Test Case Template
Test Case TemplateTemplate: Drop — Fintech Payment App
Project: {{PROJECT_NAME}}Drop — Remittance + QR Payments
Version: {{VERSION}}1.0
Date: {{DATE}}2026-02-23
Author: {{AUTHOR}}John (AI Director)
Status: Draft | In Review | Approved
Reviewers: {{REVIEWERS}}Alem Bašić (CEO)
Document History
| Version |
Date |
Author |
Changes |
| 0.1 |
{{DATE}}2026-02-23 |
{{AUTHOR}}John |
Initial drafttest case template with Drop-specific examples |
Format: TC-{{MODULE_CODE}}-{{SEQUENCE}}
| Part |
Description |
Example |
TC |
Test Case prefix (always TC) |
TC |
MODULE_CODE |
2-4 letter module abbreviation |
AUTH, CARTREMPAYQRUSRSECDB, PERF |
SEQUENCE |
3-digit zero-padded number |
001, 042, 100 |
Drop Module Codes:
AUTH — Authentication & OnboardingREM — Remittance (Send Money)QR — QR Payments (Consumer + Merchant)SEC — Security & Input ValidationDB — Database Compliance (no balance, no CVV)PERF — Performance BenchmarksRATE — Exchange Rates APISMK — Smoke Tests (critical path subset)
Examples:
TC-AUTH-001 — Authentication module, firstregistration test caseTC-PAY-REM-015 — PaymentRemittance module, 15thfee calculation test caseTC-CART-003DB-001 — ShoppingDB cartcompliance, module,no 3rdbalance column test case
Related requirement ID: Link to REQ-{AC-{ID}}userFR-{ID} story(functional {{TICKET_ID}}
2. Test Suite Organization
| Suite ID |
Suite Name |
Module |
Test Cases |
Owner |
| TS-AUTH |
Authentication |
Auth moduleauth.test.ts |
TC-AUTH-001 to TC-AUTH-XXX020 |
{{OWNER}}Builder + Validator |
TS-CARTREM |
Shopping CartRemittance |
Cart moduletransactions.test.ts |
TC-CART-REM-001 to TC-CART-XXXREM-020 |
{{OWNER}}Builder + Validator |
TS-PAYQR |
PaymentQR ProcessingPayments |
Payment moduletransactions.test.ts |
TC-PAY-QR-001 to TC-PAY-XXXQR-010 |
{{OWNER}}Builder + Validator |
TS-SMOKESEC |
Security / Validation |
validation.test.ts, middleware.test.ts |
TC-SEC-001 to TC-SEC-030 |
Builder + Validator |
| TS-DB |
DB Compliance |
db.test.ts |
TC-DB-001 to TC-DB-010 |
Builder + Validator |
| TS-RATE |
Exchange Rates |
rates.test.ts |
TC-RATE-001 to TC-RATE-005 |
Builder + Validator |
| TS-PERF |
Performance |
api-benchmarks.test.ts |
TC-PERF-001 to TC-PERF-010 |
Builder + Validator |
| TS-E2E |
E2E User Journeys |
user-flows.spec.ts, full-flows.spec.ts |
TC-E2E-001 to TC-E2E-020 |
Builder + Validator |
| TS-CHAOS |
Input Chaos |
input-chaos.spec.ts |
TC-CHAOS-001 to TC-CHAOS-030 |
Builder + Validator |
| TS-SMK |
Smoke Tests |
Alluser-flows.spec.ts critical paths(subset) |
TC-SMK-001 to TC-SMK-XXX005 |
{{OWNER}}Builder + Validator |
| TS-REG |
Regression Suite |
Full applicationapi-endpoints.test.ts |
All high-priority TCs |
{{OWNER}}Builder + Validator |
3. Individual Test Case Format
Test Case: TC-{{MODULE}}-{{SEQ}}
| Field |
Value |
| ID |
TC-{{MODULE}}-{{SEQ}} |
| Title |
{{CONCISE_DESCRIPTION}} |
| Description |
{{FULL_DESCRIPTION}} — 1-3 sentences explaining what is being verified and why |
| Module / Feature |
{{MODULE_NAME}} |
| Priority |
{{PRIORITY}} — Critical / High / Medium / Low |
| Type |
{{TYPE}} — Functional / Regression / Smoke / Boundary / Negative / Performance / Security / Compliance |
| Requirement |
{{REQ_ID}}AC_ID} / {{STORY_ID}}FR_ID} |
| Automation Status |
{{STATUS}}Automated / Manual / Planned |
| Automation ID |
{test_file_path}:{AUTOMATION_ID}} test_name} |
Preconditions
- {
{PRECONDITION_1}}
- {
{PRECONDITION_2}}
- {
{PRECONDITION_3}}
Test Data
| Field |
Value |
Notes |
Email{Field} |
{{TEST_EMAIL}} |
Test account, pre-created |
Password |
{{TEST_PASSWORD}}value} |
Stored in testVaultwarden vault | "Drop
{{DATA_FIELD}} |
{{VALUE}} |
{{NOTE}}UAT" |
Test Steps
| Step |
Action |
Expected Result |
| 1 |
{{ACTION_1}} |
{{EXPECTED_1}} |
| 2 |
{{ACTION_2}} |
{{EXPECTED_2}} |
| 3 |
{{ACTION_3}} |
{{EXPECTED_3}} |
4 |
{{ACTION_4}} |
{{EXPECTED_4}} |
Expected Final Result
{{OVERALL_EXPECTED_RESULT}}
Post-conditions
- {
{POSTCONDITION_1}}
- {
{POSTCONDITION_2}}
Notes / Edge Cases
4. Priority Definitions
| Priority |
Definition |
Drop Examples |
| Critical |
Core functionality; systemfinancial unusableinvariant; withoutauth; itPass-through model |
Login, payment,remittance, datadb.test.ts persistenceno-balance assertion |
| High |
Important feature; significant user impact if broken |
Search,Exchange notifications,rates, usermerchant profileregistration, KYC gate |
| Medium |
Standard feature; workaround exists |
Export,Feature advancedflags, filters,notification preferences |
| Low |
Minor feature, cosmetic, or edge case |
Tooltips,Error message wording, UI sorting preferences, animations |
5. Test Case Type Definitions
| Type |
Description |
| Functional |
Verifies a Drop feature works as specified |
| Regression |
Verifies previously working functionality still works after code change |
| Smoke |
Fast check of most critical paths (subset for quick confidence)confidence — 5 tests) |
| Boundary |
Tests at the edges of valid input (min,e.g., max,exactly empty)18 years old; amount = 100 NOK min) |
| Negative |
Tests invalid input, error conditions, unauthorized access |
| Performance |
Verifies response time, throughput under defined load (api-benchmarks.test.ts) |
| Security |
Verifies access controls, injection resistance, authbcrypt, JWT |
AccessibilityCompliance |
Verifies WCAGregulatory compliance,requirements keyboard(PCI-DSS navigation,no screenCVV; readersGDPR no excess data; AML transaction limits) |
6. Batch Test Execution Template
Test Run: {{RUN_ID}}
Environment: {{ENVIRONMENT}}Staging (https://drop-staging.fly.dev/)
Build / Version: {{v{VERSION}}
Tester: {{TESTER}}Validator Agent + Builder Agent
Date: {{DATE}}
| Test Case ID |
Title |
Priority |
Result |
Actual Result / Notes |
Defect ID |
TC-{{MODULE}}-AUTH-001 |
{{TITLE}}User registers successfully |
Critical |
Pass / Fail / Blocked / Skip |
{{NOTES}} |
{{DEFECT_ID}} |
TC-{{MODULE}}-AUTH-002 |
{{TITLE}}Under-18 rejected |
HighCritical |
|
|
|
| TC-AUTH-003 |
Login with valid credentials |
Critical |
|
|
|
| TC-REM-001 |
Remittance fee = 0.5% |
Critical |
|
|
|
| TC-QR-001 |
QR payment fee = 1% |
Critical |
|
|
|
| TC-DB-001 |
No balance column in users table |
Critical |
|
|
|
| TC-DB-002 |
No card_number/cvv in cards table |
Critical |
|
|
|
Summary:
- Total: {
{TOTAL}}
- Passed: {
{PASSED}}
- Failed: {
{FAILED}}
- Blocked: {
{BLOCKED}}
Skipped: {{SKIPPED}}- Pass rate: {
{PASS_RATE}}%
7. Test Execution Log Format
| Timestamp |
Test Case ID |
Tester |
Environment |
Build |
Result |
Duration |
Notes |
{{TIMESTAMP}} |
TC-{{MODULE}}-{{SEQ}}AUTH-001 |
{{TESTER}}Validator |
staging |
{{BUILD}}v0.5.0 |
Pass |
{{DURATION}}s1.2s |
|
8. Defect Linking
Defect format: BUG-{{ID}} (in {{BUG_TRACKER}})Mission Control)
| Test Case |
Defect ID |
Severity |
Status |
Fixed In |
TC-{{MODULE}}-{{SEQ}} |
BUG-{{ID}} |
{{SEVERITY}} |
{{STATUS}}Open / Fixed / Verified |
{{v{VERSION}} |
Defect fields required:
- Steps to reproduce (reference test case ID)
- Expected vs actual behavior
- Environment + build version
- Screenshot / screen recording (for E2E failures)
- Severity and priority
- Vitest / Playwright error output
Example Test Cases — Drop Specific
Test Case: TC-AUTH-001
| Field |
Value |
| ID |
TC-AUTH-001 |
| Title |
User canregisters log insuccessfully with valid emailNorwegian phone and passwordage ≥ 18 |
| Description |
Verifies that a registerednew user can successfullycomplete authenticate3-step usingregistration: correctemail+DOB credentials→ andOTP is→ redirectedPIN. toTests the dashboard.core Drop onboarding business process. |
| Module / Feature |
Authentication — LoginUser Registration |
| Priority |
Critical |
| Type |
Functional |
| Requirement |
REQ-AUTH-AC-001, FR-001, BR-001 |
| Automation Status |
Automated |
| Automation ID |
tests/e2e/auth/login.spec.src/drop-app/__tests__/auth.test.ts:valid-credentialssuccessful registration |
Preconditions
User account withFresh email [email protected]existsnot andpreviously isregistered verifiedin DropUserNorwegian isphone not logged innumber (no active session)+47)ApplicationDOB isindicating accessibleage at≥ {{APP_URL}}/login
Test Data
| Field |
Value |
Notes |
| Email |
[email protected]e2e-fresh-{timestamp}@test.alai.no |
Pre-createdUnique per test accountrun |
| Password |
RetrievedTestDrop123! |
≥ 8 chars |
| Phone |
+4712345678 |
Norwegian format |
| DOB |
20 years ago from test vaultdate |
NeverAge hardcoded= 20 years |
| First Name |
Amir |
Unicode safe |
| Last Name |
Hasić |
With diacritics |
Test Steps
| Step |
Action |
Expected Result |
| 1 |
Navigate toPOST {{APP_URL}}/loginapi/auth/register |
Login201 pageCreated; loadsuser within emailDB; field,no password field,hash andin login buttonresponse |
| 2 |
EnterPOST [email protected]/api/auth/verify-otpinwith emailcorrect field6-digit OTP |
Email200; valueuser visibleproceeds into fieldPIN step |
| 3 |
EnterPOST /api/auth/setup-pin with valid password4-digit in password fieldPIN |
Password200; masked,account notactivated; visibleJWT httpOnly cookie set |
| 4 |
ClickGET "Log/api/auth/me In"with buttonJWT cookie |
Loading200; indicatoruser shown,object networkreturned; requestno initiated | password
5 |
Wait for response |
Redirect to /dashboard |
Expected Final Result
UserAccount is authenticatedcreated and activated. JWT httpOnly cookie set. User redirected to /dashboard.dashboard. AuthPassword cookie/tokenhash isNEVER set.appears Welcomein messageany visible.API Navigationresponse. showsNo user'sbalance name/avatar.column in user record.
Post-conditions
SessionUser exists andin isDB validwith kyc_status = 'pending' (mock) or 'approved' (auto in dev mode)- Audit log entry created for
loginregistration event
- Test cleanup:
sessiondelete willuser in afterEach
Notes / Edge Cases
Test Case: TC-AUTH-002
| Field |
Value |
| ID |
TC-AUTH-002 |
| Title |
LoginUnder-18 failsregistration rejected with invalid password — correctNorwegian error shownmessage |
| Description |
Verifies that ana incorrectuser passwordborn returnsless than 18 years ago receives a generic422 error withoutin revealingNorwegian: whether"Du themå emailvære existsminst (prevents18 user enumeration)år". |
| Module / Feature |
Authentication — LoginAge Validation |
| Priority |
Critical |
| Type |
Negative / SecurityCompliance |
| Requirement |
REQ-AUTH-002,AC-004, SEC-001FR-001, BR-002 |
| Automation Status |
Automated |
| Automation ID |
src/drop-app/__tests__/auth.test.ts:under-18 rejected |
Preconditions
UserRegistration accountform with email [email protected] exists
User is not logged inaccessible
Test Data
Test Steps
| Step |
Action |
Expected Result |
| 1 |
POST /api/auth/register with DOB indicating age < 18 |
422 Unprocessable Entity |
| 2 |
Check response body |
Error message contains "Du må være minst 18 år" |
| 3 |
Check DB |
No user record created |
Expected Final Result
422 response with Norwegian age validation error. No account created.
Test Case: TC-DB-001
| Field |
Value |
| ID |
TC-DB-001 |
| Title |
Users table has NO balance column — pass-through model invariant |
| Description |
Verifies that the pass-through model architectural invariant is enforced: Drop NEVER stores user balances. Balance is always read from the bank via AISP. |
| Module / Feature |
Database Compliance |
| Priority |
Critical |
| Type |
Compliance |
| Requirement |
NF-AC-020, NFR-COMP05, ADR-003 (pass-through model) |
| Automation Status |
Automated |
| Automation ID |
src/drop-app/__tests__/db.test.ts:users table has no balance column |
Preconditions
- Database initialized with current schema
Test Steps
| Step |
Action |
Expected Result |
| 1 |
Query SQLite schema: PRAGMA table_info(users) |
Column list returned |
| 2 |
Assert balance not in column list |
Test passes — no balance column exists |
Expected Final Result
Test passes. DB schema has no balance column in users table.
Notes / Edge Cases
- This test must NEVER be skipped or disabled
- Any migration adding a balance column must be immediately reverted as it violates ADR-003
- Related: TC-DB-002 (no card_number/cvv), TC-DB-003 (FK constraints enabled)
Test Case: TC-REM-001
| Field |
Value |
| ID |
TC-REM-001 |
| Title |
Remittance fee calculated correctly at 0.5% |
| Description |
Verifies that the remittance fee is exactly 0.5% of the transaction amount (not 0.5% of total debit). |
| Module / Feature |
Remittance — Fee Calculation |
| Priority |
Critical |
| Type |
Functional / Boundary |
| Requirement |
AC-030, AC-031, FR-020 |
| Automation Status |
Automated |
| Automation ID |
src/drop-app/__tests__/transactions.test.ts:fee calculation |
Test Steps
| Step |
Action |
Expected Result |
| 1 |
Navigate toPOST /loginapi/transactions/remittance with amount=1000, currency=RSD |
Login201 form displayedCreated |
| 2 |
EnterCheck validresponse: emailfee field |
Emailfee entered= 5 NOK (exactly 0.5% of 1000) |
| 3 |
EnterPOST wrongwith passwordamount=2000 |
Password201; maskedfee = 10 NOK |
| 4 |
ClickPOST "Logwith In"amount=99 (below minimum) |
Form400 submits"Amount must be between 100 and 50000 NOK" |
| 5 |
ObservePOST responsewith amount=50001 (above maximum) |
Error400 messagevalidation displayed: "Invalid email or password" (generic, not "wrong password") |
6 |
Verify URL |
Still on /login (no redirect) |
7 |
Verify no session |
No auth cookie seterror |
Expected Final Result
GenericFee error= messageamount shown.× User0.005. remainsMinimum on100 loginNOK; page.maximum No50,000 sessionNOK created.per Error does not reveal whether the email exists.transaction.
Approval
| Role |
Name |
Date |
Signature |
| Author |
John (AI Director) |
2026-02-23 |
Approved (AI) |
ReviewerQA Lead |
Validator Agent |
2026-02-23 |
Approved (AI) |
ApproverAI Director (John) |
John |
2026-02-23 |
Approved |
| CEO (Alem) |
Alem Bašić |
TBD |
|
