QA/Multi-Factor Authentication for Firefox Accounts

From MozillaWiki
< QA
Jump to: navigation, search

Overview

Purpose

The purpose of this wiki is to serve as a general test plan for verifying that Firefox Accounts support Multi-Factor Authentication

Ownership

Developer contact: [vbudhram]

QA: [sorina]

Overall Status

[LANDED for MOZILLA users]

Testing Summary

Scope of testing

The testing will be focus on

  • verifying that users can enroll a TOTP device or app
  • verifying that backup codes are available to store in case one MFA device is lost
  • verifying that after sign-in and a TOTP enrollment active will be prompted to enter a TOTP code to complete the login flow

Environments

Testing will be performed on following:

  • Android
  • Windows 10
  • iOS

Specifications

  • The MFA settings are visible to users who specify a feature-flag in the URL
  • Each backup code can only be used once
  • Users with a TOTP enrollment cannot use an email confirmation loop to bypass entering the TOTP code
  • Users can visit the MFA settings page to remove an existing TOTP enrollment, but only if their login session is MFA-verified

User stories

  • As a user, I want to enroll a TOTP device or app
  • As a user, I want to receive an email when TOTP enabled
  • As a user, I want to receive an email when TOTP disabled
  • As a user, I want to receive an email when new device sign-in with TOTP
  • As a user, I want to receive an email when new recovery codes generated
  • As a user, I want to receive an email when recovery code was used for login
  • As a user, I want to receive an email informing about low recovery code
  • As a user, I want to download, copy, print recovery codes
  • As a user, I want to disable TOTP

Testing details

Test Cases

Testing days

Date:2018-03-12

  • Created Test Plan

Date:2018-03-14

Date:2018-04-16

  • Exploratory testing with Android and Windows 10
  • New Issues:
    • Verification email not received when log in with an account with TOTP enabled #6070
    • Recovery codes.txt name #6071
    • TOTP: Replace messages for download, copy, generate new recovery codes, 2FA enabled with snack-bar #6072
    • TOTP: Wrong email name when disabling 2FA #6073


Date:2018-04-20

  • Exploratory testing on Train 110
    • New issue: #6095 - Update Enter recovery code field

Date:2018-05-04

  • Ran Test cases suite and exploratory testing on stage server - Train 111
  • Verified:
    • #6100 fix(css): Update recovery code placeholder text, and recovery code css size
    • #6095 Update Enter recovery code field
    • #6073 TOTP: Wrong email name when disabling 2FA
    • #6056 TOTP: Can't disable 2FA if I used a recovery code to sign in

Date:2018-05-17

Bug Work

Signoff

Criteria

  • All test cases should be executed
  • All blockers, criticals must be fixed and verified or have an agreed-upon timeline for being fixed

Results