# MyEasyCMS v2 — Comprehensive QA Test Plan ## Test Environment - App: localhost:3000 (Docker) - Supabase: localhost:8000 (Kong gateway) - Studio: localhost:54323 - DB: supabase/postgres:15.8.1.060 ## Test Accounts | Email | Password | Role | Team | |-------|----------|------|------| | super-admin@makerkit.dev | testingpassword | Super Admin | - | | test@makerkit.dev | testingpassword | Owner | Makerkit | | owner@makerkit.dev | testingpassword | Owner | Makerkit | | member@makerkit.dev | testingpassword | Member | Makerkit | | custom@makerkit.dev | testingpassword | Custom | Makerkit | ## Test Categories ### A. Authentication & Authorization (12 tests) ### B. Public Pages (8 tests) ### C. Team Dashboard & Navigation (10 tests) ### D. Member Management CRUD (15 tests) ### E. Course Management CRUD (10 tests) ### F. Event Management CRUD (8 tests) ### G. Document Generation (8 tests) ### H. Newsletter System (6 tests) ### I. Site Builder & Public Club Pages (12 tests) ### J. Finance / SEPA (6 tests) ### K. Fischerei Module (12 tests) ### L. Sitzungsprotokolle Module (8 tests) ### M. Verbandsverwaltung Module (8 tests) ### N. Module Activation System (6 tests) ### O. Admin Panel (8 tests) ### P. Public Registration APIs (9 tests) ### Q. Edge Cases & Error Handling (10 tests) ### R. Permission Boundaries (8 tests) Total: ~156 test cases --- ## A. AUTHENTICATION & AUTHORIZATION ### A1. Login — Valid credentials - Setup: Logged out - Steps: Navigate /auth/sign-in, enter test@makerkit.dev / testingpassword, submit - Expected: Redirect to /home, user avatar visible - Pass: URL contains /home, no error toast ### A2. Login — Invalid password - Setup: Logged out - Steps: Enter test@makerkit.dev / wrongpassword, submit - Expected: Error message, stays on sign-in page - Pass: Error alert visible, URL still /auth/sign-in ### A3. Login — Empty fields - Steps: Click submit without entering anything - Expected: Client-side validation prevents submit - Pass: Form doesn't submit, validation indicators shown ### A4. Login — SQL injection attempt - Steps: Enter ' OR 1=1-- as email - Expected: Validation error (not valid email format) - Pass: No crash, proper error message ### A5. Registration — Valid - Steps: Navigate /auth/sign-up, enter unique email, password >= 6 chars, matching repeat - Expected: Account created, redirect to /home - Pass: User exists in DB, logged in ### A6. Registration — Duplicate email - Steps: Try registering with test@makerkit.dev - Expected: "Diese Anmeldedaten werden bereits verwendet" - Pass: Error shown, no crash ### A7. Registration — Weak password - Steps: Enter password "123" - Expected: Validation error (too short) - Pass: Form doesn't submit ### A8. Registration — Mismatched passwords - Steps: Enter different passwords in password and repeat fields - Expected: Validation error - Pass: Form shows mismatch error ### A9. Session persistence - Steps: Login, close tab, open new tab to /home - Expected: Still logged in - Pass: Dashboard loads, not redirected to sign-in ### A10. Logout - Steps: Click account dropdown > "Abmelden" - Expected: Session cleared, redirect to sign-in - Pass: Accessing /home redirects to /auth/sign-in ### A11. Protected route — unauthenticated access - Steps: Clear cookies, navigate to /home/makerkit - Expected: Redirect to /auth/sign-in - Pass: URL changes to sign-in ### A12. Admin route — non-admin access - Steps: Login as member@makerkit.dev, navigate to /admin - Expected: 404 (AdminGuard returns notFound) - Pass: 404 page shown --- ## B. PUBLIC PAGES ### B1. Landing page loads with real content - Expected: "Vereinsverwaltung, die mitwächst", "69.000", "SEPA" - Pass: No placeholder/filler text ### B2. Pricing page - Navigate /pricing - Expected: Pricing table renders ### B3. FAQ page - Navigate /faq - Expected: FAQ items render ### B4. Contact page - Navigate /contact - Expected: Contact form with name/email/message fields ### B5. Blog page - Navigate /blog - Expected: Blog listing (may be empty) ### B6. Legal pages (privacy, terms, cookies) - Navigate /privacy-policy, /terms-of-service, /cookie-policy - Expected: Each loads without error ### B7. Public club page - Navigate /club/makerkit - Expected: Club homepage with Puck content - Pass: Real data (courses, events) shown, not placeholders ### B8. Non-existent club page - Navigate /club/nonexistent - Expected: 404 page - Pass: Proper 404, no crash --- ## C. TEAM DASHBOARD & NAVIGATION ### C1. Team dashboard loads with stats - Login as test@makerkit.dev, navigate /home/makerkit - Expected: 4 stat cards, quick actions, activity feed - Pass: Numbers render (even if 0) ### C2. All sidebar links work - Click each sidebar item: Dashboard, Module, Mitglieder, Kurse, Veranstaltungen, Finanzen, Dokumente, Newsletter, Website - Expected: Each page loads without error ### C3. Account switcher - Click account dropdown > "Arbeitsbereich wechseln" - Expected: Shows list of accounts ### C4. Team settings — rename - Navigate /home/makerkit/settings - Expected: Team name editable, save works ### C5. Team members list - Navigate /home/makerkit/members - Expected: Shows 4 members with roles ### C6. Non-existent team slug - Navigate /home/nonexistent - Expected: Redirect or error page ### C7. Profile settings - Navigate /home/settings (personal) - Expected: Name, language, email change form ### C8. Theme toggle - Click theme toggle in nav - Expected: Dark/light theme switches ### C9. Breadcrumb navigation - Navigate to nested page, click breadcrumb links - Expected: Navigate back correctly ### C10. Mobile responsive (viewport 375px) - Resize to mobile - Expected: Sidebar collapses, hamburger menu works --- ## D. MEMBER MANAGEMENT CRUD ### D1. List members — empty state - Navigate /home/makerkit/members-cms - Expected: Shows "1 Mitglieder insgesamt" (Max Mustermann from earlier test) ### D2. Create member — all fields - Navigate /home/makerkit/members-cms/new - Fill: Vorname=Anna, Nachname=Schmidt, Email=anna@test.de, PLZ=93047, Ort=Regensburg - Expected: Member created, redirect to list ### D3. Create member — required fields only - Fill: Vorname=Test, Nachname=Minimal - Expected: Created successfully ### D4. Create member — empty required fields - Submit with empty Vorname - Expected: Validation error ### D5. Create member — invalid email format - Enter email "notanemail" - Expected: Validation error ### D6. Create member — duplicate email - Create member with same email as existing - Expected: DB constraint error or validation ### D7. View member detail - Click on member name in list - Expected: Detail page with all fields ### D8. Edit member - Navigate to member edit page - Change Vorname, save - Expected: Updated in DB and UI ### D9. Search members - Type in search box - Expected: List filters in real-time or on submit ### D10. Filter by status - Use status dropdown - Expected: Only matching members shown ### D11. Member with SEPA mandate - Create member with IBAN field filled - Expected: IBAN saved correctly ### D12. Member import - Navigate /home/makerkit/members-cms/import - Expected: Import wizard loads ### D13. Member statistics - Navigate /home/makerkit/members-cms/statistics - Expected: Statistics page loads ### D14. Member departments - Navigate /home/makerkit/members-cms/departments - Expected: Department management page ### D15. Pagination - With many members, verify pagination controls work --- ## E. COURSE MANAGEMENT ### E1. Course list — shows existing course - Navigate /home/makerkit/courses - Expected: "Schwimmkurs Anfänger" visible ### E2. Create course — valid - Navigate /home/makerkit/courses/new - Fill required fields, submit - Expected: Created, redirect to courses list ### E3. Course detail - Click on course name - Expected: Detail page with participants, schedule ### E4. Course calendar - Navigate /home/makerkit/courses/calendar - Expected: Calendar view loads ### E5. Course categories - Navigate /home/makerkit/courses/categories - Expected: Category management page ### E6. Course instructors - Navigate /home/makerkit/courses/instructors - Expected: Instructor list ### E7. Course locations - Navigate /home/makerkit/courses/locations - Expected: Location management ### E8. Course statistics - Navigate /home/makerkit/courses/statistics - Expected: Statistics page loads ### E9. Course participants - Navigate to course > participants tab - Expected: Participant list (may be empty) ### E10. Course attendance - Navigate to course > attendance tab - Expected: Attendance tracking page --- ## G. DOCUMENT GENERATION ### G1. Document type selection page - Navigate /home/makerkit/documents - Expected: 6 document types shown ### G2. Generate member cards (PDF) - Select Mitgliedsausweis, fill title, click Generieren - Expected: PDF downloads with .pdf extension - Pass: File downloads, success banner shown ### G3. Generate labels (HTML) - Select Etiketten, fill title, click Generieren - Expected: HTML file downloads with .html extension ### G4. Generate report (Excel) - Select Bericht, fill title, click Generieren - Expected: XLSX downloads with .xlsx extension ### G5. Coming soon types (invoice, letter, certificate) - Select Rechnung - Expected: "Demnächst verfügbar" banner, button disabled ### G6. Generate with empty title - Leave title blank, try to submit - Expected: Validation prevents submit (required field) ### G7. Generate with no members - Create new account with no members, try generating - Expected: Error "Keine aktiven Mitglieder" ### G8. Document templates page - Navigate /home/makerkit/documents/templates - Expected: Page loads, shows empty state --- ## I. SITE BUILDER & PUBLIC CLUB PAGES ### I1. Site builder list - Navigate /home/makerkit/site-builder - Expected: Shows pages list (hello, Über uns) ### I2. Create new page - Navigate /home/makerkit/site-builder/new - Fill title + slug, submit - Expected: Page created, Puck editor opens ### I3. Site builder settings - Navigate /home/makerkit/site-builder/settings - Expected: Design settings (name, colors, font, publish toggle) ### I4. Public page — published - Navigate /club/makerkit/hello - Expected: Puck content renders ### I5. Public page — unpublished - Navigate /club/makerkit/ueber-uns - Expected: 404 (not published) ### I6. Public page — non-existent - Navigate /club/makerkit/nonexistent - Expected: 404 ### I7. Course data on public page - /club/makerkit should show "Schwimmkurs Anfänger" - Expected: Real course data, not placeholders ### I8. Course registration form - Click "Anmelden" on a course on the public page - Fill form, submit - Expected: "Anmeldung erfolgreich!" message ### I9. Event registration (no events) - EventList block should show "Keine anstehenden Veranstaltungen" ### I10. Membership application form - Fill "Mitglied werden" form on public page - Submit with valid data - Expected: Application saved in DB ### I11. Membership application — invalid email - Submit with invalid email - Expected: Client-side validation error ### I12. Newsletter signup - Use newsletter signup block - Expected: Subscription created or error --- ## N. MODULE ACTIVATION SYSTEM ### N1. Module toggles page shows all modules - Navigate /home/makerkit/modules - Expected: Fischerei, Sitzungsprotokolle, Verbandsverwaltung toggles visible ### N2. Activate Fischerei - Toggle Fischerei ON - Expected: "Fischerei" appears in sidebar ### N3. Deactivate Fischerei - Toggle Fischerei OFF - Expected: "Fischerei" disappears from sidebar ### N4. Activate Sitzungsprotokolle - Toggle ON - Expected: "Sitzungsprotokolle" appears in sidebar ### N5. Activate Verbandsverwaltung - Toggle ON - Expected: "Verbandsverwaltung" appears in sidebar ### N6. Direct URL access to deactivated module - Deactivate Fischerei, navigate /home/makerkit/fischerei - Expected: Page still loads (data exists) but not in sidebar --- ## P. PUBLIC REGISTRATION APIS ### P1. Course registration — valid - POST /api/club/course-register with valid courseId, name, email - Expected: 200 { success: true } ### P2. Course registration — missing fields - POST without email - Expected: 400 error ### P3. Course registration — invalid courseId - POST with random UUID - Expected: DB error or 500 ### P4. Event registration — valid - POST /api/club/event-register with valid data - Expected: 200 success (need an event first) ### P5. Membership application — valid - POST /api/club/membership-apply with all fields - Expected: Row inserted in membership_applications ### P6. Membership application — invalid email - POST with email "notanemail" - Expected: 400 validation error ### P7. Membership application — missing accountId - POST without accountId - Expected: Error ### P8. Rate limiting (if any) - Send 100 rapid POSTs - Expected: No crash (may or may not rate limit) ### P9. XSS in form fields - Submit as firstName - Expected: Stored as text, not executed on render --- ## Q. EDGE CASES & ERROR HANDLING ### Q1. API healthcheck - GET /api/healthcheck - Expected: { services: { database: true } } ### Q2. 404 for unknown route - Navigate /nonexistent - Expected: 404 page with "Seite nicht gefunden" ### Q3. Direct DB access via PostgREST (anon) - GET localhost:8000/rest/v1/members (anon key, no auth) - Expected: Empty array (RLS blocks anon) ### Q4. JWT expiration handling - Login, wait for token expiry (3600s), try action - Expected: Auto-refresh or redirect to login ### Q5. Concurrent writes - Two users edit same member simultaneously - Expected: Last write wins, no crash ### Q6. Very long text input - Enter 10000 char string in a text field - Expected: Validation limits or graceful handling ### Q7. Unicode/emoji in names - Create member with name "Müller-Lüdenscheidt 🎣" - Expected: Saved and displayed correctly ### Q8. Browser back button - Navigate deep, press back - Expected: Previous page loads correctly ### Q9. Double form submission - Click submit twice rapidly - Expected: Only one record created (isPending disables button) ### Q10. Network disconnect during submit - Submit form, disconnect network mid-request - Expected: Error message, no partial data corruption