Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release SecureDrop Client 0.14.0 #2282

Open
34 tasks
zenmonkeykstop opened this issue Nov 6, 2024 · 4 comments
Open
34 tasks

Release SecureDrop Client 0.14.0 #2282

zenmonkeykstop opened this issue Nov 6, 2024 · 4 comments

Comments

@zenmonkeykstop
Copy link
Contributor

zenmonkeykstop commented Nov 6, 2024
edited by rocodes
Loading

This issue tracks the SecureDrop Client release [version]. It will be organized by:

This release includes the following changes:

SecureDrop maintainers and testers: As you QA this release, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the release milestone for tracking (or ask a maintainer to do so).

Test plan

Prerequisite: start the server with

  • n > 30 sources
  • one or more testers: at least one source with a >1 MB file
  • and start the client with debug logging

Basic multi-delete/select testing (#2252)

  • Ctrl+click selects multiple disjointed sources- the widget items are distinctly highlighted
  • Shift+click selects range of sources
  • Mouse drag on sourcelist selects range of sources
  • When more than one source is selected, the widget items are distinctly highlighted and the "Multiple sources selected" context view replaces the Source Conversation view
  • Clicking on a single new source selects that source and de-selects the previously selected range
  • When sources are deselected and a single source is selected, the correct conversation view appears. (Easiest way to test: reply to a source with their nickname, do this for a few sources, then toggle between them, selecting one then multiple. Observe match between visible conversation and selected source in sourcelist).
  • When multiple sources are selected then deleted, and a new source is selected, the correct conversation view appears. (Select multiple sources, delete selected. Click on some remaining sources, and observe correct conversation rendered. Same nickname trick as above may be helpful).
  • Selecting Delete Sources from the toolbar prompts a dialog that shows each source name confirming deletion. When large numbers of sources are selected, all names are visible and the dialog area is scrollable.
  • Closing or canceling the delete sources dialog has no effect, and the sources are still selected
  • Accepting the delete sources dialog shows individualized deletion animations for each selected source, as they are removed.
  • Clicking the Delete Sources toolbar button with no sources selected pops up a dialog informing that no sources are selected
  • DeleteSources button is not visible when logged out, although the empty toolbar remains visible.

General regression testing and UI inspection

  • Source Menu (3-dots overflow menu by a single source) functionality is unchanged, including deleting a single source from the source menu. Please smoketest the actions in the 3-dot menu (Print Transcript shows print transcript dialog; Delete Source or Conversation from 3-dot over menu launches DeleteSource dialog for that source.)
  • Ensure that successive clicks on different sources in the sourcelist render the correct expanded conversation in the conversation pane (right side). (Easiest way to do this is to reply with the sources nickname so that you can readily match the conversation to the source)
  • Toggling between views (nothing selected, multi selected, single source selected) renders correct view
  • Destructive dialog options (Delete Source, Delete Conversation) have a hover/mouseover state (Add hover styling to ModalDialog.dangerous (destructive) buttons #2208)
  • Status messages and the status bar are correctly rendered at the bottom of the application (Move Top Pane to Bottom #2230)

Download error cases

Release tasks

  • Check if there are any security bug fixes waiting to be pulled into the RC
  • Check if there are any translations:
    • pending merge into main
    • pending inclusion as a supported language in MANIFEST.in
  • Update changelog
  • Create test plan
  • Refresh nightlies
  • Begin formal QA using nightlies; refresh nightlies as needed
  • Build production package in standard build environment
  • Sign production package
  • Perform final pre-flight testing using apt-qa.freedom.press
    • Localization: In a dispVM, change your locale (e.g.: export LANG=es_ES.utf-8; dpkg-reconfigure locales), run the Client, and confirm that the application is translated.
  • Publish production package
  • Publicize release via support channels
@zenmonkeykstop zenmonkeykstop mentioned this issue Nov 7, 2024
Merged
4 tasks
@deeplow
Copy link
Contributor

deeplow commented Nov 12, 2024
edited
Loading

Hardware: framework 13 (13th gen intel)
Setup:

  • sdw-admin --uninstall
  • install latest sdw release
  • setup config.json with environment: staging
  • confirm client software version is 0.14.0 (via dpkg -l | grep securedrop)

Test plan

Prerequisite: start the server with

  • n > 30 sources
  • one or more testers: at least one source with a >1 MB file
  • and start the client with debug logging
    • ℹ️ I was unsure how to achieve this. By looking at run.sh I basically ran in sd-app LOG_LEVEL=debug /opt/venvs/securedrop-client/bin/python3 -m securedrop_client , but I'm not sure this is the correct way of starting in debug logging mode in the workstation directly. Then I checked the logs with tail -f ~/.securedrop_client/logs/client.log.

Basic multi-delete/select testing (#2252)

  • Ctrl+click selects multiple disjointed sources- the widget items are distinctly highlighted
  • Shift+click selects range of sources
  • Mouse drag on sourcelist selects range of sources
  • When more than one source is selected, the widget items are distinctly highlighted and the "Multiple sources selected" context view replaces the Source Conversation view
    • ℹ️ assuming here that by "widget items" what is meant is "sources listed"
  • Clicking on a single new source selects that source and de-selects the previously selected range
  • When sources are deselected and a single source is selected, the correct conversation view appears. (Easiest way to test: reply to a source with their nickname, do this for a few sources, then toggle between them, selecting one then multiple. Observe match between visible conversation and selected source in sourcelist).
  • When multiple sources are selected then deleted, and a new source is selected, the correct conversation view appears. (Select multiple sources, delete selected. Click on some remaining sources, and observe correct conversation rendered. Same nickname trick as above may be helpful).
  • Selecting Delete Sources from the toolbar prompts a dialog that shows each source name confirming deletion. When large numbers of sources are selected, all names are visible and the dialog area is scrollable.
    • ℹ️ I did not exactly get to the "scrollable" stage probably because I did not have enough sources to delete, but the window area did increase
  • Closing or canceling the delete sources dialog has no effect, and the sources are still selected
  • Accepting the delete sources dialog shows individualized deletion animations for each selected source, as they are removed.
  • Clicking the Delete Sources toolbar button with no sources selected pops up a dialog informing that no sources are selected
    ⚠️ It does show the dialogue, but the "continue" button does nothing.

    Perhaps we could simply disable / grey out the "delete sources" button when no source is selected.
    Update: I've created a follow-up issue Delete sources dialogue (when no sources selected) - can't click OK #2290
  • DeleteSources button is not visible when logged out, although the empty toolbar remains visible.
    ℹ️ This worked correctly, but I should note that it does look like a graphical glitch:
    empty_toolbar
    And the same happens if one runs in offline mode. I'm sure this has been considered, but I think it would be preferable to just hide the action bar entirely or show the options as disabled. But I don't think this should block the release since the team is already aware of situation.

General regression testing and UI inspection

  • Source Menu (3-dots overflow menu by a single source) functionality is unchanged, including deleting a single source from the source menu. Please smoketest the actions in the 3-dot menu (Print Transcript shows print transcript dialog; Delete Source or Conversation from 3-dot over menu launches DeleteSource dialog for that source.)
  • Ensure that successive clicks on different sources in the sourcelist render the correct expanded conversation in the conversation pane (right side). (Easiest way to do this is to reply with the sources nickname so that you can readily match the conversation to the source)
  • Toggling between views (nothing selected, multi selected, single source selected) renders correct view
    • ℹ️ I could not find a way to have no source selected other than restarting the application. Is there a better way?
  • Destructive dialog options (Delete Source, Delete Conversation) have a hover/mouseover state (Add hover styling to ModalDialog.dangerous (destructive) buttons #2208)
  • Status messages and the status bar are correctly rendered at the bottom of the application (Move Top Pane to Bottom #2230)
    ℹ️ it showed "last refresh" and "downloading messages" notifications, but it did not show information about the progress of source deletion. I'm flagging because I don't know if it's expected or to show something like "deleting source X" or "deleting sources (15 left) "..."deleting sources (1 left)"

Download error cases

  • Begin download of large file, then delete the source (at the server if need be) before the download completes so that there is time for a sync. Client does not crash; warning present in logs. (Improve error-handling for deleted files, messages, and replies #2231)
    The client did not crash ✔️. However, in addition to the expected warnings in the logs, I also get some ERRORs. Are these expected? 
    2024-11-12 10:51:13,527 - securedrop_client.logic:1050(on_delete_source_success) INFO: Source 7a0e00b8-4d41-4269-b6ea-340b533c9d6b successfully scheduled for deletion at server
2024-11-12 10:51:13,528 - root:930(delete_source_collection) INFO: No source documents for formed_microbiology to delete
[...]
2024-11-12 10:51:49,259 - securedrop_client.sdk:215(_streaming_download) ERROR: Retry 0, internal proxy error
2024-11-12 10:51:49,260 - securedrop_client.sdk:261(_streaming_download) ERROR: Retry 0, base error
2024-11-12 10:51:50,735 - securedrop_client.sdk:261(_streaming_download) ERROR: Retry 1, base error
2024-11-12 10:51:50,735 - securedrop_client.sdk:269(_streaming_download) ERROR: Reached unreachable exception. retry=2, bytes_written=6848883, download_finished=True
2024-11-12 10:51:50,736 - securedrop_client.api_jobs.downloads:170(_download) ERROR: Download failed
2024-11-12 10:51:50,736 - securedrop_client.queue:244(process) ERROR: Skipping job
2024-11-12 10:51:50,737 - securedrop_client.logic:1012(on_file_download_failure) ERROR: Failed to decrypt 92fe365b-685e-4d4a-b367-e2e30cf538a2
2024-11-12 10:51:50,740 - securedrop_client.logic:1017(on_file_download_failure) WARNING: File download failure for uuid not in database.
  • Force a (small) download to fail, eg by disconnecting the network. Client does not crash, and well-formed error notifying about download failure is present in logs (on_reply_download_failure() assumes exceptions have a uuid attribute #2274)
    • ℹ️ the client does not crash and does show a download failures. However, because it is at the bottom of the screen it took me quite a while to notice. Originally I thought it had silently failed. But I think it's working as expected, this was just a small note.
  • Note: API._streaming_download() does not handle HTTP 416 Range Not Satisfiable errors #2232 is out of scope for this release and is not a regression of this release.

Additional testing

  • confirming bulk deletion does delete files on disk:
    • I did so via grep -r ~/ "source name". When the source entry existed, it would list .securedrop_client/svs.sqlite as a match, when deleted it wouldn't list it
  • Default action in bulk source delete dialogue is the safe option ✔️ (clicking Enter did dismiss the dialogue)

Other findings

(just curious finding) Delete source in selection order

I found it curious that the list of sources to delete follows the selection order. This is not necessarily a bad thing, just something I wouldn't expect. I would have expected them to be in the top-bottom order. Example: by selecting from the bottom to the top, I got the following deletion prompt:

delete_reverse

Ctrl+A Selects all sources

Not sure if this a new thing or if it was already there, but imagine the following scenario:

  • journalist wants to delete some spam "sources"
  • they click ctrl and start selecting a few sources
  • by mistake, they click a while still holding ctrl
  • because deleting spam sources has become a regular task, they click the red [delete 150 sources] button in the confirmation dialogue

@deeplow deeplow mentioned this issue Nov 12, 2024
Closed
@zenmonkeykstop
Copy link
Contributor Author

zenmonkeykstop commented Nov 13, 2024
edited
Loading

Test plan IN PROGRESS

Prerequisite: start the server with

  • n > 30 sources
  • one or more testers: at least one source with a >1 MB file
  • and start the client with debug logging

Basic multi-delete/select testing (#2252)

  • Ctrl+click selects multiple disjointed sources- the widget items are distinctly highlighted
  • Shift+click selects range of sources
  • Mouse drag on sourcelist selects range of sources
  • When more than one source is selected, the widget items are distinctly highlighted and the "Multiple sources selected" context view replaces the Source Conversation view
  • Clicking on a single new source selects that source and de-selects the previously selected range
  • When sources are deselected and a single source is selected, the correct conversation view appears. (Easiest way to test: reply to a source with their nickname, do this for a few sources, then toggle between them, selecting one then multiple. Observe match between visible conversation and selected source in sourcelist).
  • When multiple sources are selected then deleted, and a new source is selected, the correct conversation view appears. (Select multiple sources, delete selected. Click on some remaining sources, and observe correct conversation rendered. Same nickname trick as above may be helpful).
  • Selecting Delete Sources from the toolbar prompts a dialog that shows each source name confirming deletion. When large numbers of sources are selected, all names are visible and the dialog area is scrollable.
  • Closing or canceling the delete sources dialog has no effect, and the sources are still selected
  • Accepting the delete sources dialog shows individualized deletion animations for each selected source, as they are removed.
  • Clicking the Delete Sources toolbar button with no sources selected pops up a dialog informing that no sources are selected
  • DeleteSources button is not visible when logged out, although the empty toolbar remains visible.

General regression testing and UI inspection

  • Source Menu (3-dots overflow menu by a single source) functionality is unchanged, including deleting a single source from the source menu. Please smoketest the actions in the 3-dot menu (Print Transcript shows print transcript dialog; Delete Source or Conversation from 3-dot over menu launches DeleteSource dialog for that source.)
  • Ensure that successive clicks on different sources in the sourcelist render the correct expanded conversation in the conversation pane (right side). (Easiest way to do this is to reply with the sources nickname so that you can readily match the conversation to the source)
  • Toggling between views (nothing selected, multi selected, single source selected) renders correct view
  • Destructive dialog options (Delete Source, Delete Conversation) have a hover/mouseover state (Add hover styling to ModalDialog.dangerous (destructive) buttons #2208)
  • Status messages and the status bar are correctly rendered at the bottom of the application (Move Top Pane to Bottom #2230)

Download error cases

@deeplow
Copy link
Contributor

deeplow commented Nov 14, 2024
edited
Loading

Added one more section on my testing:

Ctrl+A Selects all sources

Not sure if this a new thing or if it was already there, but imagine the following scenario:
* journalist wants to delete some spam "sources"
* they click ctrl and start selecting a few sources
* by mistake, they click a while still holding ctrl
* because deleting spam sources has become a regular task, they click the red [delete 150 sources] button in the confirmation dialogue

Have we considered situations like these? I think it has enough catastrophic consequences and very little real scenarios where this is wanted. In my mind this warrants some mitigation.

Some alternative suggestion on how to tackle this:

  • have a separate dialogue for when all sources are selected, making sure to communicate that the user is about to delete ALL SOURCES.
  • Prevent deleting all sources by opening a dialogue informing that this action is probably not what the user intends and a single "cancel" button (if the user really intends to delete all sources, they can still select all but one, delete, and then select that last one for deletion).

@zenmonkeykstop zenmonkeykstop mentioned this issue Nov 14, 2024
Open
2 tasks
@zenmonkeykstop
Copy link
Contributor Author

Added one more section on my testing:

(tracked in #2296)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zenmonkeykstop @deeplow