Overview

Date: 06.05.2021

Objective: Weekly space for deep dive topics

Participants:

Topic Proposals:

Presentations / Attachments

	File	Modified
Labels No labels Preview View	PDF File 2021-05-19.openIMIS.Testing scenario.pdf	May 20, 2021 by Jean Brice Tetka

Acceptance test are compose of New feature and regression test (existing feature), e.g. most of the April release is regression
The user manual is updated at each release not yet done for April as communicated (done after the release) details on the different documentation will help to understand what was meant.
The system/integration test should be launch at each Pull Request by travis-ci
in the QA platform, we can create a bug linked to the test case meaning we have the way to repeat
the system test ARE part of the code repo
security testing:
- experts needed (starting in 2022)
- some penetration testing was done during the Project: D1 Formal Sector APIs
Travis has changed pricing model - free version no longer available, free minutes for OS projects can be requested, but have to be refreshed regularly

use JWT (JSON Web Token) tokens
BE is generating the token and sent to client
client uses the token with each call
Decision:
- token default validity/duration?
- information stored in the token (user UUID, username, authorities)?
- SSO UI interface / modular REST API to be called by external applications to get the token?
- graphql and REST APIs?
Example from REST API:
- eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VyVVVJRCI6IjNiODRlMzFhLTRmNzgtNGI0Zi1hMjNmLTA1ZGE5OGRjMDJkOSIsImV4cCI6MTYyMTkzMjYwOSwiaXNzIjoiaHR0cDovL29wZW5pbWlzLm9yZyIsImF1ZCI6Imh0dHA6Ly9vcGVuaW1pcy5vcmcifQ.3AYLYQQ71nZIjECnE3dtq24v0X_stoP7zrQfPyN1GbE
- payload:
- { "UserUUID": "3b84e31a-4f78-4b4f-a23f-05da98dc02d9", "exp": 1621932609, "iss": "http://openimis.org", "aud": "http://openimis.org" }