Bug 801561 (TrustedUI)

[System app][Trustworthy UI] Gaia TrustedUIManager

VERIFIED FIXED

Status

P1
normal
VERIFIED FIXED
6 years ago
6 years ago

People

(Reporter: ferjm, Assigned: alberto.pastor)

Tracking

unspecified
Dependency tree / graph

Firefox Tracking Flags

(blocking-basecamp:+)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Follow up for all the work related to the Trusted UI Gaia side.
(Reporter)

Updated

6 years ago
Assignee: nobody → alberto.pastor
blocking-basecamp: --- → ?
(Reporter)

Updated

6 years ago
Blocks: 776420
(Reporter)

Updated

6 years ago
Blocks: 795023
(Reporter)

Comment 1

6 years ago
Created attachment 671356 [details]
Pointer to Github pull request: https://github.com/mozilla-b2g/gaia/pull/5792

Pointer to Github pull-request
(Reporter)

Updated

6 years ago
Depends on: 795854
(Reporter)

Updated

6 years ago
Attachment #671356 - Flags: review+
(Reporter)

Updated

6 years ago
Blocks: 794680
(Reporter)

Updated

6 years ago
Depends on: 793329

Updated

6 years ago
blocking-basecamp: ? → +
Priority: -- → P1
(Reporter)

Comment 2

6 years ago
https://github.com/mozilla-b2g/gaia/commit/0c5bfb2ddfa9ac28d030e7550ac01ea54f484745
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
I imagine what's needed here testing wise is a sanity test pass on the trusted UI in itself, correct? I'll take a look tomorrow or Friday.
Keywords: verifyme
QA Contact: jsmith
(Reporter)

Updated

6 years ago
Depends on: 803455
Sounds like a good time to do a decent test pass with trusted UI with mozPay against a mock payment provider to see what bugs pop up in the trusted UI and general mozPay issues. Here's my minddump of what I've thinking. Any other ideas are welcome. I'll look at the contextual marketplace testing later when more of that stuff lands.

     Test that I can make an in-app purchase against the mock payment provider
    Test that I can choose and select between two different payments if multiple JWTs are requested
    Test that I receive a phone call while I'm in the trusted UI, that I can complete the phone call and return to the trusted UI context
    Test that I can be notified with a connection failure if there's no connection while I'm in the trusted UI
    Test that I can leave the trusted UI context back to the homescreen
    Test that I can return back to an existing trusted UI context by entering an app in that context currently
    Test that I can see which apps in task manager are in a trusted UI context vs. not
    Test that I can deny an in-app purchase through the trusted UI context
    Test that I can run multiple trusted UI contexts across different apps for different payments
    Test that I can exit to the task switcher while I'm in the trusted UI context
    Test that I can exit to the lockscreen while I'm in the trusted UI context
    Test that I can return to a trusted UI context from the lockscreen
    Test that I can return to a trusted UI context through the task switcher
    Test that I cannot request a trusted UI context within a background page running
    Test that I get an error and no trusted UI context when I request an invalid payment provider (aud wrong)
    Test that I get an error and no trusted UI context when I request an invalid payment provider (typ wrong)
    Test that I get an error and no trusted UI context when I request an invalid payment provider (typ not specified)
    Test that I get an error and no trusted UI context when I request an invalid JWT (exp non-numerical)
    Test that I get an error and no trusted UI context when I request an invalid JWT (iat non-numerical)
    Test that I get an error and no trusted UI context when I request an invalid JWT (iss non-numerical)
    Test that I get an error and no trusted UI context when I request an invalid JWT (request not specified)
    Test that I get an error and no trusted UI context when I request an invalid JWT (name not specified)
    Test that I get an error and no trusted UI context when I request an invalid JWT (price not specified)
    Test that I get an error and no trusted UI context when I request an invalid JWT (price not valid)
    Test that I get an error and no trusted UI context when I request an invalid JWT (invalid currency)
    Test that I get an error and no trusted UI context when I request an invalid JWT (non-numerical price)
    Test that I get an error and no trusted UI context when I request an invalid JWT (non-numerical defaultPrice)
    Test that I get an error and no trusted UI context when I request an invalid JWT (description not specified)
    Test that I get an error and no trusted UI context when I request an invalid JWT (productdata not a valid URL)
    Test that I get an error and no trusted UI context when I request an invalid JWT (productdata not a valid URL)
    Test that I get an error and no trusted UI context when I request an invalid JWT (iat >= exp)
    Test that I get an error and no trusted UI context when I request an invalid JWT (not valid JSON)
    Test that I get an error when I request two JWTs with the same payment provider
    Test that I can make an in-app payment with no iss specified
    Test that I can make an in-app payment with no iat specified
    Test that I can make an in-app payment with no exp specified
    Test that I can make an in-app payment with a single price with no default price specified
    Test that I can make an in-app payment with UTF-8 characters in the name and description of the request
    Test that I can make an in-app payment with at least two prices specified in a valid locale
    Test that I cannot make an in-app payment with a price specified in an unsupported locale
    Test that I can make an in-app payment with two prices specified with a default price, in which the default price is used due to a locale not specified in prices
    Test that I can make an in-app payment with two prices specified with a default price, in which the default price is not used due to a locale already specified in prices
    Test that I can make an in-app payment without productdata, postbackURL, and chargebackURL specified
    Test that I can make an in-app payment with productdata specified
    Test that I can make an in-app payment with a postbackURL and chargebackURL that points to a 404
    Test that I can make an in-app payment with a valid postbackURL and chargebackURL
    Test that I can make an in-app payment with 10 prices specified with different currencies
    Test that I get an error and no trusted UI context when I request an invalid JWT (two currencies that are the same)
    Test that I get an error and no trusted UI context when I request an invalid JWT (defaultPrice currency not specified in prices)

Updated

6 years ago
Depends on: 804485
(Reporter)

Updated

6 years ago
Depends on: 806425
(Reporter)

Comment 5

6 years ago
(In reply to Jason Smith [:jsmith] from comment #4)

Thanks Jason! A few comments below.

>     Test that I can choose and select between two different payments if
> multiple JWTs are requested

Note that this would require you to register a new payment provider in Gaia and it would show an screen that has no UX desing.

>     Test that I can see which apps in task manager are in a trusted UI
> context vs. not

This is not implemented yet. Pending UX definition.

>     Test that I get an error and no trusted UI context when I request an
> invalid payment provider (aud wrong)
>     Test that I get an error and no trusted UI context when I request an
> invalid payment provider (typ wrong)

Payment providers are only validated through the 'typ' parameter. The 'aud' parameter is ignored by the client.

>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (exp non-numerical)
>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (iat non-numerical)
>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (iss non-numerical)

This is not validated in the client side, so a trusted UI would be shown.

>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (non-numerical price)

There is no check for this, but I guess it should. I'll file a bug for it.

>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (non-numerical defaultPrice)

There is no check for 'defaultPrice' on the client side and we (Kumar and I) agreed not to validate it. The same applies for other test cases regarding 'defaultPrice'.

>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (productdata not a valid URL)

This is not validated in the client.

>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (productdata not a valid URL)

Dup

>     Test that I get an error and no trusted UI context when I request an
> invalid JWT (iat >= exp)

There is no validation for this in the client.


I would also add:

* Test that I can use the keyboard within the trusted UI context. (I'll add a form to the mock provider, so you can easily test it).
* Test that the payment callbacks (successPayment and cancelPayment) are injected in all the pages of the pay flow. (The mock provider allows you to browse to a different page)
* Test that the caller application receives a DOMRequest.onerror event when the trusted UI is closed during the payment flow.
Thanks for the feedback Fernando - very helpful. I've updated my wiki (now it's up to date) based on your feedback on the test cases above to reflect testing of the API and the trustworthy UI independently of marketplace - https://wiki.mozilla.org/B2G/QA/WebAPI_Test_Plan/WebPayment.

Updated

6 years ago
Blocks: 794530
Planning on looking into this today.

Updated

6 years ago
Depends on: 810443

Updated

6 years ago
Depends on: 810449

Updated

6 years ago
Depends on: 810475

Updated

6 years ago
Depends on: 810533

Updated

6 years ago
Depends on: 809714

Updated

6 years ago
Depends on: 809675

Updated

6 years ago
No longer depends on: 793329

Updated

6 years ago
No longer depends on: 809675

Updated

6 years ago
Depends on: 812656

Updated

6 years ago
Depends on: 812663
Finished testing this with a basic functional test pass, with the exception of testing keyboard input within a trusted context - which I'll take care of when I test identity integration. Bugs are filed and linked to this bug for followups.

Marking as verified.
Status: RESOLVED → VERIFIED
Keywords: verifyme

Updated

6 years ago
Depends on: 813811

Updated

6 years ago
Depends on: 814314

Updated

6 years ago
Depends on: 820046

Updated

6 years ago
Depends on: 825806

Updated

6 years ago
Depends on: 829170

Updated

6 years ago
Depends on: 830036

Updated

6 years ago
No longer depends on: 813811

Updated

6 years ago
Depends on: 829355

Updated

6 years ago
Depends on: 830358
(Reporter)

Updated

6 years ago
Alias: TrustedUI

Updated

6 years ago
Depends on: 832948

Updated

6 years ago
Depends on: 834871

Updated

6 years ago
Depends on: 836313

Updated

6 years ago
No longer depends on: 836313

Updated

6 years ago
Depends on: 841521

Updated

6 years ago
No longer depends on: 812663

Updated

6 years ago
No longer depends on: 830358

Updated

6 years ago
No longer depends on: 834871

Updated

6 years ago
No longer depends on: 841521
You need to log in before you can comment on or make changes to this bug.