Phase 3 Testing Plan

Pre-Testing Requirements

Before running tests, ensure:

1. Environment variables are set:

   Copy

   VITE_FOUNDATION_URL=https://aethex.foundation  # or staging/localhost
   FOUNDATION_OAUTH_CLIENT_SECRET=<received-from-foundation>
   VITE_API_BASE=https://aethex.dev  # or http://localhost:5173

2. Foundation is operational:

   • aethex.foundation is running

   • OAuth endpoints are accessible

   • Test user accounts exist

3. App is running:

   Copy

   npm run dev  # or equivalent for your setup

Test Scenarios

Test 1: Login Page Loads Correctly

Objective: Verify the login page displays Foundation OAuth button

Steps:

1. Navigate to http://localhost:5173/login (or prod URL)

2. Look for "Login with Foundation" button

3. Verify button is visible and clickable

Expected Result:

Success Criteria: ✅ Button visible and no console errors

Test 2: Foundation Redirect

Objective: Verify clicking the button redirects to Foundation

Steps:

1. On login page, click "Login with Foundation" button

2. Observe browser URL change

3. Check redirect parameters

Expected Result:

Success Criteria: ✅ Redirected to Foundation OAuth authorize endpoint

Test 3: Foundation Authentication (Manual)

Objective: User authenticates on Foundation

Steps:

1. You're now on Foundation login page

2. Enter test credentials

3. If prompted, grant aethex.dev permissions

4. Click "Authorize" or similar

Expected Result:

Success Criteria: ✅ Authentication succeeds, no Foundation-side errors

Test 4: Callback Reception

Objective: Verify Foundation redirects back with authorization code

Steps:

1. After Foundation authentication completes

2. Observe browser URL change

3. Look for authorization code in URL

Expected Result:

Success Criteria: ✅ Callback endpoint receives authorization code

Test 5: Token Exchange

Objective: Backend exchanges code for access token

Steps:

1. Monitor network requests in browser Dev Tools

2. Look for POST to /api/auth/exchange-token

3. Check response status

Expected Result:

Success Criteria: ✅ Token received, cookies set, no 401/403 errors

Test 6: User Profile Sync

Objective: Verify user profile created/updated in local database

Steps:

1. After successful login, check database

2. Query user_profiles table

3. Verify user exists with correct data

Database Query:

Success Criteria: ✅ User profile exists in local database with correct data

Test 7: Dashboard Redirect

Objective: User redirected to dashboard after authentication

Steps:

1. After token exchange and profile sync

2. Browser should automatically redirect

3. Check final URL

Expected Result:

Success Criteria: ✅ Dashboard loads, user is authenticated

Test 8: Authenticated API Requests

Objective: User can make authenticated API calls

Steps:

1. On authenticated dashboard

2. Use browser console to test:

Expected Result:

Success Criteria: ✅ API returns 200, user data correct

Test 9: Logout

Objective: Verify logout clears Foundation auth

Steps:

1. On authenticated dashboard

2. Click logout/settings

3. Trigger logout action

4. Verify redirect to login

Expected Result:

**Test command (if logout has UI):

Success Criteria: ✅ Cookies cleared, session terminated

Test 10: Redirect Destination (Optional)

Objective: Verify redirect works when accessing protected page first

Steps:

1. Logout (or clear cookies)

2. Visit protected page: http://localhost:5173/dashboard?next=/admin

3. Get redirected to login

4. Click "Login with Foundation"

5. After auth, should redirect to /admin instead of /dashboard

Expected Result:

Success Criteria: ✅ Redirect destination preserved through auth flow

Error Testing

Error 1: Invalid Authorization Code

How to trigger:

1. Manually modify URL code parameter: ?code=invalid_code

2. Let callback process

Expected Result:

Success Criteria: ✅ Graceful error handling, user redirected to login

Error 2: Missing Client Secret

How to trigger:

1. Unset FOUNDATION_OAUTH_CLIENT_SECRET env var

2. Attempt login

Expected Result:

Success Criteria: ✅ Clear error, server doesn't crash

Error 3: Foundation Unavailable

How to trigger:

1. Stop Foundation service

2. Attempt login

3. Foundation authorize redirects back

Expected Result:

Success Criteria: ✅ Handles offline Foundation gracefully

Error 4: Expired Authorization Code

How to trigger:

1. Wait >10 minutes after Foundation redirect

2. Complete the callback

Expected Result:

Success Criteria: ✅ Clear error, user redirected to login

Browser Compatibility Testing

Test on multiple browsers:

• Chrome/Chromium (latest)

• Firefox (latest)

• Safari (latest)

• Edge (latest)

• Mobile Chrome

• Mobile Safari

Checklist for each browser:

• Login page renders correctly

• Redirect to Foundation works

• Cookies are set (check Dev Tools)

• Dashboard loads after auth

• Logout works

Performance Testing

Page Load Time

Token Exchange Time

Time from receiving auth code to dashboard redirect:

Target: < 2 seconds Acceptable: 2-5 seconds Problematic: > 5 seconds

User Flow Testing

Real User Journey

Step-by-step test with actual user:

1. Visit login page - Fresh browser tab

2. Click "Login with Foundation" - No pre-existing auth

3. Enter test credentials - On Foundation

4. Authorize app - If permission prompt appears

5. Check redirect - Should arrive at dashboard

6. Verify profile - Data should display

7. Test API - Make authenticated request

8. Logout - Clear session

9. Re-login - Ensure can login again

Success: All steps complete without errors

Deployment Testing

Staging Environment

Before deploying to production:

• Deploy Phase 3 code to staging

• Set Foundation OAuth credentials

• Test complete flow on staging

• Verify Foundation integration stable

• Check error handling

• Review logs for issues

• Get team sign-off

Production Deployment

• Backup current auth system

• Deploy Phase 3 code

• Monitor logs closely

• Have rollback plan ready

• Communicate with users

• Watch for auth issues

Test Report Template

Monitoring After Deployment

Key Metrics to Monitor

1. Authentication Success Rate

   • Should be >99%

   • Track failed logins

2. Error Categories

   • Code exchange failures

   • Token validation failures

   • Profile sync failures

3. Performance

   • Token exchange time (target <2s)

   • Dashboard load time after auth

   • API request latency

4. User Feedback

   • Support tickets about login

   • Issues reported by users

   • Accessibility issues

Alert Thresholds

Set alerts for:

• Auth failure rate > 5%

• Token exchange time > 5 seconds

• Foundation connectivity issues

• Database sync failures

Rollback Triggers

Immediately rollback if:

• Auth failure rate > 25%

• Unable to authenticate any new users

• Data corruption in user_profiles

• Foundation connection completely down

• Security vulnerability discovered

Testing Status: ⏳ Ready to Test

Once Foundation OAuth credentials are obtained and staging environment is ready, proceed with testing according to this plan.