User:DWalden (WMF)/IPInfo/Testwiki Deployment Testing Plan

Test strategy for our planned deployment of IPInfo to testwiki. Work in progress.

Key risks to test for

 * Security
 * Permissions
 * Systematically test combination of factors that affect whether an admin has a right to see a particular edit, log or IP
 * We have introduced new user rights since the security review (Dec 2020)
 * Including factors like whether the admin is blocked, whether the edit is suppressed, etc.
 * Audit who is in the group and who can grant access to the group
 * What is the process of granting access to this group?
 * The "group" who have access to ipinfo TBD
 * Information disclosure
 * Review code - concentrating on paths the code can take and endpoints, including error handling
 * Some of this will be tested systematically along with permissions testing mentioned above
 * Logging
 * TBD based on development work done
 * We do need to be careful when testing this as it is a late change
 * Exceptions - any train blockers
 * Have beta logs and browser console open while testing
 * If testing locally, you can setup local logging

Don't need to test

 * Usability - any usability problems will be reported by users
 * Compatibility - any compatibility problems will be reported by users
 * Accuracy of data provided about IPs
 * A lot of this has already been tested
 * We assume the main purpose of user testing on testwiki is to reveal usability bugs. Admins on testwiki will not actually be using the data for anything.

Open questions

 * Will we need to generate test data on testwiki?
 * Most of the above testing will be done before deployment to testwiki. Should we do any testing on testwiki itself after the deploy?