Merge pull request 'promote: dev → uat (GRO-1757 SSO auto-provision fix)' (#19 ) from dev into uat

promote: dev → uat (GRO-1757 SSO auto-provision fix)
fix(GRO-1757): add SSO + OOBE test cases to groombook-web UAT_PLAYBOOK (#18 )
2026-05-25 23:48:10 +00:00 · 2026-05-25 23:39:46 +00:00 · 2026-05-24 22:08:59 +00:00 · 2026-05-23 14:13:43 +00:00 · 2026-05-23 14:13:12 +00:00 · 2026-05-21 19:46:41 +00:00
1 changed files with 20 additions and 0 deletions
@@ -78,6 +78,26 @@ export const { signIn, signOut, useSession, changePassword } = authClient;
 | TC-AUTH-5.4.1 | Session persists across page reload | Sign in, reload page | Session remains active |
 | TC-AUTH-5.4.2 | Session clears on sign-out | Sign in, sign out | User is logged out, redirected to login |

+### 5.4.1 SSO Login Journey (Authentik OIDC end-to-end)
+
+| # | Scenario | Steps | Pass Criteria | Fail Criteria |
+|---|----------|-------|---------------|---------------|
+| TC-WEB-SSO-1 | Sign-in page shows SSO button | Navigate to app root URL | Sign-in page displayed with "Sign in with SSO" button visible | No SSO button, 403 before page loads |
+| TC-WEB-SSO-2 | Click SSO redirects to Authentik | Click "Sign in with SSO" button | Browser redirected to Authentik login at auth.farh.net | No redirect, error shown, button does nothing |
+| TC-WEB-SSO-3 | Valid OIDC credentials authenticate | At Authentik, enter valid credentials and authenticate | Redirected back to app with active session | Redirect loop, 403, session not established |
+| TC-WEB-SSO-4 | Post-login dashboard accessible | After SSO flow completes, dashboard loads | Dashboard displays correctly with user identity shown | Blank page, 403, session not active |
+| TC-WEB-SSO-5 | User identity displayed correctly | After SSO login, check header/nav | User name/email/initials shown in nav, role reflected in UI | No user indicator, wrong user shown |
+
+### 5.4.2 OOBE Flow Post-Login
+
+| # | Scenario | Steps | Pass Criteria | Fail Criteria |
+|---|----------|-------|---------------|---------------|
+| TC-WEB-OOBE-1 | Fresh DB shows setup wizard | On fresh DB (no super user), navigate to app | Setup wizard / OOBE screen displayed | Regular login page shown instead of setup |
+| TC-WEB-OOBE-2 | Configure OIDC via setup | During OOBE, configure OIDC auth provider via /api/setup/auth-provider | OIDC configured successfully, no 403 | 403 during setup, config rejected |
+| TC-WEB-OOBE-3 | Setup completes and redirects | Complete OOBE setup with business name | Redirected to app dashboard as super user, setup bypassed on reload | Setup errors, wrong redirect, setup reappears |
+| TC-WEB-OOBE-4 | Admin panel accessible after setup | After completing OOBE, navigate to admin panel | Admin features accessible | 403 on admin panel, insufficient permissions |
+| TC-WEB-OOBE-5 | SSO login during OOBE does not interfere | During fresh OOBE, attempt SSO login before completing setup | SSO login redirected appropriately, setup can still complete | Auto-provision creates staff prematurely, setup flow broken |
+
 ### 5.5 Dashboard

 | # | Scenario | Steps | Expected |
Author	SHA1	Message	Date
Lint Roller	8349ea00de	Merge pull request 'promote: dev → uat (GRO-1757 SSO auto-provision fix)' (#19 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 33s Details CI / Build & Push Docker Image (push) Successful in 14s Details CI / Test (pull_request) Successful in 19s Details CI / Lint & Typecheck (pull_request) Successful in 24s Details CI / Build & Push Docker Image (pull_request) Successful in 15s Details promote: dev → uat (GRO-1757 SSO auto-provision fix)	2026-05-25 23:48:10 +00:00
Scrubs McBarkley	b630b40c92	fix(GRO-1757): add SSO + OOBE test cases to groombook-web UAT_PLAYBOOK (#18 ) CI / Test (push) Successful in 22s Details CI / Lint & Typecheck (push) Successful in 28s Details CI / Build & Push Docker Image (push) Successful in 9s Details CI / Test (pull_request) Successful in 20s Details CI / Lint & Typecheck (pull_request) Successful in 29s Details CI / Build & Push Docker Image (pull_request) Successful in 17s Details	2026-05-25 23:39:46 +00:00
Flea Flicker	db892409ef	fix(GRO-1633): add buildx network=host and provenance:false to web CI (#17 ) CI / Test (push) Successful in 17s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Image (push) Successful in 9s Details	2026-05-24 22:08:59 +00:00
The Dogfather	0306c7fbd9	Merge pull request 'chore(GRO-1592): promote dev→uat SSO session cookie fix' (#16 ) from promote-uat-gro1592 into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Image (push) Failing after 39s Details	2026-05-23 14:13:43 +00:00
Chris Farhood	93da2f1dd8	chore: promote dev→uat for GRO-1592 SSO session cookie fix CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Test (pull_request) Successful in 18s Details CI / Build & Push Docker Image (pull_request) Failing after 41s Details - Fixed frontend auth client baseURL fallback to use window.location.origin - Added UAT test coverage (TC-AUTH-5.3.4) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:13:12 +00:00
The Dogfather	62cbfe4e43	Merge pull request 'promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence)' (#14 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Image (push) Successful in 9s Details promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence) (#14) Merged-By: The Dogfather (CTO) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:46:41 +00:00
The Dogfather	db6a2a1bbf	Merge pull request 'promote: dev → uat (Renovate config, GRO-1081)' (#11 ) from dev into uat promote: dev → uat (Renovate config, GRO-1081) Merge PR #11: dev → uat promotion Includes: chore: add Renovate config (GRO-1081)	2026-05-20 12:42:04 +00:00
The Dogfather	032a3796ba	Merge pull request 'chore: promote dev to uat (CI Docker registry fix)' (#10 ) from dev into uat chore: promote dev to uat (CI Docker registry fix) (#10) Promotes GRO-1348 CI registry fix to UAT.	2026-05-20 11:17:21 +00:00
the-dogfather-cto[bot]	cac8fc947e	chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md	2026-05-14 21:13:56 +00:00
the-dogfather-cto[bot]	592be1301c	chore: promote dev to uat (#3 ) chore: promote dev to uat	2026-05-11 13:19:33 +00:00