checklist-common.rst (9216B)
1 Merchant SPA 2 ------------ 3 4 - |democheck| test SPA loads 5 - |democheck| check SPA language switcher 6 - |democheck| try to login with wrong password 7 - |democheck| try to login with correct password 8 - |democheck| create instance, check default is set to cover (STEFAN) fees 9 - |democheck| modify instance 10 - |democheck| add bank account 11 - |democheck| (if KYC is on) check KYC AUTH request notification is requested 12 - |democheck| edit bank account 13 - |democheck| (if KYC is on) check KYC AUTH request notification is requested 14 - |democheck| (if KYC is on) perform KYC AUTH wire transfer 15 - |democheck| (if KYC is on) check KYC AUTH request notification is cleared 16 - |democheck| remove bank account 17 - |democheck| check order creation fails without bank account 18 - |democheck| add bank account again 19 - |democheck| (if KYC is on) check KYC AUTH request notification remains off 20 - |democheck| add inventory category 21 - |democheck| add 2nd inventory category 22 - |democheck| edit inventory category 23 - |democheck| add product with 1 in stock and preview image and two categories 24 - |democheck| edit inventory product 25 - |democheck| add 2nd inventory product 26 - |democheck| delete 2nd inventory product 27 - |democheck| add "advanced" order with inventory product and a 2 minute wire delay 28 - |democheck| claim order, check available stock goes down in inventory 29 - |democheck| create 2nd order, check this fails due to missing inventory 30 - |democheck| pay for 1st order with wallet 31 - |democheck| check transaction history for preview image 32 - |democheck| trigger partial refund 33 - |democheck| accept refund with wallet 34 - |democheck| create template with fixed summary, default editable price 35 - |democheck| scan template QR code, edit price and pay 36 - |democheck| add TOTP device (using some TOTP app to share secret with) 37 - |democheck| edit TOTP device (using some TOTP app to share secret with) 38 - |democheck| edit template to add TOTP device, set price to fixed, summary to be entered 39 - |democheck| scan template QR code, edit summary and pay 40 - |democheck| check displayed TOTP code matches TOTP app 41 - |democheck| delete TOTP device 42 - |democheck| delete template device 43 - |democheck| do manual wire transfer in bank to establish reserve funding 44 - |democheck| check that partially refunded order is marked as awaiting wire transfer 45 - |democheck| check bank wired funds to merchant (if needed, wait) 46 - |democheck| add bank wire transfer manually to backend 47 - |democheck| change settings for merchant to not pay for (STEFAN) fees 48 - |democheck| create and pay for another order with 1 minute wire transfer delay 49 - |democheck| edit bank account details, adding revenue facade with credentials 50 - |democheck| wait and check if wire transfer is automatically imported 51 - |democheck| check that orders are marked as completed 52 53 54 Android Merchant PoS 55 -------------------- 56 57 * |democheck| Configure using instance with configured inventory 58 * |democheck| Check categories and products show (with images!) 59 * |democheck| Add product to order 60 * |democheck| Add product again to order (+) 61 * |democheck| Remove product from order (-) 62 * |democheck| Request payment 63 * |democheck| Abort payment, check order can still be edited 64 * |democheck| Request and make payment, check payment confirmed 65 * |democheck| Create another order, delete/abort it without paying 66 67 Auditor 68 ------- 69 70 - |democheck| Check auditor SPA is access controlled 71 - |democheck| Check /config endpoint (and implied POST /deposit-confirmation are public) 72 - |democheck| Check exchange /keys reports auditor's existence 73 - |democheck| Check auditor imports exchange transaction data (non-zero progress points) 74 - |democheck| Check auditor SPA reports no failures from previous transactions 75 - |democheck| Check auditor SPA bank balance matches exchange bank balance 76 77 78 Exchange KYC Triggers 79 --------------------- 80 81 Each of these checks should be done with a fresh account, merchant instance 82 or wallet (if they previously ran into a KYC check already). Specific amounts 83 depend on the configured trigger thresholds. 84 85 - |democheck| withdraw: withdraw large amount, make sure it is forbidden or runs into KYC check (shown by wallet) 86 - |democheck| aggregation: pay large order, make sure it runs into aggregate KYC check (shown by merchant SPA) 87 - |democheck| deposit large amount into other account with wallet, make sure it runs into KYC AUTH + KYC check (shown by wallet) 88 - |democheck| balance: withdraw large amounts from multiple accounts, make sure it is forbidden or runs into KYC check (shown by wallet) 89 - |democheck| P2P receive large amount: make sure it runs into KYC check (shown by wallet) 90 - |democheck| P2P invoice large amount: make sure it runs into KYC check (shown by wallet) 91 - |democheck| Onboarding check (KYC AUTH, ToS-acceptance) triggered for new merchant accounts 92 93 94 Exchange KYC SPA 95 ---------------- 96 97 Consult the specific deployment's KYC configuration to see which KYC processes 98 are used. 99 100 - |democheck| check SPA language switcher 101 - |democheck| check INFO page(s) where KYC status is shown 102 - |democheck| check LINK page(s) with link to external KYC process (e.g. challenger) 103 - |democheck| (if possible) check challenger SPA language switcher 104 - |democheck| (if possible) check KYC SPA main page with multiple choices (AND/OR combinators) 105 - |democheck| perform LINKed external process, check data imported correctly 106 - |democheck| check FORM pages for each possible KYC form of the deployment 107 - |democheck| submit FORM pages with valid but also obviously invalid data (if applicable) 108 - |democheck| check main page updated to next stage correctly after each possible FORM 109 - |democheck| check SMS generation (and restriction to CH-only) by SMS challenger (telesign!), production-only (not for demo) 110 - |democheck| check Postal mail generation (incl. address conversion to proper format) by Postal challenger (pingen!), production-only (not for demo) 111 112 113 Exchange AML SPA 114 ---------------- 115 116 - |democheck| check SPA language switcher 117 - |democheck| load, enable account using taler-exchange-offline 118 - |democheck| log out 119 - |democheck| check log in fails from different browser with same password 120 - |democheck| check log in fails from original browser with incorrect password 121 - |democheck| check log in succeeds with correct password 122 - |democheck| enter data in each available AML form 123 - |democheck| check data of AML form shows properly in account history 124 - |democheck| submit AML form and trigger event (explicitly or by setting account property) 125 - |democheck| check event statistics are properly updated and shown on main page 126 - |democheck| submit AML form and change account thresholds for some operation with VERBOTEN 127 - |democheck| check new threshold is now enforced by the exchange (VERBOTEN) 128 - |democheck| submit AML form and change account threshold for some operation to trigger KYC check 129 - |democheck| check new threshold is now enforced by exchange and KYC check is triggered 130 - |democheck| submit AML form and change account threshold for some operation to trigger AML investigation (and clear investigation flag) 131 - |democheck| check new threshold marks account again for investigation after threshold is crossed 132 - |democheck| submit AML form with a short expiration (minutes) and a fallback of "investigate again" 133 - |democheck| check new rules are applied until expiration 134 - |democheck| check account is automatically listed again for investigation after expiration time is reached 135 - |democheck| view historic AML decisions in history, view submitted KYC data 136 137 138 Sanction lists 139 -------------- 140 141 - |democheck| ensure account with KYC data exists in the system 142 - |democheck| manually write santion list with user that clearly does not match 143 - |democheck| import sanction list, check nothing is done 144 - |democheck| edit sanction list to match the existing account a bit 145 - |democheck| import sanction list, check account is flagged for investigation by AML staff but remains operational 146 - |democheck| clear the investigation flag 147 - |democheck| edit sanction list to match the existing account perfectly 148 - |democheck| import sanction list, check account is flagged for investigation by AML staff and also frozen (all limits 0, not exposed) 149 - |democheck| manually clear user and unfreeze account in AML SPA (setting "SANCTION-OVERRIDE: $DATE" property) 150 - |democheck| re-import sanction list with yet another user and cleared user 151 - |democheck| check manually cleared user is not re-frozen (due to "SANCTION-OVERRIDE" property with date in the future) 152 - |democheck| add user matching new entry in sanction list 153 - |democheck| check new user is auto-frozen and flagged for investigation 154 155 156 Shutdown 157 -------- 158 159 - |democheck| create two full wallets, fill one only via (a large) P2P transfer 160 - |democheck| revoke highest-value denomination 161 - |democheck| spend money in a wallet such that the balance falls below highest denomination value 162 - |democheck| revoke all remaining denominations 163 - |democheck| fail to spend any more money 164 - |democheck| if wallet was filled via p2p payments, wallet asks for target deposit account (exchange going out of business) 165 - |democheck| enter bank account (if possible) 166 - |democheck| wallet balance goes to zero 167 - |democheck| specified bank account receives remaining balance