Identity

Overview

This document will cover how testing of the identity pieces should be done on the Firefox OS platform with trusted UI.

Division of Responsibility

B2G Integration Testing

Overview

The goal of this test area is to analyze the b2g-specific implications to the identity implementation - including the DOM ID pieces and the trusted UI.

Scope

• Functional smoke and basic functional testing to ensure that trusted UI + DOM ID integration into B2G specifically works as expected
• Reusing existing QUnit automation to ensure that the existing tests still pass with the b2g-specific implementation

Signoff Criteria

Pref on Feature

• [MISSED] Smoke tests for feature should reveal no major blockers
• [DONE] QUnit Automation Suite should be green
• [DONE] Feature complete on client-side implementation
• [MISSED] No smoketest blockers
• [MISSED] Peer signoff by John & Jason

Rationale: Major blocker right now is that marketplace on production currently does not use the b2g-specific persona shim, so preffing the feature on is too risky, given that login will become broken right now if we pref on.

Final Signoff

• [NEW] Smoke tests for feature should reveal no major blockers
• [NEW] Basic functional tests for feature should reveal no major blockers
• [NEW] Exploratory tests reveal no blockers for ship
• [NEW] QUnit Automation Suite should be green
• [NEW] No basecamp blockers for identity overall
• [NEW] Bug verifications for blocker bugs
• [NEW] Peer signoff by John & Jason

Infrastructure

• Use http://notoriousb2g.personatest.org/test for running QUnit automation on device
• Host test sites (e.g. people.mozilla.com) with DOM id code to test the UI directly
• Reuse existing top sites that use persona to regression test for no obvious bustage

Automation

• Reuse http://notoriousb2g.personatest.org/test to run existing persona tests on device
• For UI tests, we shall write some automation in gaia ui tests to test persona login through the trusted UI

Edge Cases

• Differences of the API chosen - watch API vs. get vs. getVerifiedEmail
• Clobbered payment + identity flow dialog stacking
• Canceling a trusted UI dialog with the persona dialog up with oncancel callback
• Background processes calling nav.id
• Multiple persona dialogs up in different apps
• Persona sign in & persona creation in browser vs. app
• First signin vs. followup usage signed in via loggedInEmail
• Sign in one app, reuse persona sign in a different app
• Privacy policy, terms of service, site name, site logo provided vs. not
• returnTo callback for completed email verification
• Delete account externally from phone while logged in
• External modifications at persona site
• Initial auth - account gone, what happens?
• Permanent login vs. temporary login
• ToS, PP, and learn more links
• Multiple email accounts

Formal Test Cases

Smoke Test Cases

• Test that I can create a persona ID through a trusted UI context with the navigator.id.watch API flow.
  • Verify: No onlogin or onlogout event fired if set, trusted UI appeared with persona dialog there, entering your email account should result in a notification sent out to your email to create the account.
• Test that I can sign into persona through a trusted UI context with the navigator.id.watch API flow with an existing account.
  • Verify: onlogin event should fire once if set, trusted UI appeared with persona dialog there, entering your email account should prompt for password, valid email & password combo should finish the dialog login flow and close the trusted UI dialog, valid assertion should be returned to onlogin.
• Test that I can logout of persona through a trusted UI context with the navigator.id.watch API flow from an existing account. Verify: onlogout event should fire once if set, reloading page should not fire an onlogin event.
  • Verify: onlogout event should fire once if set, no trusted UI dialog should appear.
• Test that I can create a persona ID through a trusted UI context with the navigator.id.get API flow
  • Verify: Assertion callback not fired, trusted UI appeared with persona dialog there, entering your email account should result in a notificaiton sent out to your email to create the account.
• Test that I can sign into persona through a trusted UI context with the navigator.id.get API flow with an existing account
  • Verify: Assertion callback fired, trusted UI appeared with persona dialog there, entering your email account should prompt for password, valid email & password combo should finish the dialog login flow and close the trsuted UI dialog, valid assertion returned in assertion callback.
• Test that I can logout of persona through a trusted UI context with the navigator.id.get API flow from an existing account
  • Verify: No trusted UI context should appear
• Test that I can visit a page already logged into persona within the same app and immediately get an onlogin callback with watch knowing who's logged in via loggedInEmail
• Test that I can visit a page after just logging out of persona within the same app and should get an onlogout callback with watch knowing who's just logged out via loggedInEmail

Basic Functional Test Cases

• Test that I can create a persona ID through a trusted UI context with the navigator.id.getVerifiedEmail flow.
• Test that I can sign into persona through a trusted UI contxt with the navigator.id.getVerifiedEmail API flow with an existing account.
• Test that I can logout of a persona ID through a trusted UI context with the navigator.id.getVerifiedEmail.flow
• Test that I can visit a page already logged into persona within a different app and immediately get an onlogin callback with watch knowing who's logged in via loggedInEmail using the watch API
• Test that I can visit a page after just logging out of persona within a different app and should get an onlogout callback with watch knowing who's just logged out via loggedInEmail using the watch API
• Test that I can get an oncancel callback when closing a trusted UI with persona issued by navigator.id.request
• Test that I enforce a terms of service and privacy policy within persona in a trusted UI from the request API
• Test that I enforce a terms of service and privacy policy within persona in a trusted UI from the get API
• Test that providing a terms of service within persona in a trusted UI results in no enforcement of terms of service from the request API
• Test that providing a terms of service within persona in a trusted UI results in no enforcement of terms of service from the get API
• Test that providing a privacy policy within persona in a trusted UI results in no enforcement of a privacy policy from the request API
• Test that providing a privacy policy within persona in a trusted UI results in no enforcement of a privacy policy from the getAPI
• Test that I can execute a returnTo when email verification is successful within persona in a trusted UI using the request API
• Test that I can include the site name and logo within persona in a trusted UI using the request API
• Test that providing an invalid value to any parameter in navigator.id.request does not result in a crash
• Test that providing an invalid value to any watch parameter does not result in a crash

Open Questions

• [Jed] Anything special to watch out in the DOM implementation with the assertion fired back in nav.id.watch?

Identity UI Regression Testing

Identity Server Side Testing