commit e8b3c86ea17d083034570037b4dceab45347b8f8
parent ec08afe0ec83ad003505953f65fc911be3e31843
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 1 Jan 2025 07:38:22 +0100
update checklist and write QA plan for 1.0
Diffstat:
3 files changed, 245 insertions(+), 25 deletions(-)
diff --git a/checklists/checklist-demo-upgrade.rst b/checklists/checklist-demo-upgrade.rst
@@ -30,10 +30,10 @@ We consider the following published wallets to be "production wallets":
* Browser: Firefox Add-On Store
* Browser: Chrome Web Store
-* Android: Google Play
-* Android: F-Droid
+* Android: Google Play / F-Droid / APK
* iOS: Apple Store / Testflight
+
Basics
^^^^^^
@@ -41,6 +41,12 @@ Basics
- |democheck| landing language switcher
- |democheck| Visit the wallet installation page, install the wallet
- |democheck| see if the wallet presence indicator is updated correctly (in browsers).
+- |democheck| Visit https://exchange.demo.taler.net/terms to check ToS works
+
+
+libeufin
+^^^^^^^^
+
- |democheck| Visit https://bank.demo.taler.net/, register a new user
- |democheck| bank language switcher
- |democheck| bank logout
@@ -49,26 +55,22 @@ Basics
- |democheck| transaction history: delete pending withdraw
- |democheck| do bank-integrated withdraw process (5 KUDOS)
- |democheck| do wallet-initiated withdraw process (5 KUDOS)
-- |democheck| withdraw process of large amount (20 KUDOS) runs into KYC check
-- |democheck| fail KYC check (if possible for the given setup)
-- |democheck| pass KYC check (tests that 2nd attempt is possible)
-- |democheck| withdraw process of very large amount (50 KUDOS) runs into AML check
-- |democheck| visit exchange SPA, create AML officer key
-- |democheck| register AML officer key with offline tool (if possible)
-- |democheck| allow withdraw process blocked on AML to proceed (if possible)
-
-
-Exchange AML SPA
-^^^^^^^^^^^^^^^^
+- |democheck| check transaction history
+- |democheck| change credentials (password)
+- |democheck| (conversion-only) test cash-in
+- |democheck| (conversion-only) test cash-out
+- |democheck| (conversion-only) test cash-out limit enforced
+- |democheck| (if configured) 2FA for withdrawals
+- |democheck| (if configured) 2FA for cash-out
+- |democheck| (MB-only) manually import transactions from bank account
+- |democheck| (MB-only) manually export transactions to bank account
+
+
+Android Cashier App
+^^^^^^^^^^^^^^^^^^^
-- |democheck| enter non-trivial form, change status to frozen
-- |democheck| check account status in history is now frozen and shows in that category
-- |democheck| enter another form, change status to normal, increase AML threshold
-- |democheck| view forms in history, view previously submitted form
-- |democheck| check account status in history is now normal and shows in that category
-- |democheck| log out
-- |democheck| check log in succeeds with correct password
-- |democheck| check log in fails from different browser with same password
+- |democheck| Configure cashier app with libeufin account
+- |democheck| Withdraw cash using cashier app
Blog demo
@@ -79,8 +81,7 @@ Blog demo
- |democheck| payment for blog article
- |democheck| Verify that the balance in the wallet was updated correctly.
- |democheck| Go back to https://shop.demo.taler.net/ and click on the same article
- link. Verify that the article is shown and **no** repeated payment is
- requested.
+ link. Verify that the article is shown and **no** repeated payment is requested.
- |democheck| Open the fulfillment page from the previous step in an anonymous browsing session
(without the wallet installed) and verify that it requests a payment again.
- |democheck| Delete cookies on https://shop.demo.taler.net/ and click on the same article again.
@@ -113,16 +114,28 @@ Merchant SPA
^^^^^^^^^^^^
- |democheck| test SPA loads
+- |democheck| check SPA language switcher
- |democheck| try to login with wrong password
- |democheck| try to login with correct password
- |democheck| create instance, check default is set to cover (STEFAN) fees
- |democheck| modify instance
- |democheck| add bank account
+- |democheck| (if KYC is on) check KYC AUTH request notification is requested
- |democheck| edit bank account
+- |democheck| (if KYC is on) check KYC AUTH request notification is requested
+- |democheck| (if KYC is on) perform KYC AUTH wire transfer
+- |democheck| (if KYC is on) check KYC AUTH request notification is cleared
- |democheck| remove bank account
- |democheck| check order creation fails without bank account
- |democheck| add bank account again
-- |democheck| add product with 1 in stock and preview image
+- |democheck| (if KYC is on) check KYC AUTH request notification remains off
+- |democheck| add inventory category
+- |democheck| add 2nd inventory category
+- |democheck| edit inventory category
+- |democheck| add product with 1 in stock and preview image and two categories
+- |democheck| edit inventory product
+- |democheck| add 2nd inventory product
+- |democheck| delete 2nd inventory product
- |democheck| add "advanced" order with inventory product and a 2 minute wire delay
- |democheck| claim order, check available stock goes down in inventory
- |democheck| create 2nd order, check this fails due to missing inventory
@@ -133,9 +146,12 @@ Merchant SPA
- |democheck| create template with fixed summary, default editable price
- |democheck| scan template QR code, edit price and pay
- |democheck| add TOTP device (using some TOTP app to share secret with)
+- |democheck| edit TOTP device (using some TOTP app to share secret with)
- |democheck| edit template to add TOTP device, set price to fixed, summary to be entered
- |democheck| scan template QR code, edit summary and pay
- |democheck| check displayed TOTP code matches TOTP app
+- |democheck| delete TOTP device
+- |democheck| delete template device
- |democheck| do manual wire transfer in bank to establish reserve funding
- |democheck| check that partially refunded order is marked as awaiting wire transfer
- |democheck| check bank wired funds to merchant (if needed, wait)
@@ -147,6 +163,20 @@ Merchant SPA
- |democheck| check that orders are marked as completed
+Android Merchant PoS
+^^^^^^^^^^^^^^^^^^^^
+
+* |democheck| Configure using instance with configured inventory
+* |democheck| Check categories and products show (with images!)
+* |democheck| Add product to order
+* |democheck| Add product again to order (+)
+* |democheck| Remove product from order (-)
+* |democheck| Request payment
+* |democheck| Abort payment, check order can still be edited
+* |democheck| Request and make payment, check payment confirmed
+* |democheck| Create another order, delete/abort it without paying
+
+
P2P payments
^^^^^^^^^^^^
@@ -159,6 +189,92 @@ P2P payments
- |democheck| delete history entry
+Wallet exchange management
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- |democheck| Try to explicitly reload exchange keys (still needed?)
+- |democheck| Have wallet show ToS of an exchange
+- |democheck| Have wallet show PP of an exchange
+- |democheck| Remove exchange with remaining balance
+- |democheck| Check remaining balance is deposited into origin account
+
+
+Exchange KYC Triggers
+^^^^^^^^^^^^^^^^^^^^^
+
+Each of these checks should be done with a fresh account, merchant instance
+or wallet (if they previously ran into a KYC check already). Specific amounts
+depend on the configured trigger thresholds.
+
+- |democheck| withdraw: withdraw large amount, make sure it is forbidden or runs into KYC check (shown by wallet)
+- |democheck| aggregation: pay large order, make sure it runs into aggregate KYC check (shown by merchant SPA)
+- |democheck| deposit large amount into other account with wallet, make sure it runs into KYC AUTH + KYC check (shown by wallet)
+- |democheck| balance: withdraw large amounts from multiple accounts, make sure it is forbidden or runs into KYC check (shown by wallet)
+- |democheck| P2P receive large amount: make sure it runs into KYC check (shown by wallet)
+- |democheck| P2P invoice large amount: make sure it runs into KYC check (shown by wallet)
+- |democheck| Onboarding check (KYC AUTH, ToS-acceptance) triggered for new merchant accounts
+
+
+Exchange KYC SPA
+^^^^^^^^^^^^^^^^
+
+Consult the specific deployment's KYC configuration to see which KYC processes
+are used.
+
+- |democheck| check SPA language switcher
+- |democheck| check INFO page(s) where KYC status is shown
+- |democheck| check LINK page(s) with link to external KYC process (e.g. challenger)
+- |democheck| (if possible) check challenger SPA language switcher
+- |democheck| (if possible) check KYC SPA main page with multiple choices (AND/OR combinators)
+- |democheck| perform LINKed external process, check data imported correctly
+- |democheck| check FORM pages for each possible KYC form of the deployment
+- |democheck| submit FORM pages with valid but also obviously invalid data (if applicable)
+- |democheck| check main page updated to next stage correctly after each possible FORM
+
+
+Exchange AML SPA
+^^^^^^^^^^^^^^^^
+
+- |democheck| check SPA language switcher
+- |democheck| load, enable account using taler-exchange-offline
+- |democheck| log out
+- |democheck| check log in fails from different browser with same password
+- |democheck| check log in fails from original browser with incorrect password
+- |democheck| check log in succeeds with correct password
+- |democheck| enter data in each available AML form
+- |democheck| check data of AML form shows properly in account history
+- |democheck| submit AML form and trigger event (explicitly or by setting account property)
+- |democheck| check event statistics are properly updated and shown on main page
+- |democheck| submit AML form and change account thresholds for some operation with VERBOTEN
+- |democheck| check new threshold is now enforced by the exchange (VERBOTEN)
+- |democheck| submit AML form and change account threshold for some operation to trigger KYC check
+- |democheck| check new threshold is now enforced by exchange and KYC check is triggered
+- |democheck| submit AML form and change account threshold for some operation to trigger AML investigation (and clear investigation flag)
+- |democheck| check new threshold marks account again for investigation after threshold is crossed
+- |democheck| submit AML form with a short expiration (minutes) and a fallback of "investigate again"
+- |democheck| check new rules are applied until expiration
+- |democheck| check account is automatically listed again for investigation after expiration time is reached
+- |democheck| view historic AML decisions in history, view submitted KYC data
+
+
+Sanction lists
+^^^^^^^^^^^^^^
+
+- |democheck| ensure account with KYC data exists in the system
+- |democheck| manually write santion list with user that clearly does not match
+- |democheck| import sanction list, check nothing is done
+- |democheck| edit sanction list to match the existing account a bit
+- |democheck| import sanction list, check account is flagged for investigation by AML staff but remains operational
+- |democheck| clear the investigation flag
+- |democheck| edit sanction list to match the existing account perfectly
+- |democheck| import sanction list, check account is flagged for investigation by AML staff and also frozen (all limits 0, not exposed)
+- |democheck| manually clear user and unfreeze account in AML SPA (setting "SANCTION-OVERRIDE: $DATE" property)
+- |democheck| re-import sanction list with yet another user and cleared user
+- |democheck| check manually cleared user is not re-frozen (due to "SANCTION-OVERRIDE" property with date in the future)
+- |democheck| add user matching new entry in sanction list
+- |democheck| check new user is auto-frozen and flagged for investigation
+
+
Shutdown
^^^^^^^^
diff --git a/checklists/qa-1.0.rst b/checklists/qa-1.0.rst
@@ -0,0 +1,104 @@
+Taler 1.0 QA Plan
+-----------------
+
+Wallet Platforms
+^^^^^^^^^^^^^^^^
+
+Platforms listed here are the officially supported platforms for this release.
+
+* Overview / Installation Page
+
+ * https://taler.net/en/wallet.html aka https://wallet.taler.net/
+
+* Android
+
+ * Google Play: https://play.google.com/store/apps/details?id=net.taler.wallet
+ * F-Droid: https://f-droid.org/en/packages/net.taler.wallet.fdroid/
+ * APK Download: https://taler.net/files/wallet/wallet-latest.apk (does not yet exist!)
+
+* Browser
+
+ * Chrome: https://chromewebstore.google.com/detail/gnu-taler-wallet/millncjiddlpgdmkklmhfadpacifaonc
+ * Firefox: https://addons.mozilla.org/en-US/firefox/addon/taler-wallet/
+
+* iOS
+
+
+Running Deployments
+^^^^^^^^^^^^^^^^^^^
+
+These deployments should work for the release:
+
+* Sandcastle-based:
+
+ * demo.taler.net
+ * test.taler.net
+ * head.taler.net
+
+* Regio-based:
+
+ * regio-taler.fdold.eu
+ * exchange.e.netzbon-basel.ch (requires external help!)
+ * Klima-Taler (requires external help!)
+
+* Custom:
+
+ * exchange.chf.taler.net (BFH)!
+
+* Ansible-based:
+
+ * exchange.taler-ops.ch
+
+
+Check UX Flows
+^^^^^^^^^^^^^^
+
+See the :doc:`demo upgrade checklist <checklists/checklist-demo-upgrade>`.
+
+
+Regio Deployment
+^^^^^^^^^^^^^^^^
+
+* Deployment Automation (deployment.git/regional-currency)
+
+ * Test with Debian bookworm
+ * Test with Ubuntu noble
+ * Check logs for errors
+ * Test with telesign (SMS)
+ * Set up EBICS integration
+ * Check that ToS is configured
+
+* Deployment Functionality
+
+ * All flows of the wallet should work (see ``Wallet Flows`` above)
+ * All flows of libeufin-bank should work (see ``libeufin-bank Flows`` above)
+ * Merchant backend should work (see ``Merchant Backend SPA Flows`` above)
+ * Check logs
+
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+* https://buildbot.taler.net/#/waterfall
+* CI should pass
+
+
+Debian Repository
+^^^^^^^^^^^^^^^^^
+
+* Debian
+
+ * repo at https://deb.taler.net/apt/debian/
+ * supported codename(s): bookworm
+
+* Ubuntu:
+
+ * repo at https://deb.taler.net/apt/ubuntu/
+ * supported codename(s): noble
+
+
+GNU Release
+^^^^^^^^^^^
+
+* Release announcement
+* FTP upload
diff --git a/taler-developer-manual.rst b/taler-developer-manual.rst
@@ -603,7 +603,7 @@ outside of this versioning. All tables of a GNU Taler component should live in
QA Plans
========
-.. include:: checklists/qa-0.10.rst
+.. include:: checklists/qa-1.0.rst
Releases
