From 54bbb45f5e8cdba7e24070abc70267d38b8cd704 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Thu, 14 May 2026 13:08:40 +0000 Subject: [PATCH] docs(UAT): add rate limit test cases for PR #11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added TC-API-15.1 through TC-API-15.6 covering sign-in/sign-up rate limit boundaries for email and social providers. Refs: GRO-1244 Updated UAT_PLAYBOOK.md ยง4.15 Co-Authored-By: Paperclip --- UAT_PLAYBOOK.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UAT_PLAYBOOK.md b/UAT_PLAYBOOK.md index 68d6d25..c5a8519 100644 --- a/UAT_PLAYBOOK.md +++ b/UAT_PLAYBOOK.md @@ -177,6 +177,17 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet | TC-API-14.4 | Update group notes | PATCH /api/appointment-groups/{id} with notes | 200 OK, notes updated | | TC-API-14.5 | Cancel group | DELETE /api/appointment-groups/{id} | 200 OK, all appointments cancelled | +### 4.15 Rate Limiting + +| # | Scenario | Steps | Expected | +|---|----------|-------|----------| +| TC-API-15.1 | Sign-in email: within limit | POST /api/auth/sign-in/email 10 times within 60s | All requests return 200 OK, no 429 | +| TC-API-15.2 | Sign-in social: within limit | POST /api/auth/sign-in/social 10 times within 60s | All requests return 200 OK, no 429 | +| TC-API-15.3 | Sign-up email: within limit | POST /api/auth/sign-up/email 5 times within 60s | All requests return 200 OK, no 429 | +| TC-API-15.4 | Sign-in email: beyond limit | POST /api/auth/sign-in/email 11 times within 60s | 11th request returns 429 Too Many Requests | +| TC-API-15.5 | Sign-in social: beyond limit | POST /api/auth/sign-in/social 11 times within 60s | 11th request returns 429 Too Many Requests | +| TC-API-15.6 | Sign-up email: beyond limit | POST /api/auth/sign-up/email 6 times within 60s | 6th request returns 429 Too Many Requests | + ## Pass/Fail Criteria **Pass:**