Skip to main content

Quality Assurance

This document contains some examples of test cases for each feature implemented on the backend.

Live development server: http://systers-mentorship-dev.eu-central-1.elasticbeanstalk.com/

Tools:

  • Create disposable emails to create accounts and verify them. You can use https://temp-mail.org/ to generate the emails and verify them;
  • Test the REST API with Swagger UI provided in the link of the deployed server;
  • Test the REST API using Postman (if you feel comfortable with this).

Notes:

  • Outcome Fail means the test case as no effect in the database, so no changes are done in the data. An error message should be returned;
  • Outcome Success means e that the test case was successful and had an effect in the database, so this changes/effect should be visible on the database. E.g.: If a user is registered successfully, you should be able to login, and be seen using the GET /users API;
  • When testing something make sure only one aspect of the test is failing the requirements;
  • “Logged in” means that a valid access token is being sent in the Authorization header;
  • Nonrestricted API will have a marker -> (not restricted);
  • A user can login successfully only if the email is verified.

Access to restricted APIs#

  • This is the possible test cases when accessing a restricted API;
  • The only unrestricted APIs are: POST /login, POST /register, GET /user/confirm_email/{token}, POST/user/resend_email;
  • Fail cases mean that you cannot access the app data and you’ll receive an error message regarding the authentication token;
  • _This cases should override any potential success outcome from a restricted API._
Test CaseOutcome
Send an Authorization header field containing: Bearer <access_token>. This token is valid, not expired, from a verified userSuccess
Not send the access tokenFail
Access token is expiredFail
Invalid token (e.g.: "asdf", "gnvindgins", something not returned from POST /login)Fail
(weird case) Valid token, but the user was deletedFail

Users#

Login#

Service: POST /login

Test CaseOutcome
Login an already registered and verified User with the correct username and passwordSuccess
Login an already registered and verified User with correct email and passwordSuccess
Login an already registered User with correct email and password, with email unverifiedFail
Login an already registered and verified User with correct email/username and wrong passwordFail
Login a User with non-existing emailFail
Login a User with non-existing usernameFail

Register#

Service: POST /register

Test CaseOutcome
Register a User with all fields present in the request body and valid (not empty, username and email are unique, email is a valid one) onesSuccess
Register a User with terms and conditions checked (=True)Success
Register User without sending Authorization Header with tokenSuccess
Register a User with terms and conditions unchecked (=False)Fail
Register a User with username and email from an already existing UserFail
Register a User with one of the these fields missing from the request body: name, username, email, terms_and_conditions, passwordFail
Register a User with one of the these fields empty from the request body: name, username, email, terms_and_conditions, passwordFail
Register a User with invalid email (invalid does not respect e.g.: {A-Z, a-z, 0-9, _,-}@{A-Z, a-z, 0-9}.{A-Z, a-z, 0-9})Fail

Change Password#

Service: PUT /user/change_password

Test CaseOutcome
Change password to a different password from the current oneSuccess
Change password to a password equal to the current oneFail
Change password to an empty passwordFail
Change password to a password with white spacesFail

Update User#

Service: PUT /user

Test CaseOutcome
TBDSuccess
Change username to a username already being used by another UserFail

Resend verification email#

Service: POST /user/resend_email

Test CaseOutcome
Email in request body is an email from an existing user which is unverifiedSuccess
Email in request body does not belong to a registered UserFail
Email in request body is from a Verified UserFail

Mentorship Relation#

Send request#

Service: POST /mentorship_relation/send_request

Test CaseOutcome
A User1 sends a request to a User2 which is not currently involved in a mentorship relation and has the email verifiedSuccess
A User1 sends a request to a User2 which is in involved in a mentorship relation and has the email verifiedFail
A User1 sends a request to a non existing User2 (user_id does not match any user in database)Fail
A User1 sends a request to a User2 which is not involved in a mentorship relation and has the email verified. But the User1 is involved in a current mentorship relationFail
A User1 sends a request to itself User1Fail
A User1 sends a request to a User2, which does not have its email verifiedFail

Delete Relation#

Service: DELETE /mentorship_relation/{request_id}

Test CaseOutcome
A user that creates a mentorship request X deletes this mentorship request XSuccess
A user that creates a mentorship request X deletes this mentorship request X (without token being sent in Authorization Header)Fail
A user that did not create mentorship request X tries to deletes mentorship request XFail
A user that tries to delete mentorship request X that does not exist (i.e., request_id does not exist in the system)Fail

Accept Relation#

Service: PUT /mentorship_relation/{request_id}/accept

Test CaseOutcome
Assuming User1 sent request X to User2, User2 accepts this request, while User2 is NOT involved in a current mentorship relationSuccess
Assuming User1 sent request X to User2, User2 accepts this request, while User2 is involved in a current mentorship relationFail
Assuming User1 sent request X to User2, User1 accepts this requestFail
User1 accepts a mentorship relation which the User1 is not involved withFail

Reject Relation#

Service: PUT /mentorship_relation/{request_id}/reject

Test CaseOutcome
Having User1 sending a request to User2, User2 rejects this requestSuccess
Having User1 sending a request to User2, User1 rejects this requestFail
User1 rejects a mentorship relation which the User1 is not involved withFail

Cancel Relation#

Service: PUT /mentorship_relation/{request_id}/cancel

Test CaseOutcome
User1 (sent the request) cancels a mentorship relation that it is currently involved with User2 (the relation is in an ACCEPTED state)Success
User2 (received the request) cancels a mentorship relation that it is currently involved with User1 (the relation is in an ACCEPTED state)Success
User1 cancel a mentorship relation which the User1 is not involved withFail

Admins#

Only admin users have access to this.

Assign a new admin#

Service: POST /admin/new

Test CaseOutcome
An Admin User assigns admin role to a non-admin user ( both users should have email verified)Success
A User which is not an Admin assigns admin role to any user (does not matter if the user being assigned is admin or not)Fail
A User which is not an Admin assigns admin role to itselfFail
An Admin User assigns admin role to a non-existent UserFail

Revoke an admin role#

Service: POST /admin/remove

Test CaseOutcome
Revoking an admin user which is an admin, when the current user is an adminSuccess
Revoking a non-admin user, when the current user is an adminFail
Revoking a non-existent userFail
Revoke self the admin role when self is the only adminFail
Revoke self the admin role when self is not the only adminSuccess
Revoking an admin user, when the current user is not an adminFail