SetTimes Testing Plan - Sprint 3.1¶
Date: November 19, 2025 Goal: Production-ready system with 80%+ critical path coverage Timeline: 2 days
🎯 Testing Objectives¶
- Security: No vulnerabilities (SQL injection, XSS, auth bypass)
- Functionality: All critical workflows work end-to-end
- Performance: All pages load in <2 seconds
- Accessibility: WCAG 2.1 AA compliance
- Bug Fixes: No P0/P1 bugs remaining
🔐 Security Audit Checklist¶
Authentication & Authorization¶
- [ ] Login requires valid credentials
- [ ] Session tokens expire correctly
- [ ] RBAC enforces admin/editor/viewer permissions
- [ ] Password reset tokens are secure
- [ ] No auth bypass via direct URL access
- [ ] CSRF protection on all forms
- [ ] Secure cookie flags (httpOnly, secure, sameSite)
SQL Injection Prevention¶
- [ ] All queries use parameterized statements
- [ ] No string concatenation in SQL
- [ ] User input properly sanitized
- [ ] Review all D1 database queries in
/functions/api/
XSS Prevention¶
- [ ] All user input escaped in HTML output
- [ ] React auto-escaping working correctly
- [ ] No
dangerouslySetInnerHTMLwithout sanitization - [ ] Markdown editor sanitizes output
- [ ] URL parameters validated and escaped
Data Validation¶
- [ ] Server-side validation on all endpoints
- [ ] Client-side validation provides UX
- [ ] File uploads restricted (type, size)
- [ ] Photo URLs validated before storage
- [ ] Date inputs validated (no past dates for events)
✅ Critical Workflow Tests (E2E)¶
Workflow 1: Admin Login & Event Creation¶
Steps:
- Navigate to
/admin/login - Login with valid credentials
- Click "Create Event" button
- Fill in event details (name, date, venues)
- Save event
- Verify event appears in list
Expected Result: Event created successfully, appears in admin panel
Test Data:
- Event Name: "Test Band Crawl 2025"
- Date: 2025-12-15
- Status: Draft
Workflow 2: Band Profile Creation & Assignment¶
Steps:
- Login as admin
- Navigate to Bands tab
- Click "Add Band"
- Fill in band details (name, genre, origin, bio)
- Upload photo (or use URL)
- Add social links
- Save band
- Assign band to event with venue and time
- Verify band appears in event lineup
Expected Result: Band profile created, assigned to event, visible in public timeline
Test Data:
- Band Name: "The Testers"
- Genre: "Test Rock"
- Origin: "QA City, ON"
Workflow 3: Public Event Timeline View¶
Steps:
- Navigate to public homepage
/ - Verify event timeline loads
- Click on event to expand
- Verify venues and bands display
- Click on band profile link
- Verify band profile page loads with all data
- Test "Now Playing" badge logic
- Test filtering by venue
- Test filtering by month
Expected Result: All public pages load, data displays correctly, filters work
Workflow 4: Event Publishing Workflow¶
Steps:
- Login as admin
- Select draft event
- Add 3+ venues
- Add 5+ bands with schedules
- Preview event timeline
- Publish event
- Verify event visible on public homepage
- Verify embed code works
- Test unpublish functionality
Expected Result: Published events visible publicly, drafts hidden
Workflow 5: RBAC Permission Testing¶
Steps:
- Create viewer account
- Login as viewer
- Attempt to create event (should fail)
- Attempt to edit event (should fail)
- Verify read-only access works
- Login as editor
- Verify can edit but not delete
- Login as admin
- Verify full access
Expected Result: Permission boundaries enforced correctly
♿ Accessibility Audit (WCAG 2.1 AA)¶
Keyboard Navigation¶
- [ ] All interactive elements keyboard accessible
- [ ] Tab order is logical and intuitive
- [ ] Focus indicators visible on all elements
- [ ] No keyboard traps
- [ ] Skip to main content link present
- [ ] Modal dialogs trap focus correctly
Screen Reader Support¶
- [ ] All images have alt text
- [ ] Form inputs have associated labels
- [ ] ARIA labels on icon buttons
- [ ] Headings hierarchical (h1 → h2 → h3)
- [ ] Landmark regions defined (nav, main, footer)
- [ ] Status messages announced
Color & Contrast¶
- [ ] Text contrast ratio ≥ 4.5:1 (normal text)
- [ ] Text contrast ratio ≥ 3:1 (large text)
- [ ] UI components contrast ratio ≥ 3:1
- [ ] Color not sole indicator of state
- [ ] Focus indicators have 3:1 contrast
Touch Targets¶
- [ ] All buttons min 44x44px touch target
- [ ] Adequate spacing between interactive elements
- [ ] Mobile-friendly tap targets
Motion & Animation¶
- [ ] Respects
prefers-reduced-motion - [ ] No auto-playing animations >5 seconds
- [ ] Parallax effects disable-able
⚡ Performance Testing¶
Page Load Times (Target: <2 seconds)¶
- [ ] Homepage (public timeline): _ ms
- [ ] Admin panel dashboard: _ ms
- [ ] Band profile page: _ ms
- [ ] Event detail page: _ ms
- [ ] Admin login page: _ ms
Bundle Size Analysis¶
- [ ] Main JS bundle size: _ KB
- [ ] CSS bundle size: _ KB
- [ ] Total page weight: _ KB
- [ ] Images optimized (WebP, lazy loading)
Database Query Optimization¶
- [ ] N+1 query problems identified and fixed
- [ ] Indexes on foreign keys
- [ ] Queries use LIMIT appropriately
- [ ] No full table scans on large tables
Caching Strategy¶
- [ ] Static assets have cache headers
- [ ] API responses cached appropriately
- [ ] Cloudflare CDN configured
- [ ] Service worker for offline support (optional)
🐛 Bug Tracking¶
P0 Bugs (Showstoppers)¶
Track critical bugs that prevent core functionality
| ID | Description | Status | Fix Commit |
|---|---|---|---|
| - | - | - | - |
P1 Bugs (High Priority)¶
Track bugs that significantly impact UX but don't break core features
| ID | Description | Status | Fix Commit |
|---|---|---|---|
| - | - | - | - |
P2 Bugs (Medium Priority)¶
Track bugs that should be fixed but aren't critical
| ID | Description | Status | Fix Commit |
|---|---|---|---|
| - | - | - | - |
📱 Mobile Device Testing¶
iOS Safari¶
- [ ] iPhone SE (small screen)
- [ ] iPhone 14 Pro (standard)
- [ ] iPad (tablet)
Android Chrome¶
- [ ] Small phone (360px width)
- [ ] Standard phone (414px width)
- [ ] Tablet (768px width)
Test Scenarios¶
- [ ] Touch interactions work correctly
- [ ] No horizontal scrolling
- [ ] Bottom navigation accessible
- [ ] Forms usable on small screens
- [ ] Images scale correctly
- [ ] Modals display properly
🔍 Code Quality Checks¶
Linting & Formatting¶
- [ ] ESLint passes with no errors
- [ ] Prettier formatting applied
- [ ] No console.log statements in production
- [ ] PropTypes defined for all components
Security Dependencies¶
- [ ]
npm auditshows 0 high/critical vulnerabilities - [ ] All dependencies up to date
- [ ] No unused dependencies
Code Review Checklist¶
- [ ] No hardcoded credentials
- [ ] Environment variables used correctly
- [ ] Error handling comprehensive
- [ ] Loading states on all async operations
- [ ] No TODO comments for critical features
✅ Test Coverage Goals¶
Critical Paths (Must Test)¶
- [x] Sprint 2.0: Design system components render
- [x] Sprint 2.1: Event timeline displays and filters
- [x] Sprint 2.2: Band profiles load with all data
- [x] Sprint 2.3: Admin interface navigation and actions
- [ ] Admin login/logout flow
- [ ] Event creation and publishing
- [ ] Band profile CRUD operations
- [ ] RBAC permission enforcement
- [ ] Public timeline filtering
Nice to Have (Time Permitting)¶
- [ ] User management interface
- [ ] Bulk operations
- [ ] Export functionality
- [ ] Advanced filtering
- [ ] Search functionality
📊 Testing Tools¶
Automated Testing¶
- Frontend: Vitest (if configured)
- E2E: Manual testing (Playwright/Cypress if time permits)
- Accessibility: axe DevTools, Lighthouse
- Performance: Lighthouse, WebPageTest
Manual Testing¶
- Browser DevTools: Network tab, Console, Lighthouse
- Screen Readers: NVDA (Windows), VoiceOver (Mac)
- Mobile Testing: Chrome DevTools device emulation
📝 Test Results Summary¶
Date Tested: **_* *Tested By: Claude (AI Assistant) Environment: Development
Overall Results¶
- Security: ☐ Pass ☐ Fail - Issues: _
- Functionality: ☐ Pass ☐ Fail - Issues: _
- Performance: ☐ Pass ☐ Fail - Issues: _
- Accessibility: ☐ Pass ☐ Fail - Issues: _
- Mobile: ☐ Pass ☐ Fail - Issues: _
P0/P1 Bugs Remaining: _¶
Recommended Actions Before Demo¶
🚀 Production Readiness Checklist¶
- [ ] All P0 bugs fixed
- [ ] Security audit passed
- [ ] Performance targets met (<2s load times)
- [ ] Accessibility compliance verified (WCAG 2.1 AA)
- [ ] Mobile testing complete
- [ ] Error handling graceful
- [ ] Loading states present
- [ ] No console errors in production
- [ ] Environment variables configured
- [ ] Database migrations tested
- [ ] Backup strategy in place
- [ ] Monitoring/logging configured
Status: ☐ READY FOR DEMO ☐ NEEDS WORK
Next Steps: Document findings, fix critical bugs, proceed to Sprint 3.2 (Documentation)