Addendum of a20141106.2
- Case Number: a20141106.2
- Claimants: Marcus M, Benny B
- Respondents: CAcert
- Complaint: Dispute to analyse strange behaviour on domain dispute
Ticket Number: s20141106.37, reference: s20141102.58
Introduction
A fair amount of research and testing went into this case. It was decided that to gather the test scenario's and findings into an addendum would be much more appropriate and practical than 'polluting' the case log with them.
Bug Tracker
Bug Tracker currently reports 4 bugs as being related to strange behavior in both automated email and domain disputes, 3 of which are actually related and 1 of which is unrelated:
Bug Tracker: ID 1310: The check about email during email dispute works incorrect
Bug Tracker: ID 1311: The check about email during email dispute works incorrect
Bug Tracker: ID 1415: treat deleted emails like free emails in email disputes functionality
The fixes for Bug 1310 and Bug 1384 have both been submitted in 2014. The fix submitted for Bug 1310 is the more complete of the two and addresses both the email dispute and domain dispute issue. The fix for Bug 1384 despite its Bug description only addresses the email dispute issue.
The fix for Bug 1310 made it to the testerver-stable branch in 2014. It is still pending a final review and has never been merged into the release branche.
Bug 1415 was submitted recently and is a duplicate of Bug 1310/Bug 1384.
Bug 1311 when reviewing the steps-to-reproduce appears to be entirely unrelated to the reported strange behavior and points to the Heartbleed issue instead. Bug 1311 probably had its summary description cloned from Bug 1310 and probably was never updated afterwards.
Test Scenarios
The test scenario's are all based on 3 test accounts that, unless noted otherwise, are assumed to be have a pristine history at the start of each test.
The following test scenario's have been run against the test database (testserver-stable):
- Disputing a deleted domain in a locked account
- Disputing a non-deleted domain in a locked account
- Disputing a deleted secondary email in a locked account
- Disputing a non-deleted secondary email in a locked account
- Attempt to link a specific domain to 2 accounts
The tests show that non-deleted domains and emails in locked accounts behave consistently across production (i.e. the release git branche) and test (the testserver-stable git branche). There is a minor difference however in how both branches handle deleted domains and deleted emails in locked accounts.
Step 1.8 in Test 1 describes a situation that ultimately caused Claimaints to report the strange behavior.
Test 5 was added to explicitly verify whether 'playing around' with adding domains might result in domains being linked to more than 1 user. No evidence has been found that that is possible.
1. Disputing a deleted domain in a locked account
Step |
Who |
Description |
Expected result |
Status |
1.01 |
testacc01 |
add and verify domain testdom.tld |
domain shows in account as verified |
OK |
1.02 |
testacc02 |
add domain testdom.tld |
The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue. |
OK |
1.03 |
testacc01 |
delete domain testdom.tld |
the following domains have been removed testdom.tld |
OK |
1.04 |
se |
lock testacc01 |
Account inconsistency: Users record locked set; code: 4 |
ok |
1.05 |
testacc02 |
dispute domain testdom.tld |
The domain 'testdom.tld' doesn't exist in the system. Can't continue. |
OK |
|
|
|
In production the following occurs: Sorry, the domain 'testdom.tld' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this domain '%s', which belongs to a locked account) |
|
1.06 |
testacc02 |
add and verify domain testdom.tld |
domain shows in account as verified |
OK |
1.07 |
testacc03 |
add domain testdom.tld |
The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue. |
OK |
1.08 |
testacc03 |
dispute domain testdom.tld |
The domain 'testdom.tld' has been entered into the dispute system |
OK |
|
|
|
In production the following occurs: Sorry, the domain 'testdom.tld' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this domain '%s', which belongs to a locked account) |
|
1.09 |
testacc02 |
receive accept/reject mail |
You have been sent this email as the domain 'testdom.tld' is being disputed. |
OK |
1.10 |
testacc02 |
rejects dispute |
You have opted to reject this dispute and the request will be removed from the database |
OK |
In production the messages following 1.05 are basically caused by using the Dispute form for the wrong reasons. Performing step 1.06 uses the dialogues as intended and doesn't generate those alerts.
The situation described in step 1.08 however (where a locked account links to the deleted instance of a domain and an active account locks to the active instance of that domain) in production currently can only be resolved by testacc02 actively deleting the domain and testacc03 subsequently adding it. Otherwise the dispute dialogue will exit on finding the locked account links to the deleted instance of the domain.
2. Disputing a non-deleted domain in a locked account
Step |
Who |
Description |
Expected result |
Status |
2.01 |
testacc01 |
add and verify domain testdom.tld |
domain shows in account as verified |
OK |
2.02 |
testacc02 |
add domain testdom.tld |
The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue. |
OK |
2.03 |
se |
lock testacc01 |
Account inconsistency: Users record locked set; code: 4 |
ok |
2.04 |
testacc02 |
add domain testdom.tld |
The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue. |
OK |
2.05 |
testacc02 |
dispute domain testdom.tld |
Sorry, the domain 'testdom.tld' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this domain '%s', which belongs to a locked account) |
OK |
3. Disputing a deleted secondary email in a locked account
Step |
Who |
Description |
Expected result |
Status |
3.01 |
testacc01 |
add and verify email testacc11 |
email testacc11 shows in account as verified |
OK |
3.02 |
testacc01 |
delete email testacc11 |
The following email addresses have been removed: testacc11 |
OK |
3.03 |
se |
lock testacc01 |
Account inconsistency: Users record locked set; code: 4 |
ok |
3.04 |
testacc02 |
dispute email testacc11 |
The email address 'testacc11' doesn't exist in the system. Can't continue. |
OK |
|
|
|
In production the following occurs: Sorry, the email address 'testacc11' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this email address '%s', which belongs to a locked account) |
|
3.05 |
testacc02 |
add and verify email testacc11 |
email testacc11 shows in account as verified |
OK |
4. Disputing a non-deleted secondary email in a locked account
User testacc02 still owns the testacc11 email address.
Step |
Who |
Description |
Expected result |
Status |
4.01 |
se |
lock testacc02 |
Account inconsistency: Users record locked set; code: 4 |
ok |
4.02 |
testacc01 |
add email testacc11 |
The email address 'testacc11' is already in a different account. Can't continue. |
OK |
4.03 |
testacc01 |
dispute email testacc11 |
Sorry, the email address 'testacc11' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this email '%s', which belongs to a locked account) |
OK |
5. Attempt to link a specific domain to 2 accounts
Step |
Who |
Description |
Expected result |
Status |
5.01 |
testacc01 |
add domain testdom.tld but do not probe yet |
Waiting for testacc01 to push Probe button |
OK |
5.02 |
testacc02 |
add domain testdom.tld but do not probe yet |
Waiting for testacc02 to push Probe button |
OK |
5.03 |
testacc01 |
probe domain testdom.tld |
The domain 'testdom.tld' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address. |
OK |
5.04 |
testacc02 |
probe domain testdom.tld |
The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue. |
OK |