QA Scenarios

0/66 steps passed

S1. Sign-up & activation

Create an account, activate it with the emailed token, verify token single-use and /me state.

0/6 pass · 0 fail · 0%
Pre: Backend running (php artisan serve) · MAIL_MAILER=log — tokens land in storage/logs/laravel.log

S2. Sign-in & session

Authenticate with email/password, verify /me shape on a fresh account, and confirm sign-out revokes the token.

0/5 pass · 0 fail · 0%
Pre: Account from S1 exists

S3. Password reset

Run the ask → token → update-password flow and verify ALL bearer tokens are revoked.

0/6 pass · 0 fail · 0%
Pre: Account exists · MAIL_MAILER=log

S4. Email change

Change the account email via the two-step token flow; verify conflict handling does not burn the token.

0/6 pass · 0 fail · 0%
Pre: Signed in · A second account exists (for the conflict step) · MAIL_MAILER=log

S5. Profile creation

Check username availability rules and create the one-and-only profile for an account.

0/6 pass · 0 fail · 0%
Pre: Signed in with an account that has NO profile yet · A second account for the case-insensitivity step

S6. Profile update

Verify PATCH /profile/update field-by-field semantics, null coercion, unknown-field tolerance, and payload limits.

0/6 pass · 0 fail · 0%
Pre: Signed in with a profile (S5 complete)

S7. Profile visibility

A private profile disappears from public lookup but stays visible to its owner.

0/4 pass · 0 fail · 0%
Pre: Signed in with a profile

S8. Avatar & media boxes

Exercise avatar replacement, media-box upload limits, and both delete-by-id and delete-by-url paths.

0/6 pass · 0 fail · 0%
Pre: Signed in with a profile · Backend has run php artisan storage:link

S9. Analytics ingestion

Fire every event type at the public tracking endpoint and confirm validation, privacy, and throttling.

0/5 pass · 0 fail · 0%
Pre: A PUBLIC profile exists (S5/S7) · Know its profile_id (GET /profile?username=…)

S10. Analytics dashboard

Verify totals, zero-filled series, top_links, range validation, and unique-visitor dedupe on GET /profile/analytics.

0/6 pass · 0 fail · 0%
Pre: Events fired in S9 · Signed in as the profile owner

S11. Featured profiles & rich URL

Check the featured listing (backend-managed flag) and the rich-url scraper including its FAILED-not-error contract.

0/6 pass · 0 fail · 0%
Pre: A public profile exists · Backend shell access for tinker

S12. Billing negative paths

Exercise the Stripe endpoints without Stripe credentials: auth gate, price whitelist, webhook signature.

0/4 pass · 0 fail · 0%
Pre: Signed in (for the price_id steps) · No Stripe setup required