From MozillaWiki
Jump to: navigation, search

Mozillians Test Plan


Test Coverage

  • Layout tests in browsers mentioned under the Tools section of this page
  • Search functionality across the website
  • Login/Logout and user permissions
  • Edits to user profiles
  • Test for correct error messages when invalid content is entered
  • Vouching of users by accounts with permissions to vouch
  • Test invite process
    • Test steps to required to successfully invite a community member
    • Test scenarios that possibly break the invite process
  • Test registration process
    • Is there going to be a CAPTCHA to prevent spam account creating
  • Test login with Mozilla LDAP accounts (, etc)
  • Test account deletion
    • Positive case
    • Negative case
    • CSRF token on the field
  • Test password reset function
    • CSRF token on the field
  • Test some basic security flaws (XSS, SQL injection, ...) --Tobbi 20:04, 18 August 2011 (PDT)
  • Test entering junk (string consisting of all kinds of random Non-UTF8 string) input into the form fields, make sure we bail out with an error message in that case.
    • What kind of junk input?
      • If there's a string fuzzer, couldn't we maybe use this one? Otherwise, try all UTF-8 and non-UTF-8 characters, foreign characters, for XSS and other vulnerabilities, see above.

Automation Coverage

Test Plan (Tobbi)


   Cross-browser testing for all accessible pages within
   -> Specifically look for format issues and differences processing form data (if there are any?)
   Fuzzing using NetSparker/Powerfuzzer

Form field validation tests (the following approaches should fail, display error messages, not expose security issues):

   XSS and SQL injection tests
   For login fields: Entering invalid credentials for both registered email addresses and “unknown” mail addresses
   For password verification fields, enter two different passwords
   Leaving required fields blank
   Entering long, random strings
   Name fields: Invalid characters, like numbers (do we want this?)
   For email fields: Invalid email address
   for multiline text fields: Entering long, random input, verifying page layout and making sure the app didn’t break

Start page:

   Verify basic page format (footer links leading to the appropriate sites, basic page layout)
   Language selection in footer
   Verify Create profile button takes you to create profile page

Create profile:

   Form field validation tests (see above)
   Creating a profile for an already existing email address
   Trying to create a profile without checking the “Privacy policy” checkbox
   Make sure create profile page redirects to User profile page for registered and logged in users (redirection tests)

Edit your profile page (second step after creating a profile):

   Validation tests for all form fields
   Verify uploading a profile photo that then shows in the designated spaces
   Verify uploading a bogus profile photo (a file which isn’t a photo), make sure app denies integration into profile page
   Make sure Change password link works
   Make sure Cancel, Next and Delete buttons work
   Modifying strings in the URL to try editing another user’s profile page (Bug 680312)

Step 3:

   Verify page layout
   Make sure link to your profile works correctly
   Make sure link in header says “Logout”

Unvouched profile page:

   Make sure status is Pending..., heading should say “Pending Profile”
   Also verify text explaining pending status is present
   Verify that “Vouch for me” link is not present on own profile for unvouched users

Profile page:

   Verify photo is present
   Verify edit my profile link works
   Basic information, link to the user who vouched for you should be present, together with a Vouched icon.
   email address should be present
   Verify no format issues present even with long “Bio” text


   Validation tests for search fields
   Make sure that search field and /search is only present for registered (and approved?) users
   Make sure that search field doesn’t show “The Mozillian you’re looking for is not available” when opening the page on its own. (Bug 680469)
   Verify searching for (part of/full) name, email address, IRC nick
       -> make sure that you get more than 0 results
       make sure that “Pending” is shown for non-vouched users, “Mozillian” for accepted users

Login page:

   Verify login with LDAP account (if possible)
   Validation tests
   Verify that we get an error message when submitting invalid credentials
   Verify login page redirects to profile page for logged in users

Invite page:

   Validation tests
   Make sure it fails for mail addresses already in the database
   Make sure that the mail addresses on the Invitation Sent! page matches the one entered.

About Mozillians page:

   Verify presence and functionality of “Create Profile” link, also presence of the Privacy first and Get Involved sections

File Bugs

Server Information


1.0 Release

1.1 Release