taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit 287e071c68dd0b1bcc046bdcb3fb60d91222eff4
parent 94dfcc2f94d2f4ebfc2d86bce3ed479452f6ec72
Author: Antoine A <>
Date:   Wed,  7 May 2025 13:40:40 +0200

checklists

Diffstat:

Mchecklists/checklist-demo-upgrade.rst | 174++-----------------------------------------------------------------------------


Mchecklists/checklist-gls.rst | 6+++---


Achecklists/frags/checklist-common.rst | 167+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Rchecklists/checklist-wallet.rst -> checklists/frags/checklist-wallet.rst | 0


4 files changed, 173 insertions(+), 174 deletions(-)

diff --git a/checklists/checklist-demo-upgrade.rst b/checklists/checklist-demo-upgrade.rst
@@ -34,8 +34,6 @@ Basics
 - |democheck| see if the wallet presence indicator is updated correctly (in browsers).
 - |democheck| Visit https://exchange.demo.taler.net/terms to check ToS works
 
-
-
 LibEuFIn
 --------
 
@@ -64,7 +62,7 @@ To run those test you need one wallet.
 - |democheck| (MB-only) manually export transactions to bank account
 
 
-.. include:: checklist-wallet.rst
+.. include:: frags/checklist-wallet.rst
 
 Blog demo
 ---------
@@ -109,171 +107,4 @@ Donation demo
   that the payment is requested again, instead of showing the previous
   fulfillment page.
 
-
-Merchant SPA
-------------
-
-- |democheck| test SPA loads
-- |democheck| check SPA language switcher
-- |democheck| try to login with wrong password
-- |democheck| try to login with correct password
-- |democheck| create instance, check default is set to cover (STEFAN) fees
-- |democheck| modify instance
-- |democheck| add bank account
-- |democheck| (if KYC is on) check KYC AUTH request notification is requested
-- |democheck| edit bank account
-- |democheck| (if KYC is on) check KYC AUTH request notification is requested
-- |democheck| (if KYC is on) perform KYC AUTH wire transfer
-- |democheck| (if KYC is on) check KYC AUTH request notification is cleared
-- |democheck| remove bank account
-- |democheck| check order creation fails without bank account
-- |democheck| add bank account again
-- |democheck| (if KYC is on) check KYC AUTH request notification remains off
-- |democheck| add inventory category
-- |democheck| add 2nd inventory category
-- |democheck| edit inventory category
-- |democheck| add product with 1 in stock and preview image and two categories
-- |democheck| edit inventory product
-- |democheck| add 2nd inventory product
-- |democheck| delete 2nd inventory product
-- |democheck| add "advanced" order with inventory product and a 2 minute wire delay
-- |democheck| claim order, check available stock goes down in inventory
-- |democheck| create 2nd order, check this fails due to missing inventory
-- |democheck| pay for 1st order with wallet
-- |democheck| check transaction history for preview image
-- |democheck| trigger partial refund
-- |democheck| accept refund with wallet
-- |democheck| create template with fixed summary, default editable price
-- |democheck| scan template QR code, edit price and pay
-- |democheck| add TOTP device (using some TOTP app to share secret with)
-- |democheck| edit TOTP device (using some TOTP app to share secret with)
-- |democheck| edit template to add TOTP device, set price to fixed, summary to be entered
-- |democheck| scan template QR code, edit summary and pay
-- |democheck| check displayed TOTP code matches TOTP app
-- |democheck| delete TOTP device
-- |democheck| delete template device
-- |democheck| do manual wire transfer in bank to establish reserve funding
-- |democheck| check that partially refunded order is marked as awaiting wire transfer
-- |democheck| check bank wired funds to merchant (if needed, wait)
-- |democheck| add bank wire transfer manually to backend
-- |democheck| change settings for merchant to not pay for (STEFAN) fees
-- |democheck| create and pay for another order with 1 minute wire transfer delay
-- |democheck| edit bank account details, adding revenue facade with credentials
-- |democheck| wait and check if wire transfer is automatically imported
-- |democheck| check that orders are marked as completed
-
-
-Android Merchant PoS
---------------------
-
-* |democheck| Configure using instance with configured inventory
-* |democheck| Check categories and products show (with images!)
-* |democheck| Add product to order
-* |democheck| Add product again to order (+)
-* |democheck| Remove product from order (-)
-* |democheck| Request payment
-* |democheck| Abort payment, check order can still be edited
-* |democheck| Request and make payment, check payment confirmed
-* |democheck| Create another order, delete/abort it without paying
-
-Auditor
--------
-
-- |democheck| Check auditor SPA is access controlled
-- |democheck| Check /config endpoint (and implied POST /deposit-confirmation are public)
-- |democheck| Check exchange /keys reports auditor's existence
-- |democheck| Check auditor imports exchange transaction data (non-zero progress points)
-- |democheck| Check auditor SPA reports no failures from previous transactions
-- |democheck| Check auditor SPA bank balance matches exchange bank balance
-
-
-Exchange KYC Triggers
----------------------
-
-Each of these checks should be done with a fresh account, merchant instance
-or wallet (if they previously ran into a KYC check already). Specific amounts
-depend on the configured trigger thresholds.
-
-- |democheck| withdraw: withdraw large amount, make sure it is forbidden or runs into KYC check (shown by wallet)
-- |democheck| aggregation: pay large order, make sure it runs into aggregate KYC check (shown by merchant SPA)
-- |democheck| deposit large amount into other account with wallet, make sure it runs into KYC AUTH + KYC check (shown by wallet)
-- |democheck| balance: withdraw large amounts from multiple accounts, make sure it is forbidden or runs into KYC check (shown by wallet)
-- |democheck| P2P receive large amount: make sure it runs into KYC check (shown by wallet)
-- |democheck| P2P invoice large amount: make sure it runs into KYC check (shown by wallet)
-- |democheck| Onboarding check (KYC AUTH, ToS-acceptance) triggered for new merchant accounts
-
-
-Exchange KYC SPA
-----------------
-
-Consult the specific deployment's KYC configuration to see which KYC processes
-are used.
-
-- |democheck| check SPA language switcher
-- |democheck| check INFO page(s) where KYC status is shown
-- |democheck| check LINK page(s) with link to external KYC process (e.g. challenger)
-- |democheck| (if possible) check challenger SPA language switcher
-- |democheck| (if possible) check KYC SPA main page with multiple choices (AND/OR combinators)
-- |democheck| perform LINKed external process, check data imported correctly
-- |democheck| check FORM pages for each possible KYC form of the deployment
-- |democheck| submit FORM pages with valid but also obviously invalid data (if applicable)
-- |democheck| check main page updated to next stage correctly after each possible FORM
-- |democheck| check SMS generation (and restriction to CH-only) by SMS challenger (telesign!), production-only (not for demo)
-- |democheck| check Postal mail generation (incl. address conversion to proper format) by Postal challenger (pingen!), production-only (not for demo)
-
-
-Exchange AML SPA
-----------------
-
-- |democheck| check SPA language switcher
-- |democheck| load, enable account using taler-exchange-offline
-- |democheck| log out
-- |democheck| check log in fails from different browser with same password
-- |democheck| check log in fails from original browser with incorrect password
-- |democheck| check log in succeeds with correct password
-- |democheck| enter data in each available AML form
-- |democheck| check data of AML form shows properly in account history
-- |democheck| submit AML form and trigger event (explicitly or by setting account property)
-- |democheck| check event statistics are properly updated and shown on main page
-- |democheck| submit AML form and change account thresholds for some operation with VERBOTEN
-- |democheck| check new threshold is now enforced by the exchange (VERBOTEN)
-- |democheck| submit AML form and change account threshold for some operation to trigger KYC check
-- |democheck| check new threshold is now enforced by exchange and KYC check is triggered
-- |democheck| submit AML form and change account threshold for some operation to trigger AML investigation (and clear investigation flag)
-- |democheck| check new threshold marks account again for investigation after threshold is crossed
-- |democheck| submit AML form with a short expiration (minutes) and a fallback of "investigate again"
-- |democheck| check new rules are applied until expiration
-- |democheck| check account is automatically listed again for investigation after expiration time is reached
-- |democheck| view historic AML decisions in history, view submitted KYC data
-
-
-Sanction lists
---------------
-
-- |democheck| ensure account with KYC data exists in the system
-- |democheck| manually write santion list with user that clearly does not match
-- |democheck| import sanction list, check nothing is done
-- |democheck| edit sanction list to match the existing account a bit
-- |democheck| import sanction list, check account is flagged for investigation by AML staff but remains operational
-- |democheck| clear the investigation flag
-- |democheck| edit sanction list to match the existing account perfectly
-- |democheck| import sanction list, check account is flagged for investigation by AML staff and also frozen (all limits 0, not exposed)
-- |democheck| manually clear user and unfreeze account in AML SPA (setting "SANCTION-OVERRIDE: $DATE" property)
-- |democheck| re-import sanction list with yet another user and cleared user
-- |democheck| check manually cleared user is not re-frozen (due to "SANCTION-OVERRIDE" property with date in the future)
-- |democheck| add user matching new entry in sanction list
-- |democheck| check new user is auto-frozen and flagged for investigation
-
-
-Shutdown
---------
-
-- |democheck| create two full wallets, fill one only via (a large) P2P transfer
-- |democheck| revoke highest-value denomination
-- |democheck| spend money in a wallet such that the balance falls below highest denomination value
-- |democheck| revoke all remaining denominations
-- |democheck| fail to spend any more money
-- |democheck| if wallet was filled via p2p payments, wallet asks for target deposit account (exchange going out of business)
-- |democheck| enter bank account (if possible)
-- |democheck| wallet balance goes to zero
-- |democheck| specified bank account receives remaining balance
+.. include:: frags/checklist-common.rst
+\ No newline at end of file
diff --git a/checklists/checklist-gls.rst b/checklists/checklist-gls.rst
@@ -3,6 +3,6 @@ GLS GNU Taler Integration Checklist
 
 .. toctree::
 
-TODO
+.. include:: frags/checklist-wallet.rst
 
-.. include:: checklist-wallet.rst
-\ No newline at end of file
+.. include:: frags/checklist-common.rst
+\ No newline at end of file
diff --git a/checklists/frags/checklist-common.rst b/checklists/frags/checklist-common.rst
@@ -0,0 +1,167 @@
+Merchant SPA
+------------
+
+- |democheck| test SPA loads
+- |democheck| check SPA language switcher
+- |democheck| try to login with wrong password
+- |democheck| try to login with correct password
+- |democheck| create instance, check default is set to cover (STEFAN) fees
+- |democheck| modify instance
+- |democheck| add bank account
+- |democheck| (if KYC is on) check KYC AUTH request notification is requested
+- |democheck| edit bank account
+- |democheck| (if KYC is on) check KYC AUTH request notification is requested
+- |democheck| (if KYC is on) perform KYC AUTH wire transfer
+- |democheck| (if KYC is on) check KYC AUTH request notification is cleared
+- |democheck| remove bank account
+- |democheck| check order creation fails without bank account
+- |democheck| add bank account again
+- |democheck| (if KYC is on) check KYC AUTH request notification remains off
+- |democheck| add inventory category
+- |democheck| add 2nd inventory category
+- |democheck| edit inventory category
+- |democheck| add product with 1 in stock and preview image and two categories
+- |democheck| edit inventory product
+- |democheck| add 2nd inventory product
+- |democheck| delete 2nd inventory product
+- |democheck| add "advanced" order with inventory product and a 2 minute wire delay
+- |democheck| claim order, check available stock goes down in inventory
+- |democheck| create 2nd order, check this fails due to missing inventory
+- |democheck| pay for 1st order with wallet
+- |democheck| check transaction history for preview image
+- |democheck| trigger partial refund
+- |democheck| accept refund with wallet
+- |democheck| create template with fixed summary, default editable price
+- |democheck| scan template QR code, edit price and pay
+- |democheck| add TOTP device (using some TOTP app to share secret with)
+- |democheck| edit TOTP device (using some TOTP app to share secret with)
+- |democheck| edit template to add TOTP device, set price to fixed, summary to be entered
+- |democheck| scan template QR code, edit summary and pay
+- |democheck| check displayed TOTP code matches TOTP app
+- |democheck| delete TOTP device
+- |democheck| delete template device
+- |democheck| do manual wire transfer in bank to establish reserve funding
+- |democheck| check that partially refunded order is marked as awaiting wire transfer
+- |democheck| check bank wired funds to merchant (if needed, wait)
+- |democheck| add bank wire transfer manually to backend
+- |democheck| change settings for merchant to not pay for (STEFAN) fees
+- |democheck| create and pay for another order with 1 minute wire transfer delay
+- |democheck| edit bank account details, adding revenue facade with credentials
+- |democheck| wait and check if wire transfer is automatically imported
+- |democheck| check that orders are marked as completed
+
+
+Android Merchant PoS
+--------------------
+
+* |democheck| Configure using instance with configured inventory
+* |democheck| Check categories and products show (with images!)
+* |democheck| Add product to order
+* |democheck| Add product again to order (+)
+* |democheck| Remove product from order (-)
+* |democheck| Request payment
+* |democheck| Abort payment, check order can still be edited
+* |democheck| Request and make payment, check payment confirmed
+* |democheck| Create another order, delete/abort it without paying
+
+Auditor
+-------
+
+- |democheck| Check auditor SPA is access controlled
+- |democheck| Check /config endpoint (and implied POST /deposit-confirmation are public)
+- |democheck| Check exchange /keys reports auditor's existence
+- |democheck| Check auditor imports exchange transaction data (non-zero progress points)
+- |democheck| Check auditor SPA reports no failures from previous transactions
+- |democheck| Check auditor SPA bank balance matches exchange bank balance
+
+
+Exchange KYC Triggers
+---------------------
+
+Each of these checks should be done with a fresh account, merchant instance
+or wallet (if they previously ran into a KYC check already). Specific amounts
+depend on the configured trigger thresholds.
+
+- |democheck| withdraw: withdraw large amount, make sure it is forbidden or runs into KYC check (shown by wallet)
+- |democheck| aggregation: pay large order, make sure it runs into aggregate KYC check (shown by merchant SPA)
+- |democheck| deposit large amount into other account with wallet, make sure it runs into KYC AUTH + KYC check (shown by wallet)
+- |democheck| balance: withdraw large amounts from multiple accounts, make sure it is forbidden or runs into KYC check (shown by wallet)
+- |democheck| P2P receive large amount: make sure it runs into KYC check (shown by wallet)
+- |democheck| P2P invoice large amount: make sure it runs into KYC check (shown by wallet)
+- |democheck| Onboarding check (KYC AUTH, ToS-acceptance) triggered for new merchant accounts
+
+
+Exchange KYC SPA
+----------------
+
+Consult the specific deployment's KYC configuration to see which KYC processes
+are used.
+
+- |democheck| check SPA language switcher
+- |democheck| check INFO page(s) where KYC status is shown
+- |democheck| check LINK page(s) with link to external KYC process (e.g. challenger)
+- |democheck| (if possible) check challenger SPA language switcher
+- |democheck| (if possible) check KYC SPA main page with multiple choices (AND/OR combinators)
+- |democheck| perform LINKed external process, check data imported correctly
+- |democheck| check FORM pages for each possible KYC form of the deployment
+- |democheck| submit FORM pages with valid but also obviously invalid data (if applicable)
+- |democheck| check main page updated to next stage correctly after each possible FORM
+- |democheck| check SMS generation (and restriction to CH-only) by SMS challenger (telesign!), production-only (not for demo)
+- |democheck| check Postal mail generation (incl. address conversion to proper format) by Postal challenger (pingen!), production-only (not for demo)
+
+
+Exchange AML SPA
+----------------
+
+- |democheck| check SPA language switcher
+- |democheck| load, enable account using taler-exchange-offline
+- |democheck| log out
+- |democheck| check log in fails from different browser with same password
+- |democheck| check log in fails from original browser with incorrect password
+- |democheck| check log in succeeds with correct password
+- |democheck| enter data in each available AML form
+- |democheck| check data of AML form shows properly in account history
+- |democheck| submit AML form and trigger event (explicitly or by setting account property)
+- |democheck| check event statistics are properly updated and shown on main page
+- |democheck| submit AML form and change account thresholds for some operation with VERBOTEN
+- |democheck| check new threshold is now enforced by the exchange (VERBOTEN)
+- |democheck| submit AML form and change account threshold for some operation to trigger KYC check
+- |democheck| check new threshold is now enforced by exchange and KYC check is triggered
+- |democheck| submit AML form and change account threshold for some operation to trigger AML investigation (and clear investigation flag)
+- |democheck| check new threshold marks account again for investigation after threshold is crossed
+- |democheck| submit AML form with a short expiration (minutes) and a fallback of "investigate again"
+- |democheck| check new rules are applied until expiration
+- |democheck| check account is automatically listed again for investigation after expiration time is reached
+- |democheck| view historic AML decisions in history, view submitted KYC data
+
+
+Sanction lists
+--------------
+
+- |democheck| ensure account with KYC data exists in the system
+- |democheck| manually write santion list with user that clearly does not match
+- |democheck| import sanction list, check nothing is done
+- |democheck| edit sanction list to match the existing account a bit
+- |democheck| import sanction list, check account is flagged for investigation by AML staff but remains operational
+- |democheck| clear the investigation flag
+- |democheck| edit sanction list to match the existing account perfectly
+- |democheck| import sanction list, check account is flagged for investigation by AML staff and also frozen (all limits 0, not exposed)
+- |democheck| manually clear user and unfreeze account in AML SPA (setting "SANCTION-OVERRIDE: $DATE" property)
+- |democheck| re-import sanction list with yet another user and cleared user
+- |democheck| check manually cleared user is not re-frozen (due to "SANCTION-OVERRIDE" property with date in the future)
+- |democheck| add user matching new entry in sanction list
+- |democheck| check new user is auto-frozen and flagged for investigation
+
+
+Shutdown
+--------
+
+- |democheck| create two full wallets, fill one only via (a large) P2P transfer
+- |democheck| revoke highest-value denomination
+- |democheck| spend money in a wallet such that the balance falls below highest denomination value
+- |democheck| revoke all remaining denominations
+- |democheck| fail to spend any more money
+- |democheck| if wallet was filled via p2p payments, wallet asks for target deposit account (exchange going out of business)
+- |democheck| enter bank account (if possible)
+- |democheck| wallet balance goes to zero
+- |democheck| specified bank account receives remaining balance
diff --git a/checklists/checklist-wallet.rst b/checklists/frags/checklist-wallet.rst