[QA] 0.8.1 Testplan

[jnweiger]

Setup

oc10.sh twofactor_totp encryption user_ldap

Twofactor TOTP Test Plan

• References: Template

Run the tests below with freeotp and/or google authenticator. Optionally also some tests with another otp app.

• [x] Enable the app.
  • [x] No problems found.
• [ ] Using a non admin user user1, enable totp in the personal settings, security.
  • [x] Having the app freeotp (android or ios) scan the QR code provided and set it up.
  • [x] Login using user1, get a new code in the freeotp app. Introduce it in the login view. Login.
  • [x] User1 is asked the code during login and login succeeds.
  • [x] Logout. Login again using same code. User1 cannot login without a new code
• [x] Using a non admin user user1, enable totp in the personal settings.
  • [x] Having the app freeotp (android or ios) scan the QR code provided - enter a random verification code, code is not verified
• [x] Using users user1 & user2, enable totp and set it up in the personal settings.
  • [x] Login using user1, get a new code in the freeotp app for user2.
  • [x] Introduce it in the login view. Login. user1 cannot login
• [x] Using users user1, enable totp and set it up in the personal settings.
  • [x] Login using user1, totp. Disable TOTP in the personal settings of user1. Login again. user1 can login without TOTP token
• [x] Using users user1, enable totp and set it up in the personal settings.
  • [x] Login using user1, totp. Disable TOTP in the personal settings of user1. Enable it again, set it up scanning the new QR code.
  • [x] new verification code is accepted
• [x] Using users user1, enable totp and set it up in the personal settings.
  Login using user1, totp.
  Disable TOTP in the personal settings of user1
  Enable it again, do not scan the new QR code but use a current code from the first setup to verify
  • [x] code is not accepted
• [x] Using a non admin user user1, enable totp in the personal settings.
  Having the app freeotp (android or ios) scan the QR code provided and set it up.
  Try to login with user1 using his password. When the totp input appears introduce random numbers, emojis, negative numbers and empty string.
  • [x] User1 cannot login in any of this situations.
• [x] Using a LDAP user ldap_user, enable totp in the personal settings.
  Having the app freeotp (android or ios) scan the QR code provided and set it up.
  Login using ldap_user, get a new code in the freeotp app. Introduce it in the login view. Login.
  • [x] User_ldap can login without problems.
• [x] Using a non admin user user1, enable totp in the personal settings.
  Having the app google authenticator (android or ios) scan the QR code provided and set it up.
  Login using user1, get a new code in the google authenticator app. Introduce it in the login view. Login.
  • [x] User1 can login without problems.
• [x] Using a non admin user user1, enable totp in the personal settings.
  Having the app google authenticator (android or ios) set up the account in the app using the TOTP secret key.
  Login using user1, get a new code in the google authenticator app. Introduce it in the login view. Login.
  • [x] User1 can login without problems.
• [x] CLI
  • [x] Test 1/2 Having a user 'user1' with a working enabled two factor authentication,
    • [x] use the CLI command to disable it: occ twofactorauth:disable
    • [x] 'user1' now can login without using 2FA
  • [x] Test 2/2 Use the CLI command twofactorauth:enable to enable again 2FA for 'user1'
    • [x] 'user1' has to use 2FA mandatory to login
• [x] Browsers
  • [x] Check the login process is possible using chrome
  • [x] Check the login process is possible using firefox
  • [x] Check the login process is possible using edge
  • [x] Check the login process is possible using internet explorer 11
  • [x] Check the login process is possible using safari
• [x] Admin enforces 2FA in the Settings -> Security -> somewhere????
  • [x] user with already configured 2FA can still log in, using his connected authenticator
  • [x] user with not yet configured 2FA is presented a QR code and can do the configuration before login.

---

[jnweiger]

QA passed with enrypted filesystem.