D3. Test Plan

Since this project was inherited from previous semesters, we will not be adding additional testing onto the current features. We will only be testing the new features (authentication and authorization depending on user roles).

End users:

  • Superadmins (employees of UNC School of Psychiatry)
  • Admins (employees of UNC School of Psychiatry, external partners assisting the evaluation)
  • Providers (mental health agencies)

Tools:

  • Jest for testing TS code
  • Mocha for testing Node.js programs

Part 1. What we are actually testing

Integration Testing:

Test inviting superadmin/admin/provider flow:

  1. Superadmins should be able to go to “Invite User” page, input the person’s email they would like to invite, select one role for the person, and click “Send Invite Email”.
  2. An invite email should be sent to that person’s email.

Test incorrect invite flow:

  1. If the logged in user is not a superadmin, they should not be able to invite new user, and the UI should display the error message after they click the “Send Invite Email” button.

Test sign up flow:

  1. By clicking on the invite link in the invite email, the person should be able to sign themselves up as superadmin/admin/provider depending on the email they received.

Test sign in flow:

  1. A registered user should be able to input their credentials and sign in.

Test incorrect sign in flow:

  1. If a user is not registered or their credentials are wrong, they should not be able to sign in and the UI should display the error message.

Test content access flow:

  • If signed in as a superadmin, should be able to see all the data provided by everyone, and should be able to send the invite email to invite new users.
  • If signed in as an admin, should be able to see all the data provided by everyone.
  • If signed in as a provider, should be able to see only the data provided by themselves.

Unit Testing:

Test sign up: Run unit tests with all possible states

  • Invited email, good password
  • Invited email, bad password

Test sign in: Run unit tests with all possible states

  • Registered email, good password
  • Registered email, bad password
  • Unregistered email

Test invite new user: Run unit tests with all possible states

  • Valid user email, email not already registered, one role selected
  • Invalid user email
  • Email already registered
  • No role selected
  • More than one role selected

Test content access:

  • If invited to become a user:
    • Should receive the invite email and sign themselves up
  • If not invited to become a user:
    • Should not receive the invite email
  • If signed in as a SUPERADMIN:
    • Should be able to use all features on the “Invite User” page
    • Should be able to see data provided by all uses
  • If signed in as an ADMIN:
    • Should not be able to send invite email on the “Invite User” page
    • Should be able to see data provided by all users
  • If signed in as a PROVIDER:
    • Should not be able to send invite email on the “Invite User” page
    • Should be able to see only data provided by themselves

Acceptance Testing:

  • Meet with client to get feedback and adjust features based on that feedback
  • Superadmin users login to superadmin UI page, admin users login to admin UI page, and providers login to provider UI page

Part 2. What we would test if we had extra time

Reliability testing:

  • Handling a lot of users in database
  • Many concurrent sign ups/log ins
  • Concurrent logged in users on the site

Accessibility testing

  • Validate forms/pages are accessible with screen readers
  • Check color contrast ratios meet standards

Security testing

  • Validate passwords are hashed/salted before storage
  • Check for vulnerabilities like SQL injection on inputs