNC School of Psychiatry)
Tools:
- Jasmine for testing JS code
- Mocha for testing Node.js programs
Part 1. What we are actually testing
Integration Testing:
- Test sign up flow: create a new user, verify email, and sign in. Ensure UI state matches correctly on each step
- Test sign in flow: get credentials, go to sign in page, verify that you can log in. Ensure UI state matches correctly on each step
- Test incorrect sign up flow: Attempt to create a new user. Give incorrect credentials (i.e bad email, no password, etc.), verify UI displays correct error messages
- Test incorrect sign in flow: Attempt to sign in. Give incorrect credentials (i.e bad email or unverified email, no password, etc.), verify UI displays correct error messages
- Test content access flow:
- If signed in as a user, should be able to only see user level content
- When accessing admin content, it should not display
- If signed in as an admin, should be able to see both user and admin level content
- If signed in as a user, should be able to only see user level content
Unit Testing:
- Test sign up: Run unit tests with all possible states
- Good email, good password
- Good email, bad password
- Bad email, good password
- Bad email, bad password
- Test sign in: Run unit tests with all possible states
- Good email, good password
- Good email, bad password
- Bad email, good password
- Bad email, bad password
- Test content access
- If signed in as a USER:
- Attempt to access user content: should return valid data
- Attempt to access admin content: should return error message
- If signed in as an ADMIN:
- Attempt to access user content: should return valid data
- Attempt to access admin content: should return valid data
- If signed in as a USER:
Acceptance Testing:
- Meet with client to get feedback and adjust direction based on that feedback
- Admin users login to admin UI page, and normal users login to normal page
Part 2. What we would test if we had extra time
Reliability testing:
- Handling a lot of users in database
- Many concurrent sign ups/log ins
- Concurrent logged in users on the site
Accessibility testing
- Validate forms/pages are accessible with screen readers
- Check color contrast ratios meet standards
Security testing
- Validate passwords are hashed/salted before storage
- Check for vulnerabilities like SQL injection on inputs