sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

major refactoring adding vendor and customer features

Browse Source
This commit is contained in:
Samir Boulahtit
2025-10-11 09:11:42 +02:00
parent dd16198276
commit 199be1f1b9
16 changed files with 6878 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

745
docs/__Dev-Slice1/slice1_testing_checklist.md Normal file
View File

@@ -0,0 +1,745 @@
# Slice 1 Testing Checklist
## Comprehensive Testing Guide for Admin → Vendor Creation → Vendor Login
Use this checklist to verify that Slice 1 is working correctly before moving to Slice 2.
## 🎯 Testing Overview
This checklist covers:
- ✅ Backend API functionality
- ✅ Frontend user interface
- ✅ Database integrity
- ✅ Security and authentication
- ✅ Vendor isolation
- ✅ Error handling
---
## 1⃣ Backend API Tests
### Authentication Endpoints
#### Test: Admin Login
```bash
curl -X POST http://localhost:8000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"admin123"}'
```
**Expected Response**:
```json
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
"token_type": "bearer",
"expires_in": 1800,
"user": {
"id": 1,
"username": "admin",
"email": "admin@platform.com",
"role": "admin",
"is_active": true
}
}
```
- [ ] Response status is 200
- [ ] Token is returned
- [ ] User role is "admin"
- [ ] Token is valid JWT format
#### Test: Invalid Login
```bash
curl -X POST http://localhost:8000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"wrongpassword"}'
```
**Expected Response**:
```json
{
"detail": "Incorrect username or password"
}
```
- [ ] Response status is 401 or 400
- [ ] Error message is returned
- [ ] No token is provided
#### Test: Get Current User
```bash
TOKEN="your_admin_token_here"
curl -X GET http://localhost:8000/api/v1/auth/me \
-H "Authorization: Bearer $TOKEN"
```
**Expected Response**:
```json
{
"id": 1,
"username": "admin",
"email": "admin@platform.com",
"role": "admin",
"is_active": true,
"created_at": "2025-01-15T10:00:00",
"updated_at": "2025-01-15T10:00:00"
}
```
- [ ] Response status is 200
- [ ] User details are correct
- [ ] Timestamps are present
### Vendor Management Endpoints
#### Test: Create Vendor
```bash
TOKEN="your_admin_token_here"
curl -X POST http://localhost:8000/api/v1/admin/vendors \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"vendor_code": "TESTVENDOR",
"name": "Test Vendor Store",
"subdomain": "testvendor",
"owner_email": "owner@testvendor.com",
"description": "Test vendor for verification"
}'
```
**Expected Response**:
```json
{
"id": 1,
"vendor_code": "TESTVENDOR",
"subdomain": "testvendor",
"name": "Test Vendor Store",
"owner_user_id": 2,
"owner_email": "owner@testvendor.com",
"owner_username": "testvendor_owner",
"temporary_password": "Xy7$mK9p!Qz2",
"is_active": true,
"is_verified": true,
"created_at": "2025-01-15T10:05:00"
}
```
- [ ] Response status is 200 or 201
- [ ] Vendor is created with uppercase code
- [ ] Owner user is created
- [ ] Temporary password is generated
- [ ] Vendor is auto-verified
#### Test: Duplicate Vendor Code
```bash
# Try to create vendor with same code
TOKEN="your_admin_token_here"
curl -X POST http://localhost:8000/api/v1/admin/vendors \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"vendor_code": "TESTVENDOR",
"name": "Another Store",
"subdomain": "anothershop",
"owner_email": "another@test.com"
}'
```
**Expected Response**:
```json
{
"detail": "Vendor with code 'TESTVENDOR' already exists"
}
```
- [ ] Response status is 400 or 409
- [ ] Appropriate error message
- [ ] No vendor is created
#### Test: Get All Vendors
```bash
TOKEN="your_admin_token_here"
curl -X GET http://localhost:8000/api/v1/admin/vendors \
-H "Authorization: Bearer $TOKEN"
```
**Expected Response**:
```json
{
"vendors": [
{
"id": 1,
"vendor_code": "TESTVENDOR",
"name": "Test Vendor Store",
"subdomain": "testvendor",
"is_active": true,
"is_verified": true
}
],
"total": 1,
"skip": 0,
"limit": 100
}
```
- [ ] Response status is 200
- [ ] Vendor list is returned
- [ ] Pagination info is included
#### Test: Admin Dashboard Stats
```bash
TOKEN="your_admin_token_here"
curl -X GET http://localhost:8000/api/v1/admin/dashboard \
-H "Authorization: Bearer $TOKEN"
```
**Expected Response**:
```json
{
"platform": {
"name": "Multi-Tenant Ecommerce Platform",
"version": "1.0.0"
},
"users": {
"total_users": 2,
"active_users": 2,
"inactive_users": 0
},
"vendors": {
"total_vendors": 1,
"active_vendors": 1,
"verified_vendors": 1
},
"recent_vendors": [],
"recent_imports": []
}
```
- [ ] Response status is 200
- [ ] Statistics are accurate
- [ ] Recent lists are arrays
### Authorization Tests
#### Test: Non-Admin Cannot Access Admin Endpoints
```bash
# First login as vendor owner
curl -X POST http://localhost:8000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"testvendor_owner","password":"[temp_password]"}'
# Try to access admin endpoint
VENDOR_TOKEN="vendor_token_here"
curl -X GET http://localhost:8000/api/v1/admin/vendors \
-H "Authorization: Bearer $VENDOR_TOKEN"
```
**Expected Response**:
```json
{
"detail": "Admin privileges required"
}
```
- [ ] Response status is 403
- [ ] Access is denied
- [ ] Appropriate error message
#### Test: Unauthenticated Access Denied
```bash
curl -X GET http://localhost:8000/api/v1/admin/vendors
```
**Expected Response**:
```json
{
"detail": "Authorization header required"
}
```
- [ ] Response status is 401
- [ ] No data is returned
---
## 2⃣ Frontend UI Tests
### Admin Login Page
**URL**: `http://localhost:8000/static/admin/login.html`
#### Test: Page Loads Correctly
- [ ] Page loads without errors
- [ ] Login form is visible
- [ ] Username and password fields present
- [ ] Submit button is enabled
- [ ] No console errors (F12)
#### Test: Successful Admin Login
1. Enter username: `admin`
2. Enter password: `admin123`
3. Click "Sign In"
**Expected**:
- [ ] Button shows loading spinner
- [ ] Success message appears
- [ ] Redirects to `/static/admin/dashboard.html`
- [ ] No console errors
#### Test: Failed Login
1. Enter username: `admin`
2. Enter password: `wrongpassword`
3. Click "Sign In"
**Expected**:
- [ ] Error message displayed
- [ ] Form fields highlighted
- [ ] No redirect occurs
- [ ] Can retry login
#### Test: Form Validation
1. Leave username empty
2. Click "Sign In"
**Expected**:
- [ ] Error message for username
- [ ] Form doesn't submit
- [ ] Field is highlighted
### Admin Dashboard
**URL**: `http://localhost:8000/static/admin/dashboard.html`
#### Test: Dashboard Loads
- [ ] Page loads successfully
- [ ] Admin username displayed in header
- [ ] Logout button visible
- [ ] Navigation sidebar present
- [ ] Stats cards show numbers
- [ ] No console errors
#### Test: Statistics Display
- [ ] Total Vendors count is correct
- [ ] Total Users count is correct
- [ ] Active users count matches
- [ ] Verified vendors count matches
- [ ] All stats are numbers (not "-" or "undefined")
#### Test: Navigation
1. Click "Vendors" in sidebar
**Expected**:
- [ ] View changes to vendors list
- [ ] Nav item is highlighted
- [ ] Page doesn't reload
#### Test: Logout
1. Click "Logout" button
2. Confirm logout
**Expected**:
- [ ] Confirmation dialog appears
- [ ] Token is removed from localStorage
- [ ] Redirects to `/static/admin/login.html`
### Vendor Creation Page
**URL**: `http://localhost:8000/static/admin/vendors.html`
#### Test: Form Validation
1. Try to submit empty form
**Expected**:
- [ ] Required field errors shown
- [ ] Form doesn't submit
2. Enter invalid vendor code (lowercase)
**Expected**:
- [ ] Input auto-converts to uppercase
3. Enter invalid subdomain (uppercase)
**Expected**:
- [ ] Input auto-converts to lowercase
4. Enter invalid email
**Expected**:
- [ ] Browser validation catches it
#### Test: Create Vendor Successfully
1. Fill form:
- Vendor Code: `DEMOSTORE`
- Name: `Demo Store`
- Subdomain: `demostore`
- Owner Email: `owner@demostore.com`
2. Click "Create Vendor"
**Expected**:
- [ ] Loading spinner appears
- [ ] Success message displayed
- [ ] Credentials card shows:
- [ ] Vendor Code
- [ ] Subdomain
- [ ] Owner Username
- [ ] Owner Email
- [ ] Temporary Password
- [ ] Login URL
- [ ] Form is hidden
- [ ] Can create another vendor
#### Test: Duplicate Vendor Handling
1. Try to create vendor with existing code
**Expected**:
- [ ] Error message displayed
- [ ] Form stays visible
- [ ] Can fix and retry
### Vendor Login Page
**URL**: `http://localhost:8000/vendor/demostore/login`
#### Test: Vendor Context Detection
- [ ] Page loads correctly
- [ ] Vendor name displayed: "demostore"
- [ ] Form is visible
- [ ] No "Vendor Not Found" message
#### Test: Invalid Vendor URL
**URL**: `http://localhost:8000/vendor/nonexistent/login`
**Expected**:
- [ ] "Vendor Not Found" message
- [ ] Form is hidden
- [ ] Back button visible
#### Test: Vendor Owner Login
1. Enter username from creation: `demostore_owner`
2. Enter temporary password
3. Click "Sign In"
**Expected**:
- [ ] Loading spinner
- [ ] Success message
- [ ] Redirects to vendor dashboard
- [ ] No console errors
### Vendor Dashboard
**URL**: Redirect after login
#### Test: Dashboard Display
- [ ] Page loads successfully
- [ ] Shows "DEMOSTORE Dashboard"
- [ ] Username displayed
- [ ] Vendor info card shows:
- [ ] Vendor Code: DEMOSTORE
- [ ] Owner email
- [ ] Active/Verified badges
- [ ] Context detection info
- [ ] "Coming in Slice 2" message visible
#### Test: Vendor Context Display
- [ ] Correct subdomain shown
- [ ] Context method displayed (path or subdomain)
- [ ] No errors in console
---
## 3⃣ Database Tests
### Check Table Creation
```sql
-- Connect to database
psql -U postgres -d multitenant_ecommerce
-- List all tables
\dt
-- Expected tables:
-- users, vendors, roles, vendor_users
```
- [ ] All required tables exist
- [ ] No missing tables
### Check Admin User
```sql
SELECT id, username, email, role, is_active
FROM users
WHERE role = 'admin';
```
**Expected**:
```
id | username | email | role | is_active
----+----------+-------------------+-------+-----------
1 | admin | admin@platform.com| admin | t
```
- [ ] Admin user exists
- [ ] Role is "admin"
- [ ] Is active
### Check Vendor Creation
```sql
SELECT id, vendor_code, subdomain, name, owner_user_id, is_active, is_verified
FROM vendors
WHERE vendor_code = 'DEMOSTORE';
```
**Expected**:
```
id | vendor_code | subdomain | name | owner_user_id | is_active | is_verified
----+-------------+-----------+------------+---------------+-----------+-------------
1 | DEMOSTORE | demostore | Demo Store | 2 | t | t
```
- [ ] Vendor exists
- [ ] Vendor code is uppercase
- [ ] Subdomain is lowercase
- [ ] Owner user ID is set
- [ ] Is active and verified
### Check Owner User Creation
```sql
SELECT id, username, email, role, is_active
FROM users
WHERE email = 'owner@demostore.com';
```
**Expected**:
```
id | username | email | role | is_active
----+------------------+---------------------+------+-----------
2 | demostore_owner | owner@demostore.com | user | t
```
- [ ] Owner user exists
- [ ] Username follows pattern
- [ ] Email is correct
- [ ] Role is "user" (not admin)
- [ ] Is active
### Check Default Roles
```sql
SELECT id, name, vendor_id
FROM roles
WHERE vendor_id = (SELECT id FROM vendors WHERE vendor_code = 'DEMOSTORE')
ORDER BY name;
```
**Expected**:
```
id | name | vendor_id
----+---------+-----------
1 | Editor | 1
2 | Manager | 1
3 | Owner | 1
4 | Viewer | 1
```
- [ ] All 4 default roles created
- [ ] Roles linked to correct vendor
- [ ] Names are correct
### Check Data Isolation
```sql
-- Create second vendor via API, then check isolation
SELECT v.vendor_code, u.username, u.email
FROM vendors v
JOIN users u ON v.owner_user_id = u.id
ORDER BY v.id;
```
**Expected**:
- [ ] Each vendor has unique owner
- [ ] No shared users between vendors
- [ ] Owner relationships are correct
---
## 4⃣ Security Tests
### Password Hashing
```sql
SELECT username, hashed_password
FROM users
WHERE username IN ('admin', 'demostore_owner');
```
- [ ] Passwords are hashed (not plain text)
- [ ] Hashes start with "$2b$" (bcrypt)
- [ ] Each hash is unique
### JWT Token Validation
```javascript
// In browser console after login:
const token = localStorage.getItem('admin_token');
const parts = token.split('.');
const payload = JSON.parse(atob(parts[1]));
console.log(payload);
```
**Expected**:
```json
{
"sub": "1",
"username": "admin",
"email": "admin@platform.com",
"role": "admin",
"exp": 1705320000,
"iat": 1705318200
}
```
- [ ] Token has 3 parts (header.payload.signature)
- [ ] Payload contains user info
- [ ] Expiration time is set
- [ ] Role is included
### Authorization Boundary
Test that vendors cannot access each other's data:
1. Login as owner of DEMOSTORE
2. Try to access DEMOSTORE2 dashboard
**Expected**:
- [ ] Access denied or context mismatch
- [ ] No data from other vendor visible
---
## 5⃣ Error Handling Tests
### Test Invalid URLs
1. Visit: `http://localhost:8000/vendor//login` (empty subdomain)
**Expected**:
- [ ] Handled gracefully
- [ ] No server error
- [ ] User-friendly message
2. Visit: `http://localhost:8000/vendor/invalid-shop-name/login`
**Expected**:
- [ ] "Vendor Not Found" message
- [ ] No error 500
- [ ] Can navigate back
### Test Network Errors
1. Stop the backend server
2. Try to login from frontend
**Expected**:
- [ ] Error message displayed
- [ ] No infinite loading
- [ ] Can retry
### Test Database Errors
1. Stop PostgreSQL
2. Try to access API endpoint
**Expected**:
- [ ] 503 Service Unavailable or similar
- [ ] Error logged on server
- [ ] No data corruption
---
## 6⃣ Performance Tests
### Page Load Times
- [ ] Admin login page loads < 1 second
- [ ] Dashboard loads < 2 seconds
- [ ] Vendor creation completes < 3 seconds
### API Response Times
```bash
# Measure API response time
time curl -X GET http://localhost:8000/api/v1/admin/vendors \
-H "Authorization: Bearer $TOKEN"
```
- [ ] Most endpoints respond < 500ms
- [ ] Dashboard stats < 1 second
- [ ] Vendor creation < 2 seconds
---
## 7⃣ Cross-Browser Tests
Test in multiple browsers:
- [ ] Chrome: All features work
- [ ] Firefox: All features work
- [ ] Safari: All features work
- [ ] Edge: All features work
---
## ✅ Final Verification
### Complete Flow Test
1. **Admin Login**:
- [ ] Login successful
- [ ] Dashboard displays
2. **Create Vendor**:
- [ ] Form validates correctly
- [ ] Vendor created successfully
- [ ] Credentials displayed
3. **Vendor Login**:
- [ ] Can access vendor login page
- [ ] Login with generated credentials
- [ ] Dashboard displays
4. **Verify Isolation**:
- [ ] Cannot access other vendor's data
- [ ] Context detection works
- [ ] Database shows proper relationships
5. **Admin Management**:
- [ ] Can see all vendors
- [ ] Can verify/unverify vendors
- [ ] Statistics are accurate
### Sign-off Checklist
Before moving to Slice 2, confirm:
- [ ] All backend API tests pass
- [ ] All frontend UI tests pass
- [ ] All database integrity checks pass
- [ ] All security tests pass
- [ ] Error handling works correctly
- [ ] Performance is acceptable
- [ ] Multi-browser compatibility confirmed
- [ ] Documentation is complete
- [ ] Code is committed to version control
---
## 🎉 Congratulations!
If all tests pass, **Slice 1 is complete and production-ready**!
You can now confidently move to **Slice 2: Vendor Imports Products from Letzshop**.