storj/docs/testplan/new-passphrase-flow-testplan.md
Igor f4bc7a7eb2
docs: add test plan for new passphrase flow (#5637)
* docs: add test plan for new passphrase flow
---------

Co-authored-by: littleskunk <jens.heimbuerge@googlemail.com>
2023-04-24 16:17:10 +02:00

29 KiB

New Passphrase Flow Testplan

 

Background

This testplan is going to cover the New Passphrase Flow.

 

Test Case Description Comments
Onboarding Passphrase Encryption With a new account, as new user is onboarded, user should be presented to their first empty project and continuing with said flow should let user either generate or enter their own passphrase that should be used for the current session f.e creating a bucket should not require passphrase for that session
1 Encryption Passphrase Modal Start This modal should be presented at the start of creating a new encryption passphrase, giving the user an option to use an automatically generated passphrase or to enter their own custom passphrase, user should be able to select either method by clicking on it and seeing the green checkmark on the corresponding checkbox after that the user should be able to click on the continue button or cancel right away
2 Enter Passphrase When user clicks enter passphrase from previous Encryption Passphrase step, the user should be presented with the enter passphrase modal warning the user to store their encryption password safe themselves. The user should also be presented with a checkbox (has to be checked to continue) that reiterates their understanding that they must, themselves, store and keep their passphrase safe or else they won't be able to recover their data and the usual continue and back buttons.
2 Passphrase Generated When user clicks generate passphrase from previous Encryption Passphrase, the user should be presented by a modal header titled Passphrase Generated with same passphrase protection warning along with their generated custom "12 word" passphrase with buttons to copy to clipboard and download it as a text file. Copying or downloading by clicking on these buttons should highlight the buttons and give them a green check. Lastly, the user again should be presented with a checkbox (has to be checked to continue)that reiterates their understanding they they must, themselves, store and keep their passphrase safe or else they won't be able to recover their data and the usual back and continue buttons
3 Passphrase Success When user clicks on continue after checking the appropriate checkbox in either the Enter Passphrase or Passphrase Generated steps they should then be presented with the final step showing them a message that their encryption passphrase is ready to use. They are also presented with a continue button that closes the modal but continues the session with the generated or entered passphrase
Session Passphrase When creating a new encryption passphrase or entering an old one, there should be a checkbox for the user to allow the project passphrase to be saved in their browser for the session, along with the warning to not enable this feature if security is an issue
Create Bucket w/ saved Encryption Passphrase If user creates a bucket after setting up their encryption passphrase for the session, then creating a bucket should be simple as naming said bucket and then creating said bucket without going over the encryption passphrase steps in QA sat, it still shows the encryption passphrase steps (1,2,3 on top of create a bucket page) but it just skips them and automatically creates the bucket, might confuse some users, even though thats what its supposed to do
Bucket Navigation w/o Passphrase If a user clicks a bucket with a set passphrase then user should proceed to file view
Bucket Navigation w/ Passphrase If a user clicks a bucket with no passphrase set then the user should be presented with the new encryptionPassphraseModal
User should have ease of access to switch passphrases from various parts of the UI ex. bucket page, file browser etc
Manage Passphrase Filebrowser & Bucket There should be an alert to the user that they can manage their passphrases and by clicking on said alert it would redirect them to the manage passphrase modal
Manage Passphrase Dropdown User should be able to manage passphrases from the project navbar dropdowns or account section in the side bar still being decided on, there is a discussion around this topic in the blueprint
1 Manage Passphrase Modal Start Clicking on manage passphrase on project dropdown should open up a modal which presents the user with three options for their encryption passphrases; create a new passphrase, switch active passphrase and clear saved passphrase
2 New Passphrase This step should display to the user what creating a new passphrase does and should follow the UI encryption passphrase steps after the user clicks on the next button or if not the user can just click cancel to keep their current passphrase for this session
2 Switch Passphrase This step should display to the user what switching a passphrase does and why the user would or would not want to switch passphrases. In this part the user is also allowed to type in a custom encryption passphrase and given an option to allow the browser to remember their passphrase for the session (checkbox). The user can then click on the switch passphrase button to switch passphrases or just click cancel to keep their current passphrase for their session. User should also be allowed to create a generated passphrase for this part
2 Clear My Passphrase This should allow the user to clear their passphrase for their session and their data should be locked until they input a passphrase
Refresh Clear Refreshing the browser should clear the users passphrase for their session This is a great security feature, if customers complain then passphrases can be stored on local storage
Logout Clear Logging out should clear the users passphrase for their session
Switch Projects w/ passphrase When switching projects from project dashboard, user should be presented with enter your encryption passphrase modal which allows the user to enter their encryption passphrase and continue or continue without said encryption passphrase, if continued with passphrase then user should be able to see bucket details on their dashboard page and clicking on said bucket in dashboard page should allow the user to open said bucket and interact with any objects uploaded with said passphrase
Switch Projects w/ no passphrase If a user switches projects with no passphrase then they shouldn't be able to view bucket details on dashboard page and clicking on said bucket in buckets should prompt the enter your passphrase modal to open
Switch or New Passphrase If a user decides to create a new passphrase or switch to another one, regardless of where they are in a page f.e from inside a bucket, then once a user switches their passphrases they should still remain where they are but with a new passphrase f.e inside said bucket but with a new passphrase
Bucket Details Even if a user did not enter their passphrase, user should still be able to view their bucket details on the buckets page
New User Onboarding Skip If a new user decides to skip onboarding or if a user has not yet entered a passphrase and immediately heads to the buckets section of the UI and clicks on a bucket then the user should be prompted to enter an encryption passphrase
Upload/Download & Switch Passphrase Upload to the first passphrase (big file), if switched in the middle the upload should still be tied to the first passphrase, in the case of download (big file) download should still be going on even if passphrase is changed big file-- 500mb+
Upload Same Bucket W/ Different Passphrase Upload object to bucket with one passphrase then switch passphrase and upload another object, both objects uploading should still be visible if upload takes some time (big file) and after the upload is finished both objects should only be visible under respective passphrases
Download Same Bucket W/Different Passphrase Download object from bucket with one passphrase then switch passphrase and download another object, both objects should be downloading (big file) and after the download is finished only the object under the current passphrase should open up in file viewer once downloaded
Session Timeout If a users session times out then users passphrase for said session should expire as well for security (currently user gets logged out but can log back in with passphrase still active)
Back to Buckets Page If a user enters bucket page without a current passphrase the user should be shown buckets list and clicking on a bucket allows user to enter a passphrase, after entering said passphrase and then going back to buckets the buckets in the bucket page should not be empty currently returning to buckets page shows no buckets, unless page is refreshed and passphrase has to be entered again