NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts
To Technology Laboratory - To Technology Laboratory - Overview Projects - To Brain Study COrbitCA - To comma Workbench COrbitCA
COrbitCA - CAcert.org Account Holders CCA Completing Campaign - Technology Project Background
The CCA Rollout needs system patches that are developed by dirk and added to the test system test1.cacert.at.
- These patches needs to be tested before activating it on the live system.
- As of Aug 31th 2009, there is no test plan and no ongoing testing.
- This page is the matrix to coordinate the tests and is also the report overview.
- This project is defered and will be handled under Software-Assessment if Software-Assessment project finishes.
CCA patches Testing
S T O P P E D
- 2009-11-20 by Dirk Astrath
first: D O N ' T P A N I C ! ! ! (well ... i would have used nice and friendly red letters to write DON'T PANIC) ... but in pure-text-emails this is not possible) what i wanted to say: some minutes ago i removed the CCA-patches from the web of test1.cacert.at and installed the actual tarball there. ( Before you ask: No ... I'm not drunk [okay ... one coke light, but this doesn't count] ... and i don't used drugs ... ;-) ). The patches will come back ... but differently ... ... since i've seen, that the way i did it in July did not work. The background is not ready up to now, but will be prepared in the next week ... so additional informations will follow. have a nice day ...
Project Description
The CCA Rollout needs system patches that are developed by dirk and added to the test system test1.cacert.at. These patches needs to be tested before activating it on the live system.
As of Aug 31th, there is no test plan and no ongoing testing. This page is the matrix to coordinate the tests and is also the report overview.
Test Team
- Ted
- Ian
- Uli
- b2, a.k.a. Joost
- WD, aka Werner
Test Environment
The test environment includes addtl. coding, that needs to be removed, once the testing has been finished. To set the different permission levels for testing different user levels (un-assurerd, assured, challenge passed users and so on) needs setting the permission levels individualy. Therefor each tester needs by default SSH access and knowledge about how to modify the account settings for the test account.
To get a wider test team, addtl. code has been implemented:
/www/includes/account_stuff.php lines 218 - 224 (inserting an addtl. menu option) /www/ccatperm.php
- Start the test with create an account.
- Test all menu option you can reach with this level of permission
- Select menu: CCA Patch - Set permissions to set the next level for testing by yourself
After selecting the permissions, you'll get a results page of permissions modifications, with Next you start from the login page
Repeat all tests with the new permission settings, each permissions level (points) have two test options: a) without Challenge passed b) with Challenge passed
- continue at step 2 until all permission levels and all addtl. options has been tested
For the first time you get only the next possible permission level. If once 150 points reached, you have also addtl. option settings (ORGadmin, TTPadmin, Board setting, and so on). So please walk thru all menu options, to test all possible actions by each permission level. With increased permission level, addtl. options are possible and scripts that cannot accessed by permission level 0 points with no Challenge passed can be tested later on.
- 2009-10-28 [uli] addtl. code added to test1.cacert.at CCA patches test branch
What you have to test - The 25 test levels
Each function listed in the matrix below (each? not all) includes the addtl. Checkbox for the CCA acceptance. First you have to try to leave the Checkbox unselected. Can you continue with the regular function you've selected ? or does the system report a warning message, stopping you to continue processing ? If so, the test was successful in the first step. Now retry to start this function with the Checkbox enabled. Can you continue to the next page ? If yes, the 2nd half of the test was successful and needs to be reported with a SUCCESS below in the test matrix.
All key generation functions (generate client cert, generate server cert) doesn't completes, but before processing the key generation function you'll receive a page before. If you'll reach this page the test is successful even though the key generation doesn't works.
There are some scripts that cannot reached by directly testing. These scripts are include files or central scripts that are used by several functions. In this case, the related functions are listed in the comments box. In error reportings these scripts may be displayed (i.e. error in /www/wot.php ...)
Several scripts cannot be accessed without proper flag settings (TTPadmin, Sysadmin, ORGadmin). These flags are disabled from the beginning. At the very end of your testings, if you have reached the 150 points level, these addtl. flag settings becomes selectable by the CCA Patch - Set permissions page.
As some functions may vary in the results by different point levels, the tests needs to be repeated again and again thru several point levels. There are 10 levels included in this "Set Permissions" script: 0, 1, 49, 50, 51, 99, 100, 102, 148, 150 points.
The Assurers are no longer assurers if they didn't passed the Assurers Challenge, the scripting includes also this situation. An old assurer with 150 points, Assurer Challenge not passed yet needs also be tested. So, each level should be tested twice. One test without the Assurer Challenge passed, the 2nd round at the same level with the Assurer Challenge passed flag set.
So all in all you have to walk thru 20 test levels upto 150 points. Then, you have to do some addtl. special flags testing: TTPadmin, Board, TTPadmin and Board, ORGadmin, Sysadmin flags enabled. This means: 5 addtl. test rounds.
If you'll find some errors (except key generation error, this function is not available on the test system), please report these errors at the end of this page.
Test Matrix
Glossar: {+} Test success, {0} Ongoing Test or needs reviewing by others, {-} Test fails, N/A
Testers |
Ted |
Iang |
Uli |
b2 |
WD |
... |
Description |
Comment # |
Group 1 patches |
|
|
0,1- |
|
|
|
... level tested |
|
/www/index.php |
|
|
{+} |
|
|
|
Logged-In: CAcert.org - Go Home |
|
/pages/index/0.php |
|
|
{0} |
|
|
|
Logged-Out: Translations - id=0&lang=de_DE |
x18 |
/pages/index/1.php |
|
|
{+} |
{+} |
|
|
create an account |
w/o CCA is blocked |
/pages/index/1.php |
|
{+} |
{+} |
{-} |
|
|
create an account |
x1, x2, x12 |
/pages/index/4.php |
|
{+} |
{+} |
|
|
|
password login |
x2 |
Group 2 patches |
|
|
1- |
|
|
|
|
|
/www/gpg.php |
|
|
|
|
|
|
|
N/A at level 0 (as expected?) |
/pages/gpg/0.php |
|
|
|
|
|
|
GPG/PGP Keys - New |
N/A at level 0 (as expected?) |
Group 3 patches |
|
|
1- |
|
|
|
|
|
/includes/account.php |
|
|
|
|
|
|
include file of /www/account.php |
x11 |
/pages/account/1.php |
|
{+} |
{+} |
{+} |
|
|
add email to account |
|
/pages/account/3.php |
|
{-} |
{+} |
{+} |
|
|
generate client certificate |
x7, x13, x14 |
/pages/account/7.php |
|
{0} |
{+} |
|
|
|
add domain |
x14, x15 |
/pages/account/10.php |
|
|
{+} |
|
|
|
generate server certificate (paste csr) |
x13, x14 |
/pages/account/13.php |
|
{+} |
{+} |
{+} |
|
|
edit personal data |
|
/pages/account/16.php |
|
|
|
{+} |
|
|
OA - generate client certificate |
Needs ORGadmin set |
/pages/account/20.php |
|
|
|
|
|
|
OA - paste csr (generate server certificate) |
Needs ORGadmin set; is this correct? the page does not say |
/pages/account/43.php |
|
|
|
|
|
|
Sysadmin - Find User - Show Agreements the user gave. how do we do this? |
x5, x10 |
Group 4 patches |
|
|
1- |
|
|
|
|
|
/www/wot.php |
|
|
{0} |
|
|
|
Is used by: My Details (Listing, Location, Points), CAcert Web of Trust (About, Find an Assurer, Rules, Assure Someone, Trusted Third Parties) |
Walk thru all the menu options listed in the box one left // x17, x9 |
/pages/wot/6.php |
|
|
|
|
|
|
Special Assurance Programs |
Needs 3 tests: TTPadmin set, Board set, TTPadmin and Board set; x16 |
|
|
|
|
|
|
|
|
|
Testers |
Ted |
Ian |
Uli |
b2 |
WD |
... |
Description |
Comment # |
unpatched |
|
|
1- |
|
|
|
|
|
/pages/index/5.php |
|
{+} |
{+} |
{0} |
|
|
Lost password function |
x3, do we want to ask CCA acceptance here? x4 |
/pages/disputes/1.php |
|
|
{0} |
|
|
|
emailaddress dispute |
x6 |
/pages/disputes/2.php |
|
|
{0} |
|
|
|
domain dispute |
x6 |
/pages/wot/10.php |
|
|
{-} |
|
|
|
Details - My Points |
x8, x9 |
Comment #
x1) create an account
Ian:
- I tried twice yesterday to create an account on the test1 system and both times the email ping failed. I tried two different email addresses. Both times it said:
- Error! The ID or Hash has already been verified, or something weird happened.
- So there is something I don't know about the test system, or there is a bug or there is access control or something.
- PS: one time it grumbled in loud red about grey listing, but that disappeared after an hour.
- 5.9.09: (PG) I analyzed and fixed the problem. The CCA patch broke the signup functionality, due to the code being inserted at the wrong place.
x2) create an account, password login (fixed)
uli:
- Try #1: Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid
- Try #2 (after waiting 2 min.): Your information has been submitted into our system. You will now be sent an email with a web link, you need to open that link in your web browser within 24 hours or your information will be removed from our system!
after receiving email verification: http://www.test1.cacert.at/verify.php?type=email&emailid=.. returns: Error! The ID or Hash has already been verified, or something weird happened.
- Pwd Login: Your account has not been verified yet, please check your email account for the signup messages.
removing www from the verify link http://test1.cacert.at/verify.php... seems working but ends also with ID or Hash not verified
- 1.9.09: request for assistance by PD,Ted,Evaldo by email
- 5.9.09: (PG) I analyzed and fixed the problem. The CCA patch broke the signup functionality, due to the code being inserted at the wrong place.
- 6.9.09: Pwd Login: Your account has not been verified yet, please check your email account for the signup messages.
using email probe link http://www.test1.cacert.at/verify.php?type=email&emailid=69&hash=... results in: Error! The ID or Hash has already been verified, or something weird happened.
- Join results in: This email address is currently valid in the system
- looping system w/o intervention
- 22.9.09: (US) Pwd Login: (with 2 accounts, same result) Incorrect email address and/or Pass Phrase
- 22.9.09: (US) Mail Probe Link: Error! The ID or Hash has already been verified, or something weird happened.
- 22.9.09: (US) Lost Password: Unable to match your details with any user accounts on file
- 23.9.09: (US) account was no longer valid (24 hours removal?!?), restarted create account procedure - works
- after rcpt of verify email: "Updated, Your account and/or email address has been verified. You can now start issuing certificates for this address."
x3) lost password
three-questions & password change seems to work.
- Do we want a CCA accept on that happy occasion? (similar to account creation, no_CCA==fail)
uli: as the lost-password-procedure is a recovery procedure for the account, it don't need addtl. barriers to get the problem fixed. so i'll think, CCA checkbox and fail if not set makes no sense at this point. there are enough other places were checkbox is set
x4)
- The links on page index?id=4 now points to the main cacert site. (in/beneath the login form)
- 2009-11-02 (uli) Text links points to www.cacert.org, thats ok, as this is the test website that covers the functions, not the text content. Text links that are set in translingo are the same on the test website as on the production test site.
x5) no access
b2: if have no access to these pages.
2009-10-28 uli: working on a set-permissions-page for CCA patches testing, where all these needed flags can be set ,-)
x6) dispute pages no CCA?
- Why do the disputes pages not have a CCA check? Don't they need one?
- They are not real disputes as we now know them. They are really ways to move domains and complain about some problem with domains. In essence the whole area needs to be reviewed and hacked.
- 2009-11-02 (uli) in relation to the arbitration blockage, it makes sense to add a "I agree to the CCA" here ... to prevent waiting for the CCA agreement
x7) revoke pending certificate
- revoking/deleting pending certificate yielded an error
Notice: Undefined index: revokeid in /www/includes/account.php on line 994 You did not select any certificates for revocation.Now deleting the following pending requests: Removed a pending request for '**@**.**'
x8) My Details - My Points (solved)
- 23.9.09 22:20 (uli) side effect?
Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (111) in /www/pages/wot/10.php on line 29 Warning: mysql_query(): A link to the server could not be established in /www/pages/wot/10.php on line 29 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /www/pages/wot/10.php on line 30
- Most CAcert functions are currently unavailable. Please come back later. ???
- 2009-10-22 Problem solved
x9) My Details - My Points
- 22.10.2009 (uli)
Assurer Ranking You have made 1 assurances which ranks you as the #7 top assurer. Your Assurance Points ID Date Who Points Location Method 78 22.10.2009 dirk astrath 150 FFM Administrative Increase Total Points: 150 Notice: Undefined index: to in /www/pages/wot/10.php on line 112 <===== !!!!!!!!!! Assurance Points You Issued ID Date Who Points Location Method 79 22.10.2009 Ulrich Schroeter 0 Frankfurt am Main Face to Face Meeting Total Points Issued: 0
x10) Sysadmin - Find User Operations
- 2009-10-22 (uli)
Show Assurances the user got https://www.test1.cacert.at/account.php?id=43&userid=119&assuredto=yes 7 columns header, result columns: 1st spawn=2, 2nd spawn=1, 3rd spawn=3, 1 missing Show Assurances the user gave https://www.test1.cacert.at/account.php?id=43&userid=119&assuredby=yes 7 columns header, result columns: 1st spawn=2, 2nd spawn=1, 3rd spawn=3, 1 missing table result columns missing 1 column Show Agreements the user gave https://www.test1.cacert.at/account.php?id=43&userid=119&listagreements=yes 4 columns header, result columns: 4x 1 is ok
x11) /includes/account.php
- 2009-10-22 (uli)
Script cannot be tested individualy, cause its an include file in all account.php operations. /www/account.php line 19 include("../includes/account.php"); and includes the requested actions handling of all other account.php scripts its only 'viewable' in case of an error
x12) Password
Password requires a space in it, otherwise the "strength-o-meter" gives from -2 to +2 points.
It seems that requiring a full strength test of every feature of the system ... in order to test the required stuff we want to test today ... might be inefficient!
x13) Generate Client/Server Cert
End with message that it is queued and never comes back...
- 2009-10-28 (uli)
Client Cert: first selection and option page that includes the CCA accept checkbox is the page that needs testing, the next page: key-generation Keysize High/Middle and Create Certificate Request isn't under testing, so if first page prevents continue with key-generation if CCA accept checkbox isn't set, the test is successful (see also #14). hint: the test system has no connection to a key-generator in the background, so the test system can never create keys ...
Server Cert: 2nd page on generate server certificate displays the name included in the CSR. If you reach this point, the CCA agreement checkbox needs to be enabled, then this test was successful. The next step in this function (generate key) will allways be queued (see above remark under #13) Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status.
x14) Multiple pages Functions
- 2009-10-28 (uli)
- some functions works with several pages, a intro page, where the CCA acceptance needs to be checked, if its unchecked, a warning message has to appear, then the test is successful. If the warning message doesn't appear if the checkbox isn't enabled, the test fails. All subsequent pages relating to the function without further CCA accept checkboxes may not work (i.e. key-generation)
x15) Email Response
- (Ian) RFC emails aren't useful
- 2009-10-28 (Uli) from the ATE mailing exeperience, other formats are not compatible in all circumstances, so plain ASCII, raw RFC format is the most common basis that can be read by all clients
x16) Special Assurance Programs
- with /pages/wot/6.php special CAcert assurance programs needs to be tested.
- "Face to Face Meeting"
- "Trusted 3rd Parties"
- "Thawte Points Transfer"
- "Administrative Increase"
- "CT Magazine - Germany"
- To test these special programs, the
- TTPadmin
- Board and
- TTPadmin and Board
- flags needs to be set. This is one of the last tests you have to check. So these flags can be set at the very end of the CCA patches testing routine, once reached the 150 points level.
x17) Ajax Form not working
- 2009-11-02 (uli)
- Ajax form seems to be not working
- - My Details - My Location (wot.php?id=13)
- - CAcert Web of Trust - Find an Assurer (wot.php?id=12) (doesn't show any results ?!?)
- putting 'Frankfurt' into the field doesn't popup the window that lists several entries starting with 'Frankfurt' i.e. 'Frankfurt, Bayern, Germany', 'Frankfurt am Main, Hessen, Germany'
SGML Parser Error / Warning messages Result: 7 Fehler / 0 Warnungen line 6 column 67 - Fehler: document type does not allow element "META" here 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 6: <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> line 27 column 6 - Fehler: end tag for element "HEAD" which is not open 27: </head> line 28 column 64 - Fehler: document type does not allow element "BODY" here 28: <body onload="hideall(); explode('home'); explode('mydetails');"> line 82 column 42 - Fehler: required attribute "TYPE" not specified 82: <script language="javascript" src="/ac.js"></script> line 83 column 29 - Fehler: required attribute "TYPE" not specified 83: <script language="javascript"> line 99 column 28 - Fehler: there is no attribute "AUTOCOMPLETE" 99: <td><input autocomplete="off" type="text" id="location" name="location" value="" size="50" /> (hit enter to submit)</td> line 104 column 29 - Fehler: required attribute "TYPE" not specified 104: <script language="javascript">
x18) Translation DE
- 2009-11-14 (uli)
- should it be German than after switching on the test system ?
- the resulting page is in english
references: