Phase 3 Testing Plan

Pre-Testing Requirements

Before running tests, ensure:

Environment variables are set:

VITE_FOUNDATION_URL=https://aethex.foundation  # or staging/localhost
FOUNDATION_OAUTH_CLIENT_SECRET=<received-from-foundation>
VITE_API_BASE=https://aethex.dev  # or http://localhost:5173

Foundation is operational:
- aethex.foundation is running
- OAuth endpoints are accessible
- Test user accounts exist

App is running:

npm run dev  # or equivalent for your setup

Test Scenarios

Objective: Verify the login page displays Foundation OAuth button

Steps:

Navigate to http://localhost:5173/login (or prod URL)
Look for "Login with Foundation" button
Verify button is visible and clickable

Expected Result:

✓ Login page displays
✓ "Login with Foundation" button visible
✓ Other options (Roblox, Ethereum) still available
✓ Email/password form visible

Success Criteria: ✅ Button visible and no console errors

Test 2: Foundation Redirect

Objective: Verify clicking the button redirects to Foundation

Steps:

On login page, click "Login with Foundation" button
Observe browser URL change
Check redirect parameters

Expected Result:

Redirected to:
https://aethex.foundation/api/oauth/authorize
  ?client_id=aethex-corp
  &redirect_uri=https://aethex.dev/api/auth/foundation-callback
  &response_type=code
  &scope=openid%20profile%20email
  &state=...

Success Criteria: ✅ Redirected to Foundation OAuth authorize endpoint

Test 3: Foundation Authentication (Manual)

Objective: User authenticates on Foundation

Steps:

You're now on Foundation login page
Enter test credentials
If prompted, grant aethex.dev permissions
Click "Authorize" or similar

Expected Result:

✓ Foundation accepts credentials
✓ Permission screen appears (if configured)
✓ Successful authentication

Success Criteria: ✅ Authentication succeeds, no Foundation-side errors

Test 4: Callback Reception

Objective: Verify Foundation redirects back with authorization code

Steps:

After Foundation authentication completes
Observe browser URL change
Look for authorization code in URL

Expected Result:

Browser redirects to:
https://aethex.dev/api/auth/foundation-callback
  ?code=AUTH_CODE_VALUE
  &state=...

Check browser console:
✓ No errors about code
✓ Processing message may appear

Success Criteria: ✅ Callback endpoint receives authorization code

Test 5: Token Exchange

Objective: Backend exchanges code for access token

Steps:

Monitor network requests in browser Dev Tools
Look for POST to /api/auth/exchange-token
Check response status

Expected Result:

Network:
POST /api/auth/exchange-token
Status: 200 OK
Response: {
  "accessToken": "eyJ...",
  "user": {
    "id": "uuid",
    "email": "[email protected]",
    "username": "testuser",
    "profile_complete": false
  }
}

Cookies set:
✓ foundation_access_token=<token>
✓ auth_user_id=<uuid>

Success Criteria: ✅ Token received, cookies set, no 401/403 errors

Test 6: User Profile Sync

Objective: Verify user profile created/updated in local database

Steps:

After successful login, check database
Query user_profiles table
Verify user exists with correct data

Database Query:

-- Check user was created/updated
SELECT id, email, username, profile_completed, updated_at
FROM user_profiles
WHERE email = '[email protected]'
ORDER BY updated_at DESC
LIMIT 1;

-- Expected result:
/*
| id           | email            | username  | profile_completed | updated_at          |
|--------------|------------------|-----------|-------------------|---------------------|
| <uuid>       | [email protected] | testuser  | false             | 2024-01-XX HH:MM:SS |
*/

Success Criteria: ✅ User profile exists in local database with correct data

Test 7: Dashboard Redirect

Objective: User redirected to dashboard after authentication

Steps:

After token exchange and profile sync
Browser should automatically redirect
Check final URL

Expected Result:

Browser URL: https://aethex.dev/dashboard
✓ Dashboard loads successfully
✓ User info displays correctly
✓ Profile data matches Foundation user

Success Criteria: ✅ Dashboard loads, user is authenticated

Test 8: Authenticated API Requests

Objective: User can make authenticated API calls

Steps:

On authenticated dashboard

Use browser console to test:

const token = document.cookie
  .split(";")
  .find((c) => c.trim().startsWith("foundation_access_token="))
  ?.split("=")[1];

fetch("/api/user/profile", {
  headers: { Authorization: `Bearer ${token}` },
  credentials: "include",
})
  .then((r) => r.json())
  .then(console.log);

Expected Result:

// Console output:
{
  "id": "uuid",
  "email": "[email protected]",
  "username": "testuser",
  // ... other profile data
}

Success Criteria: ✅ API returns 200, user data correct

Test 9: Logout

Objective: Verify logout clears Foundation auth

Steps:

On authenticated dashboard
Click logout/settings
Trigger logout action
Verify redirect to login

Expected Result:

✓ Logout triggered
✓ Cookies cleared:
  - foundation_access_token removed
  - auth_user_id removed
✓ Redirected to /login
✓ Previous authenticated state lost

**Test command (if logout has UI):

// Clear cookies manually in console
document.cookie =
  "foundation_access_token=; expires=Thu, 01 Jan 1970 00:00:00 UTC;";
document.cookie = "auth_user_id=; expires=Thu, 01 Jan 1970 00:00:00 UTC;";

Success Criteria: ✅ Cookies cleared, session terminated

Test 10: Redirect Destination (Optional)

Objective: Verify redirect works when accessing protected page first

Steps:

Logout (or clear cookies)
Visit protected page: http://localhost:5173/dashboard?next=/admin
Get redirected to login
Click "Login with Foundation"
After auth, should redirect to /admin instead of /dashboard

Expected Result:

✓ Initial redirect to /login with ?next=/admin
✓ After Foundation auth, redirected to /admin

Success Criteria: ✅ Redirect destination preserved through auth flow

Error Testing

Error 1: Invalid Authorization Code

How to trigger:

Manually modify URL code parameter: ?code=invalid_code
Let callback process

Expected Result:

Error: token_exchange
Message: Failed to exchange authorization code
Redirect to: /login?error=token_exchange

Success Criteria: ✅ Graceful error handling, user redirected to login

Error 2: Missing Client Secret

How to trigger:

Unset FOUNDATION_OAUTH_CLIENT_SECRET env var
Attempt login

Expected Result:

Error: 500 or token_exchange error
Message: Missing environment variables
Redirect to: /login with error

Success Criteria: ✅ Clear error, server doesn't crash

Error 3: Foundation Unavailable

How to trigger:

Stop Foundation service
Attempt login
Foundation authorize redirects back

Expected Result:

Error: Token exchange fails
Message: Failed to connect to Foundation
Redirect to: /login with error message

Success Criteria: ✅ Handles offline Foundation gracefully

Error 4: Expired Authorization Code

How to trigger:

Wait >10 minutes after Foundation redirect
Complete the callback

Expected Result:

Error: invalid_grant or code_expired
Message: Authorization code has expired
Redirect to: /login?error=token_exchange

Success Criteria: ✅ Clear error, user redirected to login

Browser Compatibility Testing

Test on multiple browsers:

Checklist for each browser:

Performance Testing

Page Load Time

# Test login page load
curl -w "@curl-format.txt" -o /dev/null -s https://aethex.dev/login
# Expected: < 2 seconds

# Test dashboard load after auth
curl -H "Authorization: Bearer <token>" -w "@curl-format.txt" -o /dev/null -s https://aethex.dev/api/user/profile
# Expected: < 500ms

Token Exchange Time

Time from receiving auth code to dashboard redirect:

Target: < 2 seconds Acceptable: 2-5 seconds Problematic: > 5 seconds

User Flow Testing

Real User Journey

Step-by-step test with actual user:

Visit login page - Fresh browser tab
Click "Login with Foundation" - No pre-existing auth
Enter test credentials - On Foundation
Authorize app - If permission prompt appears
Check redirect - Should arrive at dashboard
Verify profile - Data should display
Test API - Make authenticated request
Logout - Clear session
Re-login - Ensure can login again

Success: All steps complete without errors

Deployment Testing

Staging Environment

Before deploying to production:

Production Deployment

Test Report Template

# Phase 3 Testing Report

Date: YYYY-MM-DD
Tester: [Name]
Environment: [Staging/Production]

## Test Results

| Test                    | Status | Notes |
| ----------------------- | ------ | ----- |
| Test 1: Login Page      | ✅/❌  |       |
| Test 2: Redirect        | ✅/❌  |       |
| Test 3: Foundation Auth | ✅/❌  |       |
| Test 4: Callback        | ✅/❌  |       |
| Test 5: Token Exchange  | ✅/❌  |       |
| Test 6: Profile Sync    | ✅/❌  |       |
| Test 7: Dashboard       | ✅/❌  |       |
| Test 8: API Requests    | ✅/❌  |       |
| Test 9: Logout          | ✅/❌  |       |
| Test 10: Redirects      | ✅/❌  |       |

## Errors Encountered

[List any errors found]

## Performance Metrics

- Login page load: XXX ms
- Token exchange: XXX ms
- Dashboard load: XXX ms

## Browser Compatibility

- Chrome: ✅/❌
- Firefox: ✅/❌
- Safari: ✅/❌
- Edge: ✅/❌

## Recommendation

🟢 Ready for production / 🟡 Needs fixes / 🔴 Do not deploy

[Explain any blockers]

Monitoring After Deployment

Key Metrics to Monitor

Authentication Success Rate
- Should be >99%
- Track failed logins
Error Categories
- Code exchange failures
- Token validation failures
- Profile sync failures
Performance
- Token exchange time (target <2s)
- Dashboard load time after auth
- API request latency
User Feedback
- Support tickets about login
- Issues reported by users
- Accessibility issues

Alert Thresholds

Set alerts for:

Auth failure rate > 5%
Token exchange time > 5 seconds
Foundation connectivity issues
Database sync failures

Rollback Triggers

Immediately rollback if:

Auth failure rate > 25%
Unable to authenticate any new users
Data corruption in user_profiles
Foundation connection completely down
Security vulnerability discovered

Testing Status: ⏳ Ready to Test

Once Foundation OAuth credentials are obtained and staging environment is ready, proceed with testing according to this plan.

PreviousPhase 3: The Switchover - Implementation Guide NextPortal Implementation Plan

Last updated 3 months ago

Good afternoon

hashtagPre-Testing Requirements

hashtagTest Scenarios

hashtagTest 1: Login Page Loads Correctly

hashtagTest 2: Foundation Redirect

hashtagTest 3: Foundation Authentication (Manual)

hashtagTest 4: Callback Reception

hashtagTest 5: Token Exchange

hashtagTest 6: User Profile Sync

hashtagTest 7: Dashboard Redirect

hashtagTest 8: Authenticated API Requests

hashtagTest 9: Logout

hashtagTest 10: Redirect Destination (Optional)

hashtagError Testing

hashtagError 1: Invalid Authorization Code

hashtagError 2: Missing Client Secret

hashtagError 3: Foundation Unavailable

hashtagError 4: Expired Authorization Code

hashtagBrowser Compatibility Testing

hashtagPerformance Testing

hashtagPage Load Time

hashtagToken Exchange Time

hashtagUser Flow Testing

hashtagReal User Journey

hashtagDeployment Testing

hashtagStaging Environment

hashtagProduction Deployment

hashtagTest Report Template

hashtagMonitoring After Deployment

hashtagKey Metrics to Monitor

hashtagAlert Thresholds

hashtagRollback Triggers

Pre-Testing Requirements

Test Scenarios

Test 1: Login Page Loads Correctly

Test 2: Foundation Redirect

Test 3: Foundation Authentication (Manual)

Test 4: Callback Reception

Test 5: Token Exchange

Test 6: User Profile Sync

Test 7: Dashboard Redirect

Test 8: Authenticated API Requests

Test 9: Logout

Test 10: Redirect Destination (Optional)

Error Testing

Error 1: Invalid Authorization Code

Error 2: Missing Client Secret

Error 3: Foundation Unavailable

Error 4: Expired Authorization Code

Browser Compatibility Testing

Performance Testing

Page Load Time

Token Exchange Time

User Flow Testing

Real User Journey

Deployment Testing

Staging Environment

Production Deployment

Test Report Template

Monitoring After Deployment

Key Metrics to Monitor

Alert Thresholds

Rollback Triggers