Black box testing

List of black box tests to run against the webapp, platform and other server side components.

General tests

ID: ProviderDomain
Depends on: -
Input action(s):

  • Request provider.json for an input domain (eg, dev.bitmask.net) and check that the domain field equals the input domain.

Expected result: The domains are equal
Known error: The provider was a subdomain (dev.bitmask.net), and the domain displayed was bitmask.net

ID: PubKey
Depends on: -
Input action(s):

  • Run the following command:
       $ curl -k --netrc-file ../netrc -X GET "http://localhost:6666/users/_design/User/_view/by_login_or_alias/?key=\"test1\"&include_docs=true&reduce=false"

    Being localhost:6666 the host and port for the couchdb (4096 in walrus, but it may vary), and test1 an existing user with a pubkey of size >=2048.

Expected result: It’s possible to retrieve the pubkey
Known error:

{"error":"reduce_overflow_error","reason":"Reduce output must shrink more rapidly: Current output: '[\"0-----BEGIN PGP PUBLIC KEY BLOCK-----\\u000d\\u000aVersion: GnuPG v1.4.11 (GNU/Linux)\\u000d\\u000aCom'... (first 100 of 2141 bytes)"}

ID: EIPServiceJSON
Depends on: -
Input action(s):

  • Request eip-service.json for an input domain (eg, dev.bitmask.net) and check that the file exists

Expected result: eip-service.json exists
Known error: eip-service.json is not found

ID: FunctionalCouchDB
Depends on: PubKey
Input action(s):

  • Sometimes a badly defined view may imply collateral errors on other views, just like PubKey, a couple of different requests should be crafted and executed to see if there’s any problem.

Expected result: All the requests are executed sucessfully
Known error: Same as PubKey

ID: LoginPostRequest
Depends on: -
Input action(s):

  • Make a POST request to sessions.json (eg, dev.bitmask.net)

Expected result: HTTP 200 OK
Known error: 500 Internal Server Error

Soledad Server

With invalid authorization header

ID: SoledadServerAuthInvalidAuthHe ader
Depends on: -
Input action(s):

  • HTTP request:
    • No HTTP_AUTHORIZATION header.
    • Resources:
      • /
      • /user-[uuid]/docs/, where [uuid] is some user’s uuid
      • /user-[uuid]/doc/X
      • /user-[uuid]/sync-from/X
      • /shared-db/docs/
      • /shared-db/doc/X
      • /shared-db/sync-from/X

Expected result: 401 Unauthorized
Known error:

ID: SoledadServerAuthNoToken
Depends on: -
Input action(s):

  • HTTP request:
    • HTTP_AUTHORIZATION header which does not contain the token keyword that defines the auth scheme.
    • Resources:
      • /
      • /user-[uuid]/docs/, where [uuid] is some user’s uuid
      • /user-[uuid]/doc/X
      • /user-[uuid]/sync-from/X
      • /shared-db/docs/
      • /shared-db/doc/X
      • /shared-db/sync-from/X

Expected result: 401 Unauthorized
Known error:

ID: SoledadServerAuthInvalidToken
Depends on: -
Input action(s):

  • HTTP request:
    • HTTP_AUTHORIZATION header containing the b64 encoding of the string Token [uuid]:[token], where [token] is an invalid token (expired or wrong, for example).
    • Resources:
      • /
      • /user-[uuid]/docs/, where [uuid] is some user’s uuid
      • /user-[uuid]/doc/X
      • /user-[uuid]/sync-from/X
      • /shared-db/docs/
      • /shared-db/doc/X
      • /shared-db/sync-from/X

Expected result: 401 Unauthorized
Known error:

With valid authorization header

ID: SoledadServerAuthInvalidAction s
Depends on: -
Input action(s):

  • HTTP request:
    • Valid HTTP_AUTHORIZATION header containing the b64 encoding of the string Token [uuid]:[token].
    • Resources:
      • /user-[uuid]/docs/ – where [uuid] is some user’s uuid.
      • /user-[uuid]/doc/X
      • /shared-db/docs/
      • /shared-db/sync-from/X

Expected result: 401 Unauthorized
Known error:

ID: SoledadServerAuthValidActions
Depends on: -
Input action(s):

  • HTTP request:
    • Valid HTTP_AUTHORIZATION header containing the b64 encoding of the string Token [uuid]:[token].
    • Resources:
      • /
      • /user-[uuid]/sync-from/X
      • /shared-db/doc/X

Expected result: 200
Known error: