[Rails 5] Staging testing

[gbp]

Initial list taken from: #2968 (comment)

List spilt into separate comments due to collisions when multiple people were editing at the same time.

[gbp]

Noting for Change a profile photo photo doesn't change without clearing the varnish cache

[garethrees]

Noting for Change a profile photo photo doesn't change without clearing the varnish cache

#156.

[lizconlan]

PRO WITHOUT PRICING (Pro admin)

• Can grant pro status via roles from the admin page
• Can grant pro_admin status via roles from the admin page
• Can remove pro_admin status
• Can remove pro status

PRO WITHOUT PRICING (User)

• Does not see 'My subscription' links
• Can access the dashboard
• Can create new drafts
• Can create embargoed requests
• Can remove embargoes ('Publish requests')
• Can use the batch feature (if enabled through the feature flag)
• Are not offered the batch feature (if not enabled through the feature flag)
• Can still see embargoed requests once pro status is removed
• Can still remove embargoes once pro status is removed

[gbp]

PRO BATCH CREATION (Pro user)

• pro_batch_access feature enables batch access
• Can search for authority
• Add authority to batch draft
• Limit number of authorities in batch
• pro_batch_category_ui feature enables batch browse access
• Can browse authority categories
• Can add all authority in a category to batch draft

[gbp]

PRO BATCH SENDING

...

[gbp]

PRO EMBARGOS (Pro user)

• Can add embargo to pro requests
• Extend embargo
• Publish pro requests
• Requests should not be visible to public users
• Receive embargo ending email

[gbp]

PRO DASHBOARD

...

[gbp]

PRO SIGNUPS/PAYMENTS (User)

• Can signup using a coupon
• Enter payment details
• Subscription created on Stripe

[gbp]

PRO WEBHOOKS

• Response 200 to all webhook
• Customer updated - ignore renewals
• Customer updated - email on cancelled
• Customer deleted - remove pro access
• Payment succeeded - update charge description
• Payment failed - email

[gbp]

ANNOUNCEMENTS (Admin)

• Create site-wide announcement
• Create pro announcement
• Can dismiss announcements

[gbp]

CENSOR RULES (Admin)

• View the list of censor rules (/admin/censor_rules)
• Create a global censor rule
• Create a user censor rule
• Create an authority censor rule
• Create a request censor rule
• Create a regexp censor rule
• Edit a censor rule
• Destroy a censor rule

[gbp]

COMMENTS (Admin)

• View the list of comments (/admin/comments)
  - [ ]Create a comment
• Edit a comment
• Hide a comment
• Clear reported comment

[gbp]

COMMENTS (User)

• Add a comment to your own request
• Add a comment on someone else's request
• Report a comment

[gbp]

ATTACHMENTS (User)

• Reply to a request with a PDF
• Reply to a request with a JPG
• Reply to a request with a DOC
• Reply to a request with a DOCX
• Reply to a request with a XLS
• Reply to a request with a XLSX
• Reply to a request with a PNG
• Reply to a request with a TXT
• Reply to a request with a RTF
• Reply to a request with a ZIP
• View an attachment as HTML
• View an attachment as HTML through the Google Docs viewer
• Download an attachment

---

Done using https://gist.github.com/gbp/6e4dd746d32c1d9ae5874ef443856a16
Test attachments: https://staging.alaveteli.org/request/122/response/191/attach/2/response.zip?cookie_passthrough=1
And running: bundle exec script/mailgen.rb 122 tmp/response...

[gbp]

HOLIDAYS (Admin)

• Manually add a holiday
• Add holidays from a suggested iCal feed
• Add holiday from an online .ics feed (e.g. movie releases)
• Edit a holiday
• Delete a holiday

[gbp]

INCOMING MESSAGES (Admin)

• Redeliver a message to a different request
• Generate an FOI officer upload URL
• View the raw email
• Download the raw email
• Change prominence to requester only
• Change prominence to hidden
• Destroy a message

Holding pen

• Test holding pen guessing - broken hash
• Test holding pen guessing - broken id
• Test moving the incoming message using the guessed request match

[gbp]

INFO REQUEST BATCHES (Pro user)

• Create a batch request
  - [ ] View a batch request (/info_request_batches/:id)

[gbp]

INFO REQUESTS (User)

• Make a request
• Make 2 requests with the same title
• Attempt to make a request with a blank title (should be prevented, onscreen warning)
• Attempt to make a request with an all lower case title (should be prevented, onscreen warning)
• Test duplicate request detection
  • Make a request
  • Hit the back button
  • Re-submit the form
  • Should see "You already created the same request" warning message
  • No new request is created
• Sign up as part of new request process
  • Log out and start a new request
  • Sign up for new account when prompted
  • Check emailed link confirms account and creates request
• Sign in as part of new request process
  • Log out and start a new request
  • Log in to existing (non-Pro) account when prompted
  • Check request is created and associated with correct account
• Download zip file of correspondence
• Update the status of one of your own requests
• View a request's JSON page
• View a request's event history page
• Filter requests by date
• Filter requests by keyword
• Filter requests by state

[gbp]

INFO REQUESTS (Admin)

• Change the title of a request
  • Changes the title
  • Changes the url
• Change prominence to backpage
  • Can be viewed by other users
  • Does not appear in listings or search results
• Change prominence to requester only
  • Can be viewed by requester
  • Can not be viewed by other (non-admin) users
  • Does not appear in listings or search results
• Change prominence to hidden
  • Can not be viewed by requester
  • Can not be viewed by other (non-admin) users
  • Does not appear in listing or search results
• Allow new responses from anybody
• Allow new responses from authority only
  • Check 'authority' can still reply
  • Handle rejected responses with bounce
    • should receive "Your response to an FOI request was not delivered" email
  • Handle rejected responses with holding pen
    • response should be silently routed to the holding pen
  • Handle rejected responses with blackhole
    • email should just disappear
• Allow new responses from nobody
  • should not accept mail from the 'authority'
  • Handle rejected responses with bounce
  • Handle rejected responses with holding pen
  • Handle rejected responses with blackhole
• Change the described state of a request
• Change the awaiting description
• Prevent comments being made
• Re-enable comments (aka 'Reopen a request thread marked as "closed to new correspondence"')
• Tag a request
• Move a request to a different user
• Typo user url when moving request to new user
• Move a request to a different public body
• Mistype the url when moving request to a public body
• Generate an FOI officer upload URL
• Hide a request and notify the user

[gbp]

MAIL SERVER LOGS

• Check delivery status of a successfully delivered outgoing message
• Check delivery status of a failed outgoing message
  • comment out OVERRIDE_ALL_PUBLIC_BODY_REQUEST_EMAILS in config.yml and restart the site
  • edit one of the authorities so their request_email is nospam@example.com
  • send it a request, wait for it to be sent
  • revert the setting and restart the site
  • check how the log lines are displayed once the mail logs are ingested
• Check logs are only shown to requester and admins
• Check email addresses are redacted for everyone but admins
  • not logged in user just sees 'We've received a delivery status notification from the mailserver belonging to the authority'
  • request owner sees more detailed log lines but with partially redacted email addresses
  • admin sees unredacted log lines

[gbp]

OUTGOING MESSAGES (User)

• Send a followup
• Ask for an internal review

[gbp]

OUTGOING MESSAGES (Admin)

• Resend an outgoing message
• Change prominence to requester only
• Change prominence to hidden
• Edit body of message
• Destroy an outgoing message

[gbp]

PROFILE PHOTOS (User)

• Add a profile photo
• Add a photo that's not an image
• Resize a profile photo
• Change a profile photo doesn't seem to work without clearing it
• Remove a profile photo

[gbp]

PUBLIC BODIES (Admin)

• Add an authority
• Add an authority with multiple locales
• Edit an authority: Check version history
• Edit an authority with multiple locales
• Check the homepage is inferred from the email domain (tested locally)
• Check that a disclosure log link is show if a url is supplied
• Check that a publications scheme link is show if a url is supplied
• Tag an authority
• Tag an authority with not_apply
  • authority page should show 'Freedom of Information law does not apply to this authority, so you cannot make a request to it'
  • should not allow new requests
• Tag an authority with foi_no
  • authority page should show 'This authority is not subject to FOI law, so is not legally obliged to respond'
  • request pages should show 'This authority is not subject to FOI law, so is not legally obliged to respond'
  • allows new requests
• Tag an authority with eir_only
  • authority page should show 'You only have a right in law to access information about the environment from this authority '
  • request pages should show 'You only have a right in law to access information about the environment from this authority '
  • allows new requests
• Tag an authority with defunct
  • authority page should show 'This authority no longer exists, so you cannot make a request to it'
  • should not allow new requests
• Tag an authority with a charity number
  • "More about this authority" section should gain a link to the related charity commission page (WDTK feature)
• Destroy a public body
• Confirm you don't get the option to destroy a public body with requests
• Import from CSV (I had problems with this but the behaviour does not seem different to the last release so not specific to Rails 5 - Liz)
• Check pagination works

PUBLIC BODIES (User)

• Download authorities as CSV
• Check pagination works

[gbp]

PUBLIC BODY CATEGORIES (Admin)

• Add a category
• Add a category with multiple locales
• Add a category to a heading
• Check the category matches authorities with the category tag
• Destroy a category

[gbp]

PUBLIC BODY CHANGE REQUESTS (User)

• Make a change request (via sign in route)
• Make a request to change the authority's email address
• Request adding a missing authority

[gbp]

PUBLIC BODY CHANGE REQUESTS (Admin)

• Close a change request
• Close and respond to a change request
• Make the proposed update

[gbp]

PUBLIC BODY HEADINGS (Admin)

• Add a heading
• Add a heading with multiple locales
• Reorder headings
• Edit a heading
• Destroy a heading

[gbp]

REQUEST CLASSIFICATIONS (User)

• View unclassified requests in the classification game
• Classify some unclassified requests

[gbp]

SPAM ADDRESSES (Admin)

• Create a spam address
  • find a request with an incoming message
  • view the incoming message
  • copy the to address
  • click on 'Spam addresses'
  • paste the address in the box (and hit the button)
  • should say '[address] has been added to the spam addresses list'
• Check that mail to a spam address is discarded
• Destroy a spam address
  • Check the mail is being accepted again

[gbp]

TRACK THINGS (User)

• Create a request track (Follow a request)
• Create a public body track (Follow an authority)
  • Unsubscribe from emails
  • Check "My wall" contains correct entries
  • Check "My profile" lists the correct public body
  • Unfollow
• Create a user track (Follow a user)
• Create a search track
• Delete a track
• Delete all tracks from a group (e.g. "Individual requests") using "unsubscribe all"
  • Check "My wall" contains correct entries
• Check emails are sent & received by correct users
• Use the track email's "Unsubscribe" link without logging in

[gbp]

USERS

• Create a new user
• Confirm a user
• Log in as a user
• Make user an admin
• Remove admin permissions
• Make user a pro
• Remove pro access
• Make user a pro admin
• Remove pro admin permissions
• Log out
• Check that 'remember me' persists the login when closing the browser tab
• Ban (suspend) a user
• Ban (suspend) a user via the "Ban for spamming" button
• Close a user's account (behind feature flag :close_and_anonymise)
• Use the "Log in as [user]" button
• Edit profile
  • Set about me text
  • Set profile photo split out into [Rails 5] Staging testing  #5212 (comment)
  • Try to add spam text to profile (note: adding a link to YouTube worked - is that ok?))
  • Added known spam phrase to profile, triggered "Spam about me text from user" email alert
• Set as confirmed not spam
  • They should not be presented with spam measures
• Check that default requests per day limit is enforced
• Set no limit and check that default requests per day limit can be exceeded
• Set default locale
  this is not something that can be set directly via the admin, it's supposed to retain the last locale set by the user (via the language dropdown) and there's a known bug (it gets overwritten) with our current implementation
• Turn off email alerts
• Re-enable email alerts
• Allow batch requests
• Enable 2FA auth
• Regenerate OTP keys
• Check requests are shown on "my requests" (note: requires running xapian:update-index)
• Filter requests on "my requests"
• Check pagination on "my requests"
• Send a message to another user

[gbp]

WIDGET VOTES

• Enable widgets (config setting)
• View a widget (e.g. https://staging.alaveteli.org/request/133/widget)
• Visit a "Create new" widget page (will probably be on the sidebar)
• Vote for a widget (click "I also want to know!" while not logged in)
• Follow a widget you voted for
  • Go back to the widget page (without logging in)
  • Click on "Sign in to track this request"
  • Should create a track for the related request
• "Unsubscribe" from widget (logged in)
  • Go back to same widget
  • Should see "Unsubscribe" link
  • Click to unfollow the request
• Click "I also want to know!" while not logged into "vote" for a widget
  • asks you to log in then adds a request track
• View a widget for one of your own requests
  • Should see "This is your request" instead of a call to action
• Click "I also want to know" on a request you have not voted for while logged in
  • Should immediately create a track

[gbp]

System init.d

• script/runner - used by init.d scripts
• /etc/init.d/_SITE_/alert-tracks check
  • script/alert-tracks - not strictly used in the init.d script but effectively the same
  • script/alert-tracks-daemon - as above, are these needed anymore?
• /etc/init.d/_SITE_/poll-for-incoming check
• /etc/init.d/_SITE_/send-notifications check
  • script/send-notifications - not strictly used in the init.d script but effectively the same
  • script/send-notifications-daemon - as above, are these needed anymore?

Configured in deployments JSON

• script/handle-mail-replies
• script/handle-mail-replies.rb
• script/mailin

Run by Cron

• script/alert-comment-on-request
• script/alert-embargoes-expired
• script/alert-embargoes-expiring
• script/alert-new-response-reminders
• script/alert-not-clarified-request
• script/alert-overdue-requests - looks like this mailer is defined twice in the application, maybe duplication which can be removed
• script/check-recent-requests-sent - looks to be running fine but doesn't seem like the error output would ever be emailed to us - need ticket to investigate further
• script/cleanup-holding-pen
• script/compact-xapian-database
• script/delete-expired-embargoes
• script/delete-old-things
• script/load-mail-server-logs - can see logs have been ingested when viewing requests as an admin
• script/parse-unparsed-pro
• script/replicate-xapian-database not meant to be run for staging
• script/send-batch-requests
• script/send-public-holiday-reminder
• script/stop-new-responses-on-old-requests
• script/update-expiring-embargo-info-request-events - check for embargo_expiring info request events
• script/update-overdue-info-request-events - check for overdue or very_overdue info request events
• script/update-public-body-stats - check public_body.info_requests_overdue_count
• script/update-xapian-index - check ./log/update-xapian-index.log

Graphs - also run by cron - output can be viewed on /admin/stats

• script/request-creation-graph
• script/user-use-graph

Runs when deploying staging

• script/install-as-user
• script/rails-deploy-before-down
• script/rails-deploy-while-down
• script/rails-post-deploy
• script/site-specific-install.sh

Run these in local environment

• script/annotate-models
• script/load-sample-data
• script/switch-theme.rb
• script/test-vagrant-provisioning
• script/current-theme - only works when ./public/alavetelitheme is symlinked
• script/diff-theme-override - depends on current-theme

Other one off scripts

• script/cache-incoming-emails
• script/clear-caches
• script/defer
• script/destroy-and-rebuild-xapian-index
• script/mysociety-switch-to-shared - doesn't look like this will ever need to be run again - delete?

[gbp]

Not sure on what to do here yet:

INFO REQUEST EVENTS
POST REDIRECTS
DAEMONS

Nothing to do here, all these are well tested by going through the other checklists and scripts above.

[lizconlan]

We've done sign in and sign up as part of making a request so we've done some testing of PostRedirect

[lizconlan]

🎉 🏆 🚀