Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • TF_Legit.Health_Plus
    • Legit.Health Plus TF index
    • Legit.Health Plus STED
    • Legit.Health Plus description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Design and development
    • Design History File (DHF)
      • Version 1.1.0.0
        • Requirements
        • Test plans
        • Test runs
          • TEST_001 The user receives quantifiable data on the intensity of clinical signs
          • TEST_002 The user receives quantifiable data on the count of clinical signs
          • TEST_003 The user receives quantifiable data on the extent of clinical signs
          • TEST_004 The user receives an interpretative distribution representation of possible ICD categories represented in the pixels of the image
          • TEST_007 If something does not work, the API returns meaningful information about the error
          • TEST_008 Notify the user image modality and if the image does not represent a skin structure
          • TEST_009 Notify the user if the quality of the image is insufficient
          • TEST_010 The user specifies the body site of the skin structure
          • TEST_011 We facilitate the integration of the device into the users' system
          • TEST_012 The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner
          • TEST_013 The data that users send and receive follows the FHIR healthcare interoperability standard
          • TEST-014 The user authentication feature is functioning correctly
          • TEST_015 Ensure all API communications are conducted over HTTPS
          • TEST_016 Ensure API compliance with Base64 image format and FHIR standard
          • TEST_017 Verification of authorized user registration and body zone specification in device API
          • TEST_018 Ensure API stability and cybersecurity of the medical device
        • Review meetings
        • 🥣 SOUPs
    • IFU and label
    • Post-Market Surveillance
    • Quality control
    • Risk Management
  • Licenses and accreditations
  • External documentation
  • TF_Legit.Health_Plus
  • Design History File (DHF)
  • Version 1.1.0.0
  • Test runs
  • TEST-014 The user authentication feature is functioning correctly

TEST-014 The user authentication feature is functioning correctly

Test type​

System compatibility

Linked activities​

  • MDS-449

Result​

  • Passed
  • Failed

Description​

This execution batch includes all test cases related to user authentication, such as managing access tokens (generating tokens from valid user credentials and handling token expiration), and temporarily locking user accounts after multiple failed login attempts.

These test cases are being run for the first time on this version of the medical device.

Run environment​

Here are the technical specifications of the runtime environment in which the test was conducted:

  • Operating system: Ubuntu 22.04.3 LTS (Linux kernel version: 5.10.0-051000-generic)
  • Hardware specifications:
    • CPU:
      • Model name: AMD Ryzen Threadripper PRO 5995WX (x86_64)
      • Number of cores: 64
      • Thread(s) per core: 2
    • GPU:
      • CUDA version: 12.0
      • Devices:
        • NVIDIA RTX 6000 (49140 MiB)
        • NVIDIA RTX 6000 (49140 MiB)
    • RAM: 252 GB
    • Storage: 6.5 TB
    • Network:
      • Mean speed: 380 Mbps
      • Mean latency: 5 ms
  • Other relevant software: No particular software was used.

Test case runs​

The following test cases have been executed in this batch:

TEST_014_001​

Outcome​

  • Passed
  • Failed

Expected results​

  • The REST API returns a JWT access token for valid credentials.
  • The REST API denies the login attempt, returning a 401 Unauthorized status code along with an appropriate error message.

Actual results​

  • The REST API returns a JWT access token for valid credentials: Access Token for testuser@legit.api: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0dXNlckBsZWdpdC5hcGkiLCJleHAiOjE3MjAwOTkyNzR9.PmP3CbuR4DxNJrg4GTF4-PigWogZvdnbdgEdRAaMyHujhvzxQbYdG-UK0YFCYfLVIoFNCEjzLh-LsniGQecv_1LA5r0Vh8sCz6FMS713x2S8XOUbGn3fmWoZjd0eG7DG6ZrAtDaEwplnWOW4IV2I-Uh21Xia0X3UkAthR-Q8wzFYMeiD5JIofIWTMwKL9Yq5wJ5NnvnLvgCezZaK6f8Q2IFgxw_J-zY70EdoeVejbEuMFkI3Qc7YloMKrxgey3c8MaPUlpVGV61vfP7DGRCdZx1xPKYOu8UEfNnbIgNFWv8bRYXSADbXUY5TSkIsZ2eOC-vmTeaKTae_OYswBjRWxMe6feqwqfgDx-5ZmH8Rl5VB2_mwjWkBAOexfmbD0ZWyh0axrgTZKO6nTeYIy1NRVOECrCp1w5viUEdbYwwmWeoEhDAwsRMlHqL8UJcOsb-cPSL1HHrgZCPz9Y7ZiWYY1znwx1CbYhz2PmRTURywYnb9S-Bmy3HLIERvAvReizK1kuYDbVWdSXhEGeM9Rqsxuooe4ISshGspaXoqkNCWpBbnbUuDnlnmoTp1yGUwZFCRA19NC8JVzlIH-N35YExZUP0PlDhQcnfSIBouF98zDUUjCFCjwnLC05-TrrP99RLGCZWOphtNaC3bZC4blRv_7OLE9Uje_XYxcVKsI5CFCNM
  • The REST API denies the login attempt, returning a 401 Unauthorized status code along with an appropriate error message: Status code: 401 { "detail":"Invalid credentials" }

Remarks​

No comments to add. The test was carried out manually without any issues.

TEST_014_002​

Outcome​

  • Passed
  • Failed

Expected results​

  • The REST API returns a valid token when sending the authentication credentials.
  • The REST API rejects the access attempt with an expired token.

Actual results​

  • The REST API returns a valid token when sending the authentication credentials: Access Token for testuser@legit.api: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0dXNlckBsZWdpdC5hcGkiLCJleHAiOjE3MjAxMDA5MTF9.ezqF9BKhah8qLyVBmmGKSyIpihuR24n2lCpwK94q0NGHePf5C2tMDHfpS7MqLxoUWTOQgGuZNdGDNuQFW0y06ecY6uY8_3H6Y2U1PY-wJiKi3JuIQo4fZDGaM2goWaQ-Fgfi23m0OzYXPV0BMfxwNRSf_jbc0Vl_8pcOwmzfGUXLqc6HVY4glVY24zqsttoid19TSEGflYNAL-6K5vj3BpudVJmZSRV6pjzB4nokkp87nSop0Rwmx4yZI2UpRy4GPV6vpHK4ByCkARAcqkLXuRPUQdoEaNp6fPucT4s_JDx_W_wdbNbyDEsXb-BlSiyOf6ZoGKNY1ZsAhohhlMtzJhT2obWaHSc97q2Adfhf9g55QUNsBK4h-E7ZejzxsLmn2Qfu9EEezdEJ8uXfCew0vAT-fNZkeG1PvB2sqh-554DhzActaMDBxEpD71JWaYtkVQdI_3UYxRib9kQLcotit19vkGL-8CwWgR_kR5_VkeEr17rTa_zfrUnDVhto452r_uG3AbW1fxOBSXyuIFl03Rw3ZUg5qmr3FsmOqMF2ymgg6TMh3D2LSVRyxbPG5Ezi0zt57jVlo-u-lYuT2a7RoY3dJRKJ86z506j7Nl77lobVBOBwsngirmsQNnx6N7eMijwWnlWX_kiTDpnvduMtexKPzbT_z7ajP8jQ5I1i_Ig
  • The REST API rejects the access attempt with an expired token, returning a 401 Unauthorized status code along with an appropriate error message: Status code: 401 { "detail":"Invalid token: The access token provided is expired, revoked, malformed, or invalid for other reasons" }

Remarks​

No comments to add. The test was carried out manually without any issues.

Summary of results​

  • Total cases: 2
  • Passed: 2
  • Failed: 0
  • Pass rate: 100 %

Defects and issues​

Defect IDDescriptionSeverityStatusReported byAssigned toActivities generatedRemarks

Observations and recommendations​

All planned test cases were executed successfully, with a 100% pass rate. This indicates that the system performed as expected under the defined scenarios.

Additionally, no defects were found during this testing cycle. The absence of defects suggests a high level of system stability and reliability.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Tester: JD-017, JD-009, JD-004
  • Approver: JD-005
Previous
TEST_013 The data that users send and receive follows the FHIR healthcare interoperability standard
Next
TEST_015 Ensure all API communications are conducted over HTTPS
  • Test type
  • Linked activities
  • Result
  • Description
  • Run environment
  • Test case runs
    • TEST_014_001
      • Outcome
      • Expected results
      • Actual results
      • Remarks
    • TEST_014_002
      • Outcome
      • Expected results
      • Actual results
      • Remarks
  • Summary of results
  • Defects and issues
  • Observations and recommendations
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)