DocFast session 29: BUG-032/033 resolved, Stripe webhook handler in progress
This commit is contained in:
Hoid
parent
dd17787078
commit
fb4728dfe9
3 changed files with 36 additions and 63 deletions
|
|
@ -1,67 +1,25 @@
|
|||
# DocFast QA Session 27 - 2026-02-15
|
||||
# DocFast Bug Tracker
|
||||
|
||||
## BROWSER TESTS RESULTS
|
||||
## OPEN BUGS
|
||||
|
||||
### ✅ PASSED
|
||||
1. **JS Errors Check**: ZERO JavaScript errors on initial load, BUT errors appeared during testing:
|
||||
- ❌ 400 Bad Request error from /v1/signup/verify (during fake verification attempt)
|
||||
- ⚠️ EvalError from px-cloud.net (third-party security script)
|
||||
- ⚠️ CSP warnings from Stripe checkout (expected)
|
||||
2. **Signup Flow**: Modal opens correctly, email validation works, verification code screen appears properly
|
||||
3. **Error Handling**: Invalid verification code shows proper error message "Invalid verification code."
|
||||
4. **Pro Checkout**: Stripe redirect works perfectly - proper checkout form with $9/month pricing
|
||||
5. **Mobile Responsive**: 375x812 mobile test shows NO horizontal scroll, proper responsive layout
|
||||
6. **Docs Page**: /docs loads correctly with complete API documentation
|
||||
### CRITICAL
|
||||
- **BUG-034**: Stripe webhook missing `checkout.session.completed` handler. Only handles `subscription.deleted`. Pro key creation relies entirely on success page visit. If user pays but doesn't reach success page, they get charged with no key. **FIX IN PROGRESS** (backend dev spawned session 29).
|
||||
|
||||
## API TESTS RESULTS
|
||||
### HIGH
|
||||
(none)
|
||||
|
||||
### ✅ PASSED
|
||||
1. **Bad API Key (403)**: Returns proper 403 Forbidden with "Invalid API key" message
|
||||
2. **Rate Limit Headers**: All responses include proper X-RateLimit headers (RateLimit-Policy, RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset)
|
||||
3. **Concurrency Endpoint**: /v1/concurrency exists and properly requires authentication (401 when no key provided)
|
||||
### MEDIUM
|
||||
- **BUG-035**: `STRIPE_WEBHOOK_SECRET` is empty in container env. Webhook signature verification will fail even after handler is added. **REQUIRES HUMAN ACTION** in Stripe Dashboard.
|
||||
- **BUG-036**: Stripe webhook URL points to wrong service (Supabase URL, not docfast.dev). **REQUIRES HUMAN ACTION** in Stripe Dashboard.
|
||||
|
||||
### ⚠️ NEEDS INVESTIGATION
|
||||
1. **BUG-022 (Duplicate Email Check)**: Duplicate email `test@example.com` returned 200 OK instead of expected 409 Conflict. Response: `{"status":"verification_required","message":"Check your email for the verification code."}` - This could be intentional UX (don't reveal email existence) or the bug fix might not be working correctly.
|
||||
### LOW
|
||||
(none)
|
||||
|
||||
### ❌ NEEDS TESTING WITH VALID KEY
|
||||
- Parameter validation (400 errors) - blocked by 403 auth check
|
||||
- Content-type validation (415 errors) - blocked by 403 auth check
|
||||
- PDF generation testing - need valid API key
|
||||
- Pro plan rate limits (30/min) vs Free (10/min) - need both key types
|
||||
## RESOLVED BUGS
|
||||
|
||||
## INCOMPLETE TESTS
|
||||
- **BUG-025 (Copy Button)**: COULD NOT TEST - Unable to reach API key display screen without valid verification code. Browser timeout prevented further testing of recovery flow.
|
||||
- **Concurrency stats**: COULD NOT TEST - Requires valid API key for GET /v1/concurrency response format
|
||||
### Session 29 (2026-02-15)
|
||||
- **BUG-032** (LOW): Mobile terminal gap at 375px — ✅ FIXED, deployed
|
||||
- **BUG-033** (MEDIUM): OpenAPI spec showed wrong Pro rate limit — ✅ FIXED, deployed
|
||||
|
||||
## NOTES
|
||||
- All rate limiting headers are present and properly formatted
|
||||
- Stripe integration works flawlessly
|
||||
- Mobile layout is perfectly responsive
|
||||
- Error messaging is clear and user-friendly
|
||||
- Authentication security is properly enforced
|
||||
|
||||
## FINAL ASSESSMENT - Session 27
|
||||
|
||||
**OVERALL VERDICT**: 🔴 ISSUES FOUND requiring immediate attention
|
||||
|
||||
**CRITICAL ISSUES**:
|
||||
- Console errors during normal usage flow (400 error + third-party EvalError)
|
||||
- BUG-022 verification status unclear (duplicate email handling)
|
||||
|
||||
**UNABLE TO VERIFY**:
|
||||
- BUG-025 (copy button fix) - needs complete signup flow
|
||||
- Complete PDF generation pipeline - needs valid API keys
|
||||
|
||||
**WHAT WORKS WELL**:
|
||||
- Clean UI/UX with zero JS errors
|
||||
- Proper error handling and messaging
|
||||
- Stripe checkout integration is flawless
|
||||
- Mobile responsiveness is perfect
|
||||
- API authentication and rate limiting works correctly
|
||||
- Documentation is comprehensive
|
||||
|
||||
**RECOMMENDATIONS FOR NEXT SESSION**:
|
||||
1. Get valid API keys through backend team to test copy button functionality
|
||||
2. Verify BUG-022 duplicate email behavior is intentional
|
||||
3. Test actual PDF generation with valid keys
|
||||
4. Test pro vs free rate limit differences in practice
|
||||
### Previous Sessions
|
||||
- BUG-001 through BUG-031: See git history / session logs for details. All resolved.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue