Manual Testing: Ntfy Notification Provider

[github-actions]

Manual Testing: Ntfy Notification Provider

Description

Manual testing plan for the Ntfy notification provider feature. Covers UI/UX
validation, dispatch behavior, token security, and edge cases that E2E tests
cannot fully cover.

Prerequisites

• Ntfy instance accessible (cloud: ntfy.sh, or self-hosted)
• Test topic created (e.g., https://ntfy.sh/charon-test-XXXX)
• Ntfy mobile/desktop app installed for push verification
• Optional: password-protected topic with access token for auth testing

Test Cases

UI/UX Validation

• Select "Ntfy" from provider type dropdown — token field and "Topic URL" label appear
• URL placeholder shows https://ntfy.sh/my-topic
• Token label shows "Access Token (optional)"
• Token field is a password field (dots, not cleartext)
• JSON template section (minimal/detailed/custom) appears for Ntfy
• Switching from Ntfy to Discord clears token field and hides it
• Switching from Discord to Ntfy shows token field again
• URL field is required — form rejects empty URL submission
• Keyboard navigation: tab through all Ntfy form fields without focus traps

CRUD Operations

• Create Ntfy provider with URL only (no token) — succeeds
• Create Ntfy provider with URL + token — succeeds
• Edit Ntfy provider: change URL — preserves token (shows "Leave blank to keep")
• Edit Ntfy provider: clear and re-enter token — updates token
• Delete Ntfy provider — removed from list
• Create multiple Ntfy providers with different topics — all coexist

Dispatch Verification (Requires Real Ntfy Instance)

• Send test notification to ntfy.sh cloud topic — push received on device
• Send test notification to self-hosted ntfy instance — push received
• Send test notification with minimal template — message body is correct
• Send test notification with detailed template — title and body formatted correctly
• Send test notification with custom JSON template — all fields arrive as specified
• Token-protected topic with valid token — notification delivered
• Token-protected topic with no token — notification rejected by ntfy (expected 401)
• Token-protected topic with invalid token — notification rejected by ntfy (expected 401)

Token Security

• After creating provider with token: GET provider response has has_token: true but no raw token
• Browser DevTools Network tab: confirm token never appears in any API response body
• Edit provider: token field is empty (not pre-filled with existing token)
• Application logs: confirm no token values in backend logs during dispatch

Edge Cases

• Invalid URL (not http/https) — form validation rejects
• Self-hosted ntfy URL with non-standard port (e.g., http://192.168.1.50:8080/alerts) — accepted and dispatches
• Very long topic name in URL — accepted
• Unicode characters in message template — dispatches correctly
• Feature flag disabled (feature.notifications.service.ntfy.enabled = false) — ntfy dispatch silently skipped
• Network timeout to unreachable ntfy server — error handled gracefully, no crash

Accessibility

• Screen reader: form field labels announced correctly for Ntfy fields
• Screen reader: token help text associated via aria-describedby
• High contrast mode: Ntfy form fields visible and readable
• Voice access: "Click Topic URL" activates the correct field
• Keyboard only: complete full CRUD workflow without mouse

Acceptance Criteria

• All UI/UX tests pass
• All CRUD operations work correctly
• At least one real dispatch to ntfy.sh confirmed
• Token never exposed in API responses or logs
• No accessibility regressions

Related

• Spec: docs/plans/current_spec.md
• QA Report: docs/reports/qa_report_ntfy_notifications.md
• E2E Tests: tests/settings/ntfy-notification-provider.spec.ts

---

Auto-created from ntfy-notification-provider-manual-testing.md