Bugs found in Pagaloop: QAwerk Bug Crawl
Pagaloop is a Web solution for cashless payments from the comfort of your home. This robust web platform caters to the needs of small and midsize businesses as well as individual users. With the Pagaloop web app, one can easily pay their bills, be it rent, tuition, legal services, or supply costs. What’s great about this service is how straightforward and transparent the whole payment process is. The only thing that Pagaloop users have to do is register an account and add their beneficiaries’ CLABE or debit card numbers. The vendors receiving payments through Pagaloop don’t even need to create an account. Another tangible benefit the platform offers is the ability to defer payments to up to 12 months. On top of that, Pagaloop allows extending one’s approved credit with no interest to 50 days, which helps to optimize the business cash flow.
Continually expanding our expertise in the fintech sector, we keep an eye on innovative payment apps, and Pagaloop is one of such promising solutions. We thoroughly tested it to help the creators enhance the platform’s security and eliminate any bugs that may inconvenience the users along their journey. Let’s see the results.
The user can take a photo without permission
Major
The user has an account without a validated identity.
- Navigate to https://pagaloopbeta.azurewebsites.net/#/auth/login.
- Click the “Correo electrónico” field.
- Write the email.
- Click the “Contraseña” field.
- Write the password.
- Click the “Iniciar Sesión” button.
- Click the ”Seleccionar” button – for the “Selfie” part.
- Click the “Block” button – for permission pop-up.
- Click the ”Tomar Foto” button.
- Click the “Guardar” button.
macOS – 10.15.6 (19G73)
Chrome – 88.0.4324.192
The user can take an incorrect photo without permission to use the camera.
The user sees a permission pop-up again, where he can choose “Allow”. And only after that, he can take a photo.
Display error when the user saves bank information with an invalid card
Major
The user has an account.
- Navigate to https://pagaloopbeta.azurewebsites.net/#/auth/login.
- Click the “Correo electrónico” field.
- Write the email.
- Click the “Contraseña” field.
- Write the password.
- Click the “Iniciar Sesión” button.
- Click the “Mis bankos” button.
- Click the ”Agregar cuenta bancaria” button.
- Click the “Alias de tu cuenta” field.
- Write the “test” text.
- Click the “Cuenta CLABE o número de tarjeta de débito” field.
- Write the “4242 4242 4242 4242” text.
- Click the “Guardar” button.
macOS – 10.15.6 (19G73)
Chrome – 88.0.4324.192
The user sees a loader and then nothing happens.
The user sees error “Tarjeta no válida. Intenta con otra tarjeta.”
The user doesn't see if the phone number change was successful
Major
The user has an account with an unconfirmed phone number.
- Navigate to https://pagaloopbeta.azurewebsites.net/#/auth/login.
- Click the “Correo electrónico” field.
- Write the email.
- Click the “Contraseña” field.
- Write the password.
- Click the “Iniciar Sesión” button.
- Click the “Click aquí” button.
- Click the “Numero celular” field.
- Write a valid phone number (e.g. “5549998425”).
- Click the “Enviar” button.
macOS – 10.15.6 (19G73)
Chrome – 88.0.4324.192
The phone number hasn’t changed.
The user sees a new phone number on the “Confirma tu teléfono celular” screen.
Phone number validation error is not displayed
Major
The user has an account with an unconfirmed phone number.
- Navigate to https://pagaloopbeta.azurewebsites.net/#/auth/login.
- Click the “Correo electrónico” field.
- Write the email.
- Click the “Contraseña” field.
- Write the password.
- Click the “Iniciar Sesión” button.
- Click the “Click aquí” button.
- Click the “Numero celular” field.
- Write an invalid phone number (e.g. “447510080141”).
- Click the “Enviar” button.
macOS – 10.15.6 (19G73)
Chrome – 88.0.4324.192
Nothing happens. The request has a status code 200 but “success: false”.
The user sees an error “Phone number is invalid”.
The user can't watch a video
Minor
The user has an account.
- Navigate to https://pagaloopbeta.azurewebsites.net/#/auth/login.
- Click the “Correo electrónico” field.
- Write the email.
- Click the “Contraseña” field.
- Write the password.
- Click the “Iniciar Sesión” button.
- Click the “Playback” button – on the video.
macOS – 10.15.6 (19G73)
Chrome – 88.0.4324.192
The user sees the error “This video is no longer available because the YouTube account associated with this video has been closed”.
The user can watch a video.
The user can't watch the "¿Por qué necesitas firmar con tu e.Firma?" video
Minor
The user has an account.
- Navigate to https://pagaloopbeta.azurewebsites.net/#/auth/login.
- Click the “Correo electrónico” field.
- Write the email.
- Click the “Contraseña” field.
- Write the password.
- Click the “Iniciar Sesión” button.
- Click the ”Paga más de $70,000 ” button – bottom left corner.
- Click the “¿Por qué necesitas firmar con tu e.Firma?” button.
- Click the “Playback” button – on the video.
macOS – 10.15.6 (19G73)
Chrome – 88.0.4324.192
The user sees the error “This video is no longer available because the YouTube account associated with this video has been closed”
The user can watch the video.
The user sees the "Close" icon on the "Agregar nueva tarjeta de Credito" field
Minor
The user has an account.
- Navigate to https://pagaloopbeta.azurewebsites.net/#/auth/login.
- Click the “Correo electrónico” field.
- Write the email.
- Click the “Contraseña” field.
- Write the password.
- Click the “Iniciar Sesión” button.
- Click the “Tarjetas” button.
- Click the “Edit” icon on the first credit card.
- Click the “Guardar” button.
macOS – 10.15.6 (19G73)
Chrome – 88.0.4324.192
The user sees the “Close” icon on the “Agregar nueva tarjeta de Credito” field.
“Agregar nueva tarjeta de Credito” field returns to its previous state.
Pagaloop is an excellent solution for managing your finances smartly. You can easily set up recurring payments for your bills, make quick money transfers, and receive costs to your account with no commission. I believe finance apps like Pagaloop have to comply with the highest quality standards because even minor malfunctions may scare off potential consumers. While testing the platform, I encountered a range of bugs, both of major and minor severity. For example, validation for an invalid card, camera permissions, and phone number check definitely require some polishing to function as intended. Overall, with a doubled amount of testing, these kinds of bugs can be fully nullified.