3.17.0 UAT / regression tests

[leleueri]

List of all the high priority / high severity testing checklist for 3.17 release :

General tests

• Test database with version upgrade (:warning: beware to identity provider enabled on your app, after migration the IDP must be enabled)
• Test fresh database
• Run all the postman tests on 3.17 nightly build
• Run all Postman tests on all supported RDBMS (Postgres, MariaDB, SQLServer, MySQL)
• Test connection with Cockpit
• Test connection with Alert Engine (connector 1.6.1 and AE in version 1.5.x & 1.6.x)
• Test custom both form and email template
• Test organization users with different roles to validate that rights are managed properly
• Stress tests => STILL NOT READY

Previous regression issues

• [gateway] sub value invalid into user info #7118, sub value should match user technical ID
• [management] manage null or empty configuration for plugins #7056, empty plugin configuration should work
• [management] Request to management API blocked #7080, AM API should not block with JDBC
• [management] userProviderExists method is not working anymore #7035, MongoDB and JDBC users should be flagged as "internal"
• [am] java mail properties are not set #6928, we should be able to send an email
• [management] unable to create organization user #6672: we should be able to create an organization user
• [password policy] unable to validate password on confirm registration #6382: on Register & ForgotPassword, when a PasswordPolicy isn't configured, the submit button should be activated, when a password policy is created it should disable until the password match the rules.
• [gateway] users are created with brute force detection #5866: when a brute force is enabled, trying to connect an unknown user shouldn't create it if a brute force is detected.
• [gateway] [login] secondary login #5306 : try to sign in a domain user with the username or the emailAddress
• If two users with different username have the same email address, we should ensure that we request an additional information to specify the username. (need specific configuration)

Use Cases

1. Sign-in (username/password) flow => Cover by postman end-to-end test

• Create domain
• Create application
• Create users
• Connect a user using the flow defined by the application

2. Social sign-in flow

• Create domain
• Create application
• Set-up social IdP
• Connect a user using the social IdP

3. Passwordless sign-in flow

• Create domain
• Create application
• Set-up WebAuthn
• Connect a user using WebAuthn

4. Sign-in (username/password) + MFA flow => Cover by postman end-to-end test

• Create domain
• Create application
• Create users
• Set up one MFA factor
• Connect a user with MFA (both Enroll and Challenge step)

5. Social sign-in + MFA flow

• Create domain
• Create application
• Set-up social IdP
• Set up one MFA factor
• Connect a user using the social IdP => should display the MFA Enroll and Challenge pages

6. Passwordless sign-in + MFA flow

• Create domain
• Create application
• Set-up WebAuthn
• Set up one MFA factor
• Connect a user using WebAuthn => should display the MFA Enroll and Challenge pages

7. Sign-in (username/password) with advanced enrich profile flow

• Create domain
• Create application
• Create users
• Create POST-LOGIN flow with both http callout and enrich profile policies
• Connect a user using the flow defined by the application
• Create custom token with enriched profile information

[LalithaGu]

Tested the Use case 1 and 2.
For Use case 2, I have tested "Social sign-in flow" by setting up the Social IDP- Google.