---
created: 2026-03-12
source: Rivet
tags: [agent-archive, rivet]
---

# RateRight QA Edge Cases & Boundary Testing
**Version:** 1.0  
**Date:** 2026-02-15  
**Purpose:** Edge case scenarios that break typical user flows  

## 🎯 Testing Philosophy

Edge cases reveal system weaknesses. Test these scenarios after core flows work to find breaking points and ensure graceful failure handling.

---

## 1. Invalid Input Testing

### ABN Verification Edge Cases
**Time:** 3 minutes each

#### Invalid ABN Formats
1. **Too Short:** 12345
   - **Expected:** "ABN must be 11 digits"
2. **Too Long:** 123456789012
   - **Expected:** Format validation error
3. **Letters:** ABC123DEF45
   - **Expected:** "ABN must contain only numbers"
4. **Invalid Check Digit:** 53 104 690 742 (wrong last digit)
   - **Expected:** "Invalid ABN - please check and try again"
5. **Cancelled ABN:** 21 123 456 789 (fictional cancelled)
   - **Expected:** "This ABN is cancelled or inactive"

#### Test Script
```
1. Navigate to contractor signup
2. For each invalid ABN above:
   - Enter ABN
   - Click "Verify ABN"
   - Screenshot error message
   - Verify form doesn't progress
```

### Phone Number Edge Cases
**Time:** 2 minutes

#### Invalid Formats
1. **International:** +1 555 123 4567
2. **Landline:** 02 9876 5432
3. **Too Short:** 0412 345
4. **Invalid Prefix:** 0512 345 678

#### Test Script
```
1. Worker signup → Phone field
2. Test each format
3. Expected: Only 04xx xxx xxx accepted
4. Error messages clear and helpful
```

### Email Edge Cases
**Time:** 2 minutes

1. **No @ Symbol:** testuser.gmail.com
2. **Multiple @:** test@@gmail.com
3. **Invalid Domain:** test@nonexistentdomain.xyz
4. **SQL Injection:** test'; DROP TABLE users;--@gmail.com

---

## 2. Concurrent User Testing

### Simultaneous Job Applications
**Time:** 5 minutes

#### Setup
- 2 browser sessions (incognito + regular)
- Same job posted
- 2 different worker accounts

#### Test Steps
1. Worker A applies to job
2. **Immediately** Worker B applies to same job
3. Contractor tries to hire both
4. **Expected Results:**
   - Both applications visible
   - Can hire multiple workers
   - No race conditions
   - Payment amounts correct

### Concurrent Messaging
**Time:** 3 minutes

1. Open same conversation in 2 tabs
2. Send messages from both tabs simultaneously
3. **Expected:** No message duplication or loss

---

## 3. Network Interruption Scenarios

### Payment Flow Interruptions
**Time:** 5 minutes | **Priority:** Critical

#### Test Scenarios
1. **Disconnect During Payment:**
   - Start payment process
   - Turn off WiFi after clicking "Pay Now"
   - Reconnect after 30 seconds
   - **Expected:** Clear error, no duplicate charge

2. **Browser Refresh During Payment:**
   - Click "Pay Now"
   - Immediately refresh page
   - **Expected:** Payment status preserved, no double charge

3. **Close Browser During Payment:**
   - Start payment
   - Close browser tab
   - Reopen and check payment status
   - **Expected:** Payment either completed or cleanly failed

#### Test Script
```bash
# Use Chrome DevTools Network tab
1. Open DevTools → Network → Throttling
2. Set to "Offline" during payment
3. Observe error handling
4. Set back to "No throttling"
5. Verify recovery behavior
```

### Slow Connection Testing
**Time:** 3 minutes

1. **Chrome DevTools:** Network → Slow 3G
2. Test key flows:
   - Login process
   - Job search
   - File uploads
3. **Expected:** Loading states, no timeouts under 30s

---

## 4. Database State Edge Cases

### Orphaned Records
**Time:** 5 minutes per scenario

#### Missing User References
1. **Job with Deleted Contractor:**
   - Manually delete contractor from database
   - Worker tries to apply to job
   - **Expected:** Graceful error, job marked inactive

2. **Message with Deleted User:**
   - Delete user who sent messages
   - Other user views conversation
   - **Expected:** Messages show "[Deleted User]"

#### Test via Database Console
```sql
-- Supabase SQL Editor
-- WARNING: Only run on test data!

-- Test orphaned job
UPDATE jobs SET contractor_id = '00000000-0000-0000-0000-000000000000' 
WHERE title LIKE '%TEST%';

-- Test orphaned message
UPDATE messages SET sender_id = '00000000-0000-0000-0000-000000000000'
WHERE created_at > NOW() - INTERVAL '1 hour';
```

### Data Integrity Checks
**Time:** 3 minutes

1. **Duplicate Applications:**
   - Worker applies to same job twice
   - **Expected:** Prevent duplicate, show existing application

2. **Invalid Job States:**
   - Job marked as "completed" but no payment record
   - **Expected:** System flags inconsistency

---

## 5. Browser Compatibility Issues

### Browser-Specific Tests
**Time:** 10 minutes total

#### Chrome (Primary)
- ✅ Voice recording
- ✅ File uploads
- ✅ Payment processing
- ✅ Real-time messaging

#### Firefox
- ⚠️ Voice recording may need permission prompt
- ✅ All other features

#### Safari (Desktop)
- ⚠️ Voice recording limited
- ⚠️ File upload UI different
- ✅ Payment flows work

#### Mobile Browsers
- **iPhone Safari:** Voice recording inconsistent
- **Android Chrome:** Full compatibility
- **Samsung Internet:** Test payment flows

#### Test Script
```
1. Open same test in each browser
2. Focus on voice features (known issue area)
3. Test payment flow in each
4. Document specific browser issues
```

### JavaScript Disabled
**Time:** 2 minutes

1. **Chrome:** Settings → Privacy → Site Settings → JavaScript → Block
2. Navigate to RateRight
3. **Expected:** Graceful degradation message

---

## 6. File Upload Edge Cases

### Malicious File Testing
**Time:** 3 minutes

#### Test Files to Create
```bash
# Create test files
echo "test content" > normal.pdf
echo "<?php echo 'hack'; ?>" > malicious.php
dd if=/dev/zero of=huge.pdf bs=1M count=50  # 50MB file
touch empty.pdf
```

#### Upload Tests
1. **Oversized File:** huge.pdf (50MB)
   - **Expected:** "File too large (max 10MB)"
2. **Wrong Extension:** malicious.php
   - **Expected:** "Only PDF, JPG, PNG allowed"
3. **Empty File:** empty.pdf
   - **Expected:** "File appears to be empty"
4. **Corrupted PDF:** Rename .txt to .pdf
   - **Expected:** "Invalid file format"

---

## 7. Session Management Edge Cases

### Token Expiration
**Time:** 5 minutes

#### Manual Token Invalidation
```javascript
// Browser console
localStorage.removeItem('auth-token');
// or
localStorage.setItem('auth-token', 'invalid-token');
```

1. Invalidate token
2. Try to perform authenticated action
3. **Expected:** Redirect to login, clear error message

### Multiple Sessions
**Time:** 3 minutes

1. Login to same account in 2 browsers
2. Logout from one browser
3. **Expected:** Other session remains active
4. Change password in one session
5. **Expected:** Other session forced to re-authenticate

---

## 8. Rate Limiting & Abuse Prevention

### Rapid-Fire Requests
**Time:** 3 minutes

#### Test Scenarios
1. **Rapid Job Applications:** Apply to 10 jobs in 10 seconds
2. **Message Spam:** Send 100 messages rapidly
3. **Login Attempts:** Try wrong password 20 times

#### Expected Behaviors
- Rate limiting kicks in (HTTP 429)
- Temporary account locks for abuse
- Clear messaging about rate limits

---

## 9. Data Validation Edge Cases

### SQL Injection Attempts
**Time:** 2 minutes per field

#### Test Inputs
```
'; DROP TABLE users; --
admin'/*
1' OR '1'='1
<script>alert('XSS')</script>
../../../etc/passwd
```

#### Fields to Test
- Job titles and descriptions
- User names
- Search queries
- Message content

#### Expected Result
All inputs should be properly escaped/sanitized.

---

## 10. Mobile-Specific Edge Cases

### Device Orientation Changes
**Time:** 2 minutes

1. Start job application in portrait
2. Rotate to landscape mid-form
3. **Expected:** Form data preserved, layout adapts

### App Background/Foreground
**Time:** 2 minutes

1. Start voice recording
2. Switch to another app
3. Return to browser
4. **Expected:** Recording state preserved or graceful failure

### Low Storage Scenarios
**Time:** 1 minute

1. Fill device storage (download large files)
2. Try to upload profile photo
3. **Expected:** Clear storage error message

---

## 🚨 Critical Edge Cases - Priority Testing

If time is limited, focus on these high-impact scenarios:

1. **Payment interruptions** (network/browser issues)
2. **Concurrent user actions** (hiring same worker)
3. **File upload security** (malicious files)
4. **Invalid ABN handling** (business verification)
5. **Token expiration** (session management)

---

## 📋 Edge Case Testing Checklist

### Before Starting
- [ ] Core flows working
- [ ] Test environment confirmed
- [ ] Browser dev tools open
- [ ] Test files prepared

### During Testing
- [ ] Screenshot all error states
- [ ] Test in multiple browsers
- [ ] Document unexpected behaviors
- [ ] Verify error messages are user-friendly

### After Testing
- [ ] Categorize issues by severity
- [ ] Create reproduction steps
- [ ] Note browser/device specifics
- [ ] Report critical issues immediately

---

## 🎯 Success Criteria

**System should handle edge cases by:**
- Showing clear, helpful error messages
- Preventing data corruption
- Gracefully degrading functionality
- Maintaining security boundaries
- Preserving user data during failures

**Red flags that need immediate attention:**
- System crashes or blank screens
- Data corruption or loss
- Security vulnerabilities exposed
- Payment processing errors
- User sessions corrupted