Addendum of a20141106.2

Introduction

A fair amount of research and testing went into this case. It was decided that to gather the test scenario's and findings into an addendum would be much more appropriate and practical than 'polluting' the case log with them.

Bug Tracker

Bug Tracker currently reports 4 bugs as being related to strange behavior in both automated email and domain disputes, 3 of which are actually related and 1 of which is unrelated:

The fixes for Bug 1310 and Bug 1384 have both been submitted in 2014. The fix submitted for Bug 1310 is the more complete of the two and addresses both the email dispute and domain dispute issue. The fix for Bug 1384 despite its Bug description only addresses the email dispute issue.

The fix for Bug 1310 made it to the testerver-stable branch in 2014. It is still pending a final review and has never been merged into the release branche.

Bug 1415 was submitted recently and is a duplicate of Bug 1310/Bug 1384.

Bug 1311 when reviewing the steps-to-reproduce appears to be entirely unrelated to the reported strange behavior and points to the Heartbleed issue instead. Bug 1311 probably had its summary description cloned from Bug 1310 and probably was never updated afterwards.

Test Scenarios

The test scenario's are all based on 3 test accounts that, unless noted otherwise, are assumed to be have a pristine history at the start of each test.

The following test scenario's have been run against the test database (testserver-stable):

  1. Disputing a deleted domain in a locked account
  2. Disputing a non-deleted domain in a locked account
  3. Disputing a deleted secondary email in a locked account
  4. Disputing a non-deleted secondary email in a locked account
  5. Attempt to link a specific domain to 2 accounts

The tests show that non-deleted domains and emails in locked accounts behave consistently across production (i.e. the release git branche) and test (the testserver-stable git branche). There is a minor difference however in how both branches handle deleted domains and deleted emails in locked accounts.

Step 1.8 in Test 1 describes a situation that ultimately caused Claimaints to report the strange behavior.

Test 5 was added to explicitly verify whether 'playing around' with adding domains might result in domains being linked to more than 1 user. No evidence has been found that that is possible.

1. Disputing a deleted domain in a locked account

Step

Who

Description

Expected result

Status

1.01

testacc01

add and verify domain testdom.tld

domain shows in account as verified

OK

1.02

testacc02

add domain testdom.tld

The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue.

OK

1.03

testacc01

delete domain testdom.tld

the following domains have been removed testdom.tld

OK

1.04

se

lock testacc01

Account inconsistency: Users record locked set; code: 4

ok

1.05

testacc02

dispute domain testdom.tld

The domain 'testdom.tld' doesn't exist in the system. Can't continue.

OK

In production the following occurs: Sorry, the domain 'testdom.tld' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this domain '%s', which belongs to a locked account)

1.06

testacc02

add and verify domain testdom.tld

domain shows in account as verified

OK

1.07

testacc03

add domain testdom.tld

The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue.

OK

1.08

testacc03

dispute domain testdom.tld

The domain 'testdom.tld' has been entered into the dispute system

OK

In production the following occurs: Sorry, the domain 'testdom.tld' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this domain '%s', which belongs to a locked account)

1.09

testacc02

receive accept/reject mail

You have been sent this email as the domain 'testdom.tld' is being disputed.

OK

1.10

testacc02

rejects dispute

You have opted to reject this dispute and the request will be removed from the database

OK

In production the messages following 1.05 are basically caused by using the Dispute form for the wrong reasons. Performing step 1.06 uses the dialogues as intended and doesn't generate those alerts.

The situation described in step 1.08 however (where a locked account links to the deleted instance of a domain and an active account locks to the active instance of that domain) in production currently can only be resolved by testacc02 actively deleting the domain and testacc03 subsequently adding it. Otherwise the dispute dialogue will exit on finding the locked account links to the deleted instance of the domain.

2. Disputing a non-deleted domain in a locked account

Step

Who

Description

Expected result

Status

2.01

testacc01

add and verify domain testdom.tld

domain shows in account as verified

OK

2.02

testacc02

add domain testdom.tld

The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue.

OK

2.03

se

lock testacc01

Account inconsistency: Users record locked set; code: 4

ok

2.04

testacc02

add domain testdom.tld

The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue.

OK

2.05

testacc02

dispute domain testdom.tld

Sorry, the domain 'testdom.tld' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this domain '%s', which belongs to a locked account)

OK

3. Disputing a deleted secondary email in a locked account

Step

Who

Description

Expected result

Status

3.01

testacc01

add and verify email testacc11

email testacc11 shows in account as verified

OK

3.02

testacc01

delete email testacc11

The following email addresses have been removed: testacc11

OK

3.03

se

lock testacc01

Account inconsistency: Users record locked set; code: 4

ok

3.04

testacc02

dispute email testacc11

The email address 'testacc11' doesn't exist in the system. Can't continue.

OK

In production the following occurs: Sorry, the email address 'testacc11' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this email address '%s', which belongs to a locked account)

3.05

testacc02

add and verify email testacc11

email testacc11 shows in account as verified

OK

4. Disputing a non-deleted secondary email in a locked account

User testacc02 still owns the testacc11 email address.

Step

Who

Description

Expected result

Status

4.01

se

lock testacc02

Account inconsistency: Users record locked set; code: 4

ok

4.02

testacc01

add email testacc11

The email address 'testacc11' is already in a different account. Can't continue.

OK

4.03

testacc01

dispute email testacc11

Sorry, the email address 'testacc11' cannot be disputed for administrative reasons. To solve this problem please get in contact with support-at-co. (Someone has just attempted to dispute this email '%s', which belongs to a locked account)

OK

Step

Who

Description

Expected result

Status

5.01

testacc01

add domain testdom.tld but do not probe yet

Waiting for testacc01 to push Probe button

OK

5.02

testacc02

add domain testdom.tld but do not probe yet

Waiting for testacc02 to push Probe button

OK

5.03

testacc01

probe domain testdom.tld

The domain 'testdom.tld' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address.

OK

5.04

testacc02

probe domain testdom.tld

The domain 'testdom.tld' is already in a different account and is listed as valid. Can't continue.

OK



Arbitrations/a20141106.2/Addendum (last edited 2016-07-24 15:22:16 by PietStarreveld)