QA -ETC Examiner Access

[rstens]

🧭 Exploratory Testing Charter: Session Management and Examiner Access Logic

🎯 Purpose

Explore session management and IDIR-based authentication processes to ensure users remain securely logged in with alerts before timeouts. Validate that only users with Examiner roles gain access to the Examiner Dashboard upon authentication.

---

🔍 Key Areas to Explore

1️⃣ Session Timeout Alerts and Management

• Trigger: User inactivity for a configured period (e.g., 15 or 30 minutes).
• Expected Outcome:
  • An alert should notify the user 2 minutes before session expiration.
  • The user can extend the session or let it expire.
  • Expired sessions redirect users to the login page with a message.

🌟 Scenarios:

• Session Timeout Warning Alert:
  Given the user has been inactive for X minutes,
  When 2 minutes remain before the session expires,
  Then the system displays an alert with options to extend the session or let it expire.

• Extending the Session:
  Given the user receives the timeout alert,
  When the user clicks "Extend Session",
  Then the inactivity timer resets, and the session remains active.

• Session Expiration:
  Given the user does not take action before the session expires,
  Then the session ends, and the user is redirected to the login page with a session expiration message.

---

2️⃣ IDIR Authentication and Dashboard Access

• Trigger: A user logs in with IDIR credentials.
• Expected Outcome:
  • Only authenticated Examiner role users can access the Examiner Dashboard.
  • The system must validate the user’s role before granting access.

🌟 Scenarios:

• Authenticated IDIR User Accesses the Dashboard:
  Given a user logs in with IDIR,
  When the role is confirmed as Examiner,
  Then the user is directed to the Examiner Dashboard.

• Invalid Role Handling:
  Given a user with an unverified role logs in with IDIR,
  Then the system denies access to the dashboard.

---

3️⃣ Accessibility Testing for Alerts and Login Interfaces

Ensure compliance with accessibility standards for keyboard navigation, screen readers, and low vision users.

🌟 Scenarios:

• Keyboard Navigation:
  Given a keyboard user interacts with the session timeout alert,
  Then all alert elements must be accessible using the Tab key and actionable via Enter/Space keys.

• Screen Reader Support:
  Given a screen reader user receives the session timeout alert,
  Then the alert must announce itself with instructions for the user to extend or let the session expire.

---

🔑 Business Rules Summary

• Session Timeout Alerts:

  • Alerts must appear 2 minutes before the session expires.
  • Users can extend the session or let it expire.
  • Expired sessions redirect users to the login page.

• Role-Based Access:

  • Only users with Examiner roles logging in via IDIR can access the Examiner Dashboard.
  • Users without appropriate roles cannot access the dashboard.

• Accessibility Compliance:

  • Alerts must be accessible to screen readers and navigable using the keyboard.

---

🛠️ Exploration Checklist

• [ ] Validate session alerts display correctly and provide extend/expire options.
• [ ] Confirm sessions extend when the "Extend Session" button is clicked.
• [ ] Verify expired sessions redirect users to the login page with an expiration message.
• [ ] Ensure only IDIR-authenticated Examiner role users can access the Examiner Dashboard.
• [ ] Test role-based access restrictions for unauthorized users.
• [ ] Validate accessibility for screen reader users and keyboard-only navigation on alerts.

---

🚀 Goal

Ensure seamless session management with appropriate timeout alerts and ensure only IDIR-authenticated Examiner users can access the Examiner Dashboard. Provide accessible, intuitive interactions for all users while maintaining security and compliance.

[rstens]

Tester:

• [ ] Done

Session 1: Session Timeout Alerts and Management

• Focus: Validate the behavior of session timeout alerts and actions on expiration.
• Scope: Ensure users are alerted 2 minutes before session expiration, with options to extend or let the session expire. Confirm expired sessions redirect users to the login page with a relevant message.
• Goal: Confirm smooth session management with clear user alerts and appropriate session handling.

Documentation

• Time Spent:
• What did you Test?
• Any Observations You Want to Share?
• Bug Report References:

---

[rstens]

Tester: @fionazhou-jsb

• [x] Done

Session 2: IDIR Authentication and Dashboard Access

• Focus: Validate role-based access to the Examiner Dashboard via IDIR authentication.
• Scope: Ensure only users with the Examiner role can access the dashboard. Confirm that users without the required role are denied access, even with valid IDIR credentials.
• Goal: Ensure correct role-based access control to maintain system security.

Documentation

• Time Spent: 15 mins
• What did you Test? I used my own IDIR with examiner role assigned and redirected to the examiner dashboard. When I used an test IDIR account without examiner role assigned, it redirected me to the examiner dashboard but did not load any information. The loading is just hanging there. Checked with Roland and it's expected behavior
• Any Observations You Want to Share? For future improvement, for users without examiner roles assigned, show them access denied page. Just a very nice-to-have.
• Bug Report References: N/A

---

[rstens]

Tester:

• [ ] Done

Session 3: Accessibility Testing for Alerts and Login Interfaces

• Focus: Ensure session alerts and login interfaces meet accessibility standards.
• Scope: Validate keyboard navigation, screen reader compatibility, and proper announcement of alerts. Confirm all interactive elements are accessible and actionable.
• Goal: Ensure all users, including those with accessibility needs, can interact with the system effectively.

Documentation

• Time Spent:
• What did you Test?
• Any Observations You Want to Share?
• Bug Report References:

---

[rstens]

Tester:

• [ ] Done

Session 4: Business Rules Validation

• Focus: Validate the business rules governing session management and role-based access.
• Scope: Ensure alerts appear 2 minutes before timeout, with proper redirection on session expiration. Confirm that only Examiner role users can access the Examiner Dashboard via IDIR.
• Goal: Ensure compliance with all defined business rules for session handling and dashboard access.

Documentation

• Time Spent:
• What did you Test?
• Any Observations You Want to Share?
• Bug Report References:

---

[rstens]

Tester:

• [ ] Done

Session 5: Key Scenarios and Edge Cases

• Focus: Explore key scenarios and edge cases related to session management and access control.
• Scope: Test scenarios such as interrupted sessions, expired IDIR sessions, and role changes during a session. Validate the behavior of alerts under different network conditions.
• Goal: Identify potential issues or inconsistencies in session and access management logic.

Documentation

• Time Spent:
• What did you Test?
• Any Observations You Want to Share?
• Bug Report References:

---

[rstens]

Tester:

• [ ] Done

Session 6: Usability and Performance Testing

• Focus: Ensure the system performs efficiently under various conditions.
• Scope: Test the behavior of session alerts, login, and dashboard access under different network speeds. Validate that session alerts appear without delay and that Examiner Dashboard access is responsive.
• Goal: Confirm the usability and performance of the system across different environments.

Documentation

• Time Spent:
• What did you Test?
• Any Observations You Want to Share?
• Bug Report References: