# Future Test Enhancements This document tracks test scenarios to be implemented when corresponding features are added to the Mawidi signup flow. ## Status Legend - 🔴 **Not Started** - Feature not implemented yet - 🟡 **In Progress** - Feature being developed - 🟢 **Complete** - Feature implemented and tested --- ## 1. Google OAuth Testing 🔴 **Prerequisite**: Google OAuth credentials configured in `.env.local` ### Test Scenarios #### Basic Flow ```typescript test('should complete Google OAuth signup flow', async ({ page }) => { // Click Google sign-in button // Handle OAuth popup/redirect // Verify user is created // Check redirect to company-info page }); test('should login existing user via Google OAuth', async ({ page }) => { // Existing Google user signs in // Verify no duplicate account created // Check redirect to dashboard }); ``` #### Error Handling ```typescript test('should handle OAuth cancellation', async ({ page }) => { // User cancels OAuth consent // Verify return to signup page // No partial account created }); test('should handle OAuth errors gracefully', async ({ page }) => { // Simulate OAuth provider error // Check error message displayed // Allow user to retry }); ``` #### Edge Cases ```typescript test('should handle email already registered via password', async ({ page }) => { // User tries Google OAuth with email already used for password signup // Verify account linking or appropriate error }); test('should preserve plan parameter through OAuth flow', async ({ page }) => { // Start signup with ?plan=tier1 // Complete OAuth // Verify plan is saved }); ``` **Files to Create**: - `tests/oauth-google.spec.ts` (~10 tests) --- ## 2. Database Integration Testing 🔴 **Prerequisite**: NoSQL database connected and configured ### Test Scenarios #### CRUD Operations ```typescript test('should persist user data to database', async ({ page }) => { // Complete signup // Query database directly // Verify all fields saved correctly }); test('should prevent duplicate email registration', async ({ page }) => { // Try to register same email twice // Verify database constraint works // Check appropriate error shown }); test('should retrieve user data from database', async ({ page }) => { // Login with existing account // Verify data loaded from DB // Check all fields populated }); ``` #### Transaction Handling ```typescript test('should rollback on registration failure', async ({ page }) => { // Simulate DB error mid-registration // Verify no partial data saved // Database remains consistent }); test('should handle concurrent registration attempts', async () => { // Multiple simultaneous signups // Verify race conditions handled // All registrations succeed or fail cleanly }); ``` #### Performance ```typescript test('should handle large user datasets', async () => { // Query with 10k+ users in DB // Verify performance acceptable // Check pagination works }); test('should use database indexes efficiently', async () => { // Run common queries // Verify execution time < threshold // Check query plans use indexes }); ``` **Files to Create**: - `tests/database-integration.spec.ts` (~15 tests) - `tests/database-performance.spec.ts` (~5 tests) --- ## 3. Email Service Testing 🔴 **Prerequisite**: Email service (SendGrid/AWS SES) configured ### Test Scenarios #### Email Delivery ```typescript test('should send OTP verification email', async ({ page }) => { // Complete signup // Check email sent to correct address // Verify email content/template // Check OTP matches stored code }); test('should send welcome email after verification', async ({ page }) => { // Complete full signup // Verify welcome email sent // Check personalization (name, company) }); test('should include correct links in emails', async ({ page }) => { // Send various email types // Verify all links valid and correct // Check tracking parameters }); ``` #### Error Handling ```typescript test('should handle email delivery failures', async ({ page }) => { // Simulate SMTP error // Verify user can still complete signup // Check retry mechanism }); test('should handle invalid email addresses', async ({ page }) => { // Try signup with bounce-prone email // Verify detection before send // Appropriate error message }); ``` #### Queue Management ```typescript test('should queue emails properly', async () => { // Multiple signups simultaneously // Verify all emails queued // Check delivery order // Monitor queue health }); ``` **Files to Create**: - `tests/email-delivery.spec.ts` (~12 tests) --- ## 4. Additional Auth Methods 🔴 **Prerequisite**: Apple Sign In, Facebook OAuth configured ### Test Scenarios #### Apple Sign In ```typescript test('should complete Apple Sign In flow', async ({ page }) => { // Click Apple sign-in button // Handle Apple OAuth // Verify user created }); test('should handle Apple "Hide My Email"', async ({ page }) => { // User uses Apple relay email // Verify system handles it // Check communication works }); ``` #### Facebook OAuth ```typescript test('should complete Facebook OAuth flow', async ({ page }) => { // Click Facebook button // Handle OAuth // Map profile data correctly }); ``` #### Account Linking ```typescript test('should link accounts with same email', async ({ page }) => { // User has password account // Signs in with Google (same email) // Verify accounts linked, not duplicated }); test('should handle provider conflicts', async ({ page }) => { // Email exists with different provider // Clear messaging to user // Options to resolve conflict }); ``` **Files to Create**: - `tests/oauth-apple.spec.ts` (~8 tests) - `tests/oauth-facebook.spec.ts` (~8 tests) - `tests/account-linking.spec.ts` (~6 tests) --- ## 5. Password Reset Flow 🔴 **Prerequisite**: Password reset endpoints implemented ### Test Scenarios #### Request Flow ```typescript test('should send password reset email', async ({ page }) => { // Navigate to forgot password // Enter email // Verify reset email sent }); test('should generate secure reset tokens', async ({ page }) => { // Request password reset // Verify token is cryptographically secure // Check token stored correctly }); test('should expire reset tokens after time limit', async ({ page }) => { // Generate reset token // Wait past expiration // Verify token rejected }); ``` #### Reset Process ```typescript test('should reset password with valid token', async ({ page }) => { // Click reset link // Enter new password // Verify password updated // Can login with new password }); test('should invalidate token after use', async ({ page }) => { // Use reset token // Try to use same token again // Verify rejected }); ``` #### Security ```typescript test('should rate limit reset requests', async ({ page }) => { // Request resets multiple times quickly // Verify rate limiting active // Prevent abuse }); test('should not reveal if email exists', async ({ page }) => { // Request reset for non-existent email // Same success message as existing email // Prevent email enumeration }); ``` **Files to Create**: - `tests/password-reset.spec.ts` (~10 tests) --- ## 6. Phone Verification / SMS OTP 🔴 **Prerequisite**: SMS service (Twilio) configured ### Test Scenarios #### Phone Number Validation ```typescript test('should validate GCC phone numbers', async ({ page }) => { // Enter various GCC formats // Verify all valid formats accepted // Invalid formats rejected }); test('should format phone numbers consistently', async ({ page }) => { // Enter phone with/without country code // Verify stored in E.164 format }); ``` #### SMS Delivery ```typescript test('should send SMS OTP', async ({ page }) => { // Enter phone number // Verify SMS sent // Check OTP matches stored code }); test('should handle international numbers', async ({ page }) => { // Test all GCC country codes // Verify routing correct // Check delivery success }); ``` #### Verification ```typescript test('should verify correct OTP', async ({ page }) => { // Receive SMS OTP // Enter code // Verify acceptance }); test('should reject expired SMS OTP', async ({ page }) => { // Wait past OTP expiration // Try to verify // Verify rejected }); test('should allow SMS OTP resend', async ({ page }) => { // Request OTP // Click resend // Verify new OTP sent // Old OTP invalidated }); ``` #### Error Handling ```typescript test('should handle SMS delivery failures', async ({ page }) => { // Simulate carrier error // Provide alternative verification // Log failure for retry }); test('should handle invalid phone numbers', async ({ page }) => { // Enter disconnected number // Detect before sending // Provide helpful error }); ``` **Files to Create**: - `tests/phone-verification.spec.ts` (~12 tests) - `tests/sms-delivery.spec.ts` (~8 tests) --- ## Implementation Checklist When implementing each feature: - [ ] Write tests FIRST (TDD approach) - [ ] Ensure tests fail before implementation - [ ] Implement feature - [ ] All tests pass - [ ] Code review - [ ] Update this document - [ ] Update main test documentation - [ ] Deploy to staging - [ ] Run full test suite - [ ] Deploy to production ## Test Coverage Goals | Feature | Target Coverage | |---------|----------------| | OAuth (Google) | 95% | | Database | 90% | | Email Service | 90% | | OAuth (Others) | 95% | | Password Reset | 95% | | Phone/SMS | 90% | ## Performance Benchmarks | Test Suite | Max Execution Time | |------------|-------------------| | OAuth | 30 seconds | | Database | 45 seconds | | Email | 60 seconds | | Password Reset | 30 seconds | | Phone/SMS | 45 seconds | ## Notes - Keep test data realistic but anonymized - Use test accounts, never production data - Mock external services when possible - Keep tests independent and idempotent - Document any test-specific configuration --- **Maintained By**: Mawidi Development Team **Last Updated**: October 2025 **Current Test Suite**: `signup-flow.spec.ts` (21/21 passing ✅)