Closed saberistic closed 2 years ago
@amirsaber Could you add some testcases to the issue so we have a better understanding what need to be tested?
@btlechowski not sure what would be the appropriate template here. We want to make sure clients are keeping their payment tokens and redeem them with service successfully even after public keys in catalog got rotated.
so I assume the test case will be like having a profile that is ready to redeem payment tokens, then we rotate tokens from backend side and observe client behavior after. Should 1- redeem previously signed payment tokens just fine and 2- gets new key payment tokens with a new confirmation.
I propose that the test plan is split into 3 parts:
Before rotation
- QA will prepare the profiles Rotation
- @amirsaber will rotate the payment tokensAfter rotation
- QA will verify that the payment tokens were redeemed.RedeemUnblindedPaymentTokens
in the logs) - move clock forward if needed
Expected result: redemption is successful; OnGetPayments
returns increased transactionCount
and balance
RedeemUnblindedPaymentTokens
in the logs) - move clock forward if needed
Expected result: redemption is successful; OnGetPayments
returns increased transactionCount
and balance
RedeemUnblindedPaymentTokens
in the logs) - move clock forward if needed
Expected result: redemption is successful; OnGetPayments
returns increased transactionCount
and balance
OnGetPayments
returns the same transactionCount
and balance
RedeemUnblindedPaymentTokens
in the logs) - move clock forward if needed
Expected result: redemption is successful; OnGetPayments
returns increased transactionCount
and balance
Verification passed on
Brave | 1.29.77 Chromium: 93.0.4577.63 (Official Build) (64-bit)
-- | --
Revision | ff5c0da2ec0adeaed5550e6c7e98417dac77d98a-refs/branch-heads/4577@{#1135}
OS | Windows 10 OS Version 2009 (Build 19043.1165)
Test Failed:
Brave 1.29.77 Chromium: 93.0.4577.63 (Official Build) (x86_64)
Revision ff5c0da2ec0adeaed5550e6c7e98417dac77d98a-refs/branch-heads/4577@{#1135}
OS macOS Version 10.15.7 (Build 19H1323)
Note, in the After Rotation
test, the first RedeemUnblindedPaymentTokens
was successful and it used old issuers keys as expected, but OnGetPayments
was incorrect:
[44293:775:0907/085925.330125:VERBOSE1:ad_rewards.cc(241)] OnGetPayments
[44293:775:0907/085925.330243:VERBOSE6:ad_rewards.cc(243)] URL Response:
URL: https://ads-serve.bravesoftware.com/v1/confirmation/payment/ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e
Response Status Code: 200
Response: [{"month":"2021-09","transactionCount":"0","balance":"0"}]
The "transactionCount" should be "2" in the above and the "balance" should be "0.31".
Then, after viewing a new ad, the second RedeemUnblindedPaymentTokens
was successful and it used new issuers as expected. OnGetPayments
was better, but still not correct:
[44293:775:0907/091258.481799:VERBOSE1:ad_rewards.cc(241)] OnGetPayments
[44293:775:0907/091258.481898:VERBOSE6:ad_rewards.cc(243)] URL Response:
URL: https://ads-serve.bravesoftware.com/v1/confirmation/payment/ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e
Response Status Code: 200
Response: [{"month":"2021-09","transactionCount":"1","balance":"0.01"}]
You can see in the above I have values for "transactionCount" and "balance", but "transactionCount" should be 3 and "balance" should be "0.32".
Tokens are redeemed, but transactionCount and balance are not correct, so the test fails.
Looking up aurora following payments are recorded for the wallet
ads=> select * from payment where "paymentId" = 'ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e';
-[ RECORD 1 ]+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
id | a085c9db-ce1e-5356-9711-72c68f597717
paymentId | ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e
credential | {"publicKey": "GNJKVR2NuU0qPp6fZzH6of60JPoGkzuYMXQ5RLbo7TU=", "credential": {"t": "BFTov6F0HMddGpM+N0l9hBX5Xc9HeS/+F8+AiuH+KYC/qPDVhNvrQDs0vzJW+QXLRt7uARtrfHcHzW9TZxGGOQ==", "payload": "{\"paymentId\":\"ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e\"}", "signature": "UF7fzb8xgGnMy+CjUuMSJG3n87yh6dii+QBvPNYrRrnHX4wqcm0u5kYvG9BI12MR8uDaGxxnl3R4uzDHORmnKA=="}}
state | pending
comment |
modifiedAt | 2021-09-07 13:12:58.010612
createdAt | 2021-09-07 13:12:58.010612
os | macos
country | US
platform |
buildChannel |
tags | {"CV": "93.0.4577.63", "via": 100, "vpn": 0, "fraud": [], "datacenter": 0, "rate-limited": 0}
flagged |
cohort |
-[ RECORD 2 ]+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
id | f43978e2-77fa-569e-8565-bbec5c0bbd86
paymentId | ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e
credential | {"publicKey": "lLO5tErGoTK0askrALab6pKGAnBHqELSyw/evqZRwH8=", "credential": {"t": "E9j63C4jCNi0sJ3kDbSNrVB4txB9lGZpRFARcvcL9XSXJ06iKp7DUiZgqlvYqy81JBDTruxVvMU2hVfc+WVaLg==", "payload": "{\"paymentId\":\"ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e\"}", "signature": "EbsF4Wu0t0qjVAPUesy4TUOR/cpE9+IYV7IDBRuJTQgns33/JH+1q9/DFAdQLEBDxIZx5iMTfdLzDIZFg5ImSQ=="}}
state | pending
comment |
modifiedAt | 2021-09-07 12:59:24.551206
createdAt | 2021-09-07 12:59:24.551206
os | macos
country | US
platform |
buildChannel |
tags | {"CV": "93.0.4577.63", "via": 100, "vpn": 0, "fraud": [], "datacenter": 0, "rate-limited": 0}
flagged |
cohort |
-[ RECORD 3 ]+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
id | cac4a87b-848a-577f-97f8-988393f65d47
paymentId | ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e
credential | {"publicKey": "6DBiZUS47m8eb5ohI2MiRaERLzS4DQgMp4nxPLKAenA=", "credential": {"t": "zPtnTJYMFSjKD6x8lbwNysE+Ujdjpo3mni8xmg7QHV7Q1c+IpwgydZyW64o5qhNBZWuO7J6v4TGMCgiB1Cz1RQ==", "payload": "{\"paymentId\":\"ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e\"}", "signature": "vhtwxYyR59Fkae90M0xrG+DULuJsLLt0S7VZooqGrHNjfP9sHWrjtjzv0eMGuwpGyq/1T4XJjWLgz6HloIOBQg=="}}
state | pending
comment |
modifiedAt | 2021-09-07 12:59:24.546662
createdAt | 2021-09-07 12:59:24.546662
os | macos
country | US
platform |
buildChannel |
tags | {"CV": "93.0.4577.63", "via": 100, "vpn": 0, "fraud": [], "datacenter": 0, "rate-limited": 0}
flagged |
cohort |
-[ RECORD 4 ]+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
id | c6f1f2a8-bee6-53f9-8339-8cfe2a6cb172
paymentId | ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e
credential | {"publicKey": "lLO5tErGoTK0askrALab6pKGAnBHqELSyw/evqZRwH8=", "credential": {"t": "IUP8dRhlx4yRJdSBHJ5qdsfrETw9KitBIIYzYPXpqkpvSx+jd9tcmuPRMbbJrBjrLhMJpLHiZI/Gy+4bJFsuHA==", "payload": "{\"paymentId\":\"ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e\"}", "signature": "vmcIdMO+6cPHmWiYfovqFdhOBTigbtEL8Pz6RdEsg8vSdkj6yZBm4penJ4MXVsDbGBeBCBal4ZIZmT20lfg4tw=="}}
state | pending
comment |
modifiedAt | 2021-09-07 12:59:24.541918
createdAt | 2021-09-07 12:59:24.541918
os | macos
country | US
platform |
buildChannel |
tags | {"CV": "93.0.4577.63", "via": 100, "vpn": 0, "fraud": [], "datacenter": 0, "rate-limited": 0}
flagged |
cohort |
-[ RECORD 5 ]+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
id | f336db9c-a54c-5231-8d31-d7368bfb97cd
paymentId | ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e
credential | {"publicKey": "JiwFR2EU/Adf1lgox+xqOVPuc6a/rxdy/LguFG5eaXg=", "credential": {"t": "d1lUlqtWSAQUbgOCIpK3mhW/aEnwzkGtQFjRnM+QwpMlxUb6cOX/rREXnve2PYlQF1hHaTPO9QcUsyMz5+LUuQ==", "payload": "{\"paymentId\":\"ffd9a2ca-2fad-4044-bd0f-d0440cce5e9e\"}", "signature": "WdmLOlHjn+S+l6/INlMoodnWPG0Th5Ad4AwEoVAnSxxYgGIwe0kcnZuCet/dt+1QrOAaKgtahbxqSZK9MaA0rw=="}}
state | pending
comment |
modifiedAt | 2021-09-07 12:59:24.53448
createdAt | 2021-09-07 12:59:24.53448
os | macos
country | US
platform |
buildChannel |
tags | {"CV": "93.0.4577.63", "via": 100, "vpn": 0, "fraud": [], "datacenter": 0, "rate-limited": 0}
flagged |
cohort |
Looking into above, I wonder why value is missing from credentials column, might be out of date deploy in staging. I also identified an issue on server side that created a PR for here https://github.com/brave/ads-serve/pull/1695
Verification passed on
Brave | 1.29.81 Chromium: 93.0.4577.82 (Official Build) (64-bit) |
---|---|
Revision | e3a25d9b9e2d0b728e045ec87c0aa4942aa46e4e-refs/branch-heads/4577@{#1237} |
OS | Ubuntu 18.04 LTS |
Verified test plan from https://github.com/brave/qa-resources/issues/362#issuecomment-909533582
Thanks @btlechowski
@amirsaber @btlechowski should this be closed? or is this remaining open until this is done in production as well?
The rotation is planned for the end of October.
The rotation was successful on production
Verification passed on
Brave | 1.31.88 Chromium: 95.0.4638.69 (Official Build) (64-bit) |
---|---|
Revision | d31a821ec901f68d0d34ccdbaea45b4c86ce543e-refs/branch-heads/4638@{#871} |
OS | Ubuntu 18.04 LTS |
Verified test plan from https://github.com/brave/qa-resources/issues/362#issuecomment-909533582
thanks for good summary @btlechowski 👍🏻
Release Date/Target:
Hopefully before end of August so the actual rotation on production can happen on 1st of September
Summary:
Currently we rotate confirmation tokens every month, we want to expand that functionality to payment tokens.
Related GH issues/Documentation:
Server changes has been reveiwed and merged previously. It requires an update query to be run on the database to rotate the keys and check client behavior.