rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
gohorsejobs/docs/TEST_USERS.md

3.1 KiB
Raw Blame History

🧪 Test Users & Data Scenarios - GoHorseJobs

When running the platform locally (via start.sh) or on the DEV server (local.gohorsejobs.com), the seeder-api provisions a rich set of test accounts representing distinct personas.

All accounts use the exact same password to simplify development.

Universal Test Password: Admin@2025!

👥 Core Personas (The "Golden" Accounts)

These are the primary accounts you should use for daily development and E2E testing.

Role Identifier (Username) Email Purpose
Superadmin lol lol@gohorsejobs.com Complete system access. Bypass company walls. Manage features.
Superadmin superadmin admin@gohorsejobs.com Secondary global admin.
Admin admin moderator@gohorsejobs.com Reviews pending companies/jobs in backoffice.
Recruiter recruiter hr@techcorp.com Posts jobs, manages applicants for "TechCorp" (Company ID: 1).
Recruiter jane_hr jane.doe@startup.io Recruiter for a pending/unapproved company to test gating.
Candidate candidate carlos.dev@gmail.com Standard job seeker. Pre-filled resume and skills. Has 3 active applications.
Candidate newbie new.user@hotmail.com Fresh account with 0 applications and empty profile to test onboarding flows.

🏢 Auto-Generated Companies & Jobs

The DB seeder simulates a healthy marketplace. If you run npm run seed:lite, the DB receives:

  • 50 Companies: Ranging from "TechCorp" (Active) to "SuspiciousLTDA" (Pending/Rejected).
  • 100 Jobs: Distributed among the active companies. Various statuses (published, draft, closed).
  • 200 Applications: Dummy candidates applying to random jobs, in varied pipelines (pending, reviewing, accepted).

🚨 Login & Auth "Gotchas"

1. Invalid Credentials Right After Fresh Seed

If you completely reset the DB using start.sh (Option 6) or manually clear Postgres, and your first login returns "Invalid credentials", do not panic and do not manually change the DB hash.

  • Cause: The Node.js seeder calculates the bcrypt hash using an environment variable called PASSWORD_PEPPER (gohorse-pepper). If this variable was empty or mismatched with the Backend API, the hash is physically wrong.
  • Fix: Ensure your .env files in both backend and seeder-api contain PASSWORD_PEPPER=gohorse-pepper. Then simply run cd seeder-api && npm run seed again to fix the hashes.

2. Login Payload Fields

The frontend sends:

{
  "email": "lol",
  "password": "..."
}

Important: Even though the frontend passes the username lol, the JSON key must be "email". The Go backend natively handles resolving "email" against the identifier OR email database columns.

3. Account Status Flags

The users table has an is_active boolean. If a user is manually deactivated by an admin, the login endpoint will return a generic 401 Unauthorized (or specific Account Locked error depending on the exact route version) to prevent user enumeration.