Stress testing - Jun

[andlrutt]

Description

TEST THIS MAMA JAMA!!! Try to break it in every way conceivable. You should spend 1 HOUR DOING THIS! Literally set a timer. If you can't find anything, look harder!

Don't test on localhost, instead navigate to cm.utkh4i.com and do your testing there. Do the testing on your phone, since this is currently our best supported device

Technical Details

Some things to consider (non-exhaustive!): What happens if...

• I don't put a value in a field?
• I put a bad value in a field? (ex. start time before finish time)
• I try to insert a duplicate value?

Walk through EVERY workflow, start to finish, with every enumeration for inputs/sequences. Make a new volunteer, make a new event, make a new org, etc. Start a workflow, stop, come back to it later. Including (but not limited to)

• Auth
• events
• organizations (ex. making a new one on checkin, making a new one on checkin while doing a multi-checkin, selecting one on multi-checkin, typing the name of an existing org but not selecting it, etc. This gives you an idea of how exhaustive to be)
• volunteers
• role verifications
• background checks

TRY TO BREAK IT!

ADDITIONALLY:

• Look for visual changes / missing functionality. Something you think looks off? Something that should be changed? Did we miss any functionality? (disregard the coloring -- Andrew will grab the theme on this one)

EXPECTED OUTPUT:

• 1 hour of testing -- can't decrease this time by being a fast dev!
• List of bugs / changes / improvements attached to this story in the comments. Be descriptive with steps to reproduce. For anything visual, include screenshots. Zavier and I will be compiling these and making sure everything is addressed

[djwoun]

When clicking on the run background check, it has a text telling you it will cost 15$. Since the price could change year by year. we should consider having a more general statement.

[djwoun]

Where's my favicon at?

[djwoun]

Not sure where error originates, existed when I opened the page.

[djwoun]

Not sure where error originates, existed when I opened the page.

[djwoun]

When creating a new event, The start at and end at dates are slightly awkward with the dashes. We should consider deleting one or the other

[djwoun]

With my current account authorization, I can create an event but not edit events. I think the two could be considered a set piece?

[djwoun]

We are able to create an event without what roles will be present at the event. However, the check-in requires you to have a role, where there is no option to select any role.

[djwoun]

Email fails to send

[djwoun]

Should check in be available for past events?

[djwoun]

I tried to see if I could do anything malicious with the site. I didn't find much.

Additionally, rechecked that MongoDB does TLS encryption so packets going through networks wouldn't be viewable. MongoDB uses TLS v1.2, which is secure. Secondly, MongoDB had encryption at rest using AES-256, which is also extremely secure.

Client-side field-level encryption is not enabled by default but could be enabled. Pro is that it adds on another level of encryption, so if the TLS encryption was cracked, there would be another layer. Con is that deterministic encryption disables sorting from the server side, and randomized encryption disables querying. Additionally, the server would have to strictly run on a Linux system, and the client would have additional computational overhead for encryption.