Note
Return back to the README.md file.
I have used the recommended PEP8 CI Python Linter to validate all of my Python files.
Validation was performed using the raw GitHub URL method, which ensures the deployed version is validated, not just local code.
After making fixes (line wrapping, removing excess blank lines, correcting indentation),
run.py passes validation with 0 errors and 0 warnings.
| Directory | File | URL | Screenshot | Notes |
|---|---|---|---|---|
| run.py | PEP8 CI Link |  |
All previous errors (E302, E501, W293) resolved. |
PwdShell has two distinct environments, and testing was performed in both:
-
Local Version
- Master password is hashed with SHA256 and stored in
master.key. - Account data is stored persistently in
vault.json. - All data is preserved between sessions.
- Master password is hashed with SHA256 and stored in
-
Deployed (Heroku) Version
- No files are written (
master.keyandvault.jsonare not used). - All data (master password and accounts) is stored only in session memory.
- Data is cleared whenever the dyno restarts, the page is refreshed, or the tab is closed.
- No files are written (
Note
For this reason, screenshots from the Heroku deployed version often only show the final confirmation/error message.
Input prompts are cleared by the clear() function and, in deployed mode, data is reset between sessions.
The Python terminal was provided by Code Institute, and is known to have responsiveness issues.
However, I still tested the deployed version on multiple screen sizes using Chrome DevTools and an Android phone.
- Mobile (425px – 1080px wide) → Terminal displayed, though some horizontal scrolling (
overflow-x) was required. - Tablet (768px – 1080px wide) → Layout displayed correctly with minimal issues.
- Desktop (1920px X 1080px) → Fully functional, no responsiveness issues.
| Mobile | Tablet | Desktop | Notes |
|---|---|---|---|
 |
 |
 |
Mobile: overflow-x occurs. iPhone does not accept input. Android accepts input but can stop randomly. |
I tested the deployed site on multiple browsers.
| Chrome | Firefox | Safari | Edge | Opera | Brave | Notes |
|---|---|---|---|---|---|---|
 |
 |
 |
 |
 |
 |
Chrome: works fully. Firefox: emojis cut-off. Safari: terminal input unreliable. Edge: works as expected. Opera: works as expected. Brave: works fully |
I ran Lighthouse audits on the deployed Heroku site.
Scores are lower on mobile due to third-party scripts and Code Institute terminal environment, which are outside my control.
Desktop performance and accessibility scored higher.
| Mobile | Desktop |
|---|---|
 |
 |
Defensive programming was tested extensively, covering both happy paths and bad inputs.
| Feature | Expectation | Test | Result | Screenshot |
|---|---|---|---|---|
| Master Password Setup | Should not accept empty or mismatched passwords. | Pressed Enter with no input, and entered two different passwords. | Both rejected with clear error messages. |  |
| Login Attempts | Only correct master password should unlock. | Tried wrong password 3 times, then correct one. | Wrong attempts rejected, correct one accepted. |  |
| Add Account | Should reject duplicates. | Added "google" twice. | First saved, second rejected. Because clear() runs after each input, only the confirmation message is visible in the screenshot, not every input step. |
 |
| Get Password | Should return correct credentials if they exist. | Retrieved "twitter" account. | Correct details displayed. Due to clear(), only the output is visible in the screenshot, not the typed input. |
 |
| Delete Account | Should handle missing accounts. | Deleted "twitter" twice. | First deleted, second rejected.clear() hides the input prompts, so only the confirmation message is shown in the screenshot. |
 |
| Empty Input | Should not accept blank values. | Tried adding account with blank username. | Input rejected with error. Since clear() is called, only the error message is visible in the screenshot. |
 |
| Exit Handling | Program should close safely. | Used Exit menu and pressed CTRL+C. | Exit menu closed cleanly, CTRL+C showed handled error. |  |
| Efficient Prompts | Users should never be asked for data already stored. | Tried creating a master password twice. | App reused stored master key. |  |
Errors caused by user or data actions are always reported back to the user in a clear, colour-coded way:
- Input validation: Blank or mismatched passwords, invalid menu choices, and duplicate entries are rejected with red error messages.
- Data handling: Corrupted or missing
vault.jsonfiles trigger an error message and the app safely resets to an empty vault. - Session handling: On wrong master password attempts, the user is notified immediately and access is blocked.
- Exit handling: CTRL+C interrupts display a friendly error message instead of a crash.
This ensures the user is always informed of what went wrong and how the program has responded.
All user stories from the README were manually tested.
| Target | Expectation | Outcome | Screenshot |
|---|---|---|---|
| As a user | I want to set and confirm a master password | so that my vault is secure. |  |
| As a user | I want to verify my master password | so that only I can unlock and access my vault. |  |
| As a user | I want to add new accounts | so that I can securely save my credentials. Because clear() runs after each input, only the confirmation message is visible in the screenshot. |
 |
| As a user | I want to view stored accounts | so that I can check which ones are saved.clear() ensures only the account list is visible in the screenshot. |
 |
| As a user | I want to retrieve a password | so that I can log into accounts when needed. |  |
| As a user | I want to delete accounts | so that I can keep the vault clean.clear() removes the input prompts, so only the success/error message is visible in the screenshot. |
 |
| As a user | I want to exit safely at any time | so that I don’t corrupt the vault. |  |
- Fixed
PEP8violations (E302, E501, W293, indentation issues). - Fixed issue where mismatched passwords in setup caused crash → now loops until valid.
- Fixed JSON decode error when vault.json was empty/corrupted → now defaults to empty dict.
- Fixed Deployment Bug:
- Heroku defaulted to Python 3.13, causing dependency build errors (
pillow,numpy). - Added
.python-versionfile to pin Python to 3.12. - Cleaned up
requirements.txtto include only actual dependencies (cryptography,colorama). - After these fixes, the build completed and the app deployed successfully.
- Heroku defaulted to Python 3.13, causing dependency build errors (
- Fixed Input Validation Bug:
- Previously, blank values for account name, username, or password were still accepted.
- Added if, else defensive checks to reject empty inputs inside the add_new_password function, ensuring all fields must be filled before saving.
Currently, no functional bugs remain open. Any remaining issues are environmental (see below).
| Issue | Explanation | Screenshot |
|---|---|---|
| Colors fainter on Heroku. | Due to Code Institute’s terminal emulator. |  |
| Emojis cut off in Firefox. | Known rendering issue with terminal fonts. |  |
| Input broken in Safari/iOS. | Code Institute terminal not fully supported. |  |
| CTRL+C exits with error message. | Default Python behavior, partially handled with exception catch. |  |
Note
Some design choices, such as storing passwords in plaintext JSON and not enforcing password strength rules, are deliberate.
They were made to ensure simplicity, transparency, and easy assessment by Code Institute, while still demonstrating hashing, file handling, and secure input with getpass.
These choices are appropriate for the target audience of this educational project and do not represent logic errors.
Important
No remaining functional bugs are known. Environment-specific issues have been documented.