From fa67b75b761ddc57e87c0ca76c1db78ccb13e07a Mon Sep 17 00:00:00 2001 From: Flea Flicker Date: Thu, 28 May 2026 15:01:24 +0000 Subject: [PATCH] docs: add UAT test cases TC-API-8.8 through TC-API-8.11 for SSO bridge MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds manual test cases covering: - TC-API-8.8: valid Better Auth session → portal session (201) - TC-API-8.9: no session → 401 - TC-API-8.10: no matching client → 404 - TC-API-8.11: returned sessionId works on subsequent portal calls Co-Authored-By: Paperclip --- UAT_PLAYBOOK.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/UAT_PLAYBOOK.md b/UAT_PLAYBOOK.md index d03aeea..84bb88d 100644 --- a/UAT_PLAYBOOK.md +++ b/UAT_PLAYBOOK.md @@ -159,6 +159,10 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet | TC-API-8.5 | Add waitlist entry | POST /api/portal/waitlist with pet and service | 201 Created, waitlist entry created | | TC-API-8.6 | View portal invoices | GET /api/portal/invoices | 200 OK, list of client's invoices returned | | TC-API-8.7 | Pay multiple invoices | POST /api/portal/invoices/pay-multiple with invoice IDs | 200 OK, payment intent created | +| TC-API-8.8 | SSO bridge — valid Better Auth session | POST /api/portal/session-from-auth with valid Better Auth session cookie (authenticated SSO user with matching client email) | 201 Created, `{sessionId, clientId, clientName}` returned | +| TC-API-8.9 | SSO bridge — no Better Auth session | POST /api/portal/session-from-auth without Better Auth session cookie | 401 Unauthorized | +| TC-API-8.10 | SSO bridge — no matching client | POST /api/portal/session-from-auth with valid Better Auth session for a user with no client record | 404 Not Found, error "No client record found for this user" | +| TC-API-8.11 | SSO bridge — returned session works on portal routes | After TC-API-8.8, use returned sessionId as `X-Impersonation-Session-Id` header on GET /api/portal/me | 200 OK, client profile returned | ### 4.9 Waitlist