π How I Handled a Bug in Production: A Behind-the-Scenes QA Walkthrough
As a QA Manual Tester, my job is to catch bugs β like a ninja in the shadows, but with a checklist π. Let me walk you through a real bug I found in a backoffice app. It wasnβt complicated, but it perfectly shows the process I always follow
π The Bug
It started when I noticed something strange while testing the login flow in the backoffice: Admin users couldnβt log in, but users with other roles (like staff or viewer) had no issue at all.
That was an immediate red flag. π© If your admins β the ones managing everything β are locked out, itβs a serious problem.
π§ͺ The Investigation
Step one: Reproduce the bug β again and again β just to make sure I wasnβt imagining it π
I tried logging in:
- With different accounts β
- Using different roles β
- On both desktop and mobile β
- Even in incognito mode, in case it was a cache issue β
And yep β same result every time for admin users. They were completely blocked.
So, I popped open the Developer Console and got to work. I focused on two things:
- Any error messages in the Console? β
- Any failed requests in the Network tab? β
There it was β a failed request to the /api/login endpoint, returning a 403 Forbidden error. Meanwhile, when I logged in using another role, the same endpoint returned 200 OK β and everything worked perfectly.
So, clearly:
- The endpoint isnβt broken.
- But something in the request β probably the user role or permissions β is causing the failure.
π€ Working With the Developer
After confirming the issue, I didnβt stop at just logging a bug and moving on. I reached out to the dev team to discuss what else this bug could affect β not just at the surface, but deeper, inside the code.
Together, we reviewed:
- The role-checking logic on the backend
- And how other features like password reset or token refresh might rely on the same logic
It was a great collab session. And it helped us realize:
- This might not just be a one-off bug β it could affect other roles too
- Features like login after changing password might break in similar ways
- The login endpoint might become unstable if other roles or scenarios hit the same auth logic
π Writing the Bug Report
Once I gathered all the evidence β screenshots, console logs, failed endpoints β I wrote a clear, detailed report in our task tracking system.
Hereβs the format I used:
