Local Vault: Tests

Github

Note: these tests require a passkey-enabled device (TouchID, FaceID, etc); also, the data entered is saved (encrypted!) only in the storage type selected, only on this device, which can always be inspected/audited via this browser's developer-tools.

Steps To Run Tests:

  1. Click 'setup vault' to setup a local vault -- picking one of the storage types (such as "Local Storage"), generating or entering a vault ID (such as "lv1"), and providing a username and display-name (e.g., "user-1" and "User 1", respectively) for the first passkey on the account. Make sure to copy the vault ID to save for later use! But don't set a timeout.
  2. Enter a couple of key/value entries to add to the vault, then edit one of the values, and delete the other.
  3. Setup another local vault -- picking the same storage type (from step 1), but entering different vault ID, username, and display-name. But this time pick a timeout, and then let the passkey prompt dialog sit long enough until it cancels and closes.
  4. Now, repeat the previous step but without the timeout, and complete the second vault setup.
  5. Add a distinct key/value entry to this second vault, then close the vault dialog.
  6. Setup a third local vault -- this time picking a different storage type (such as "IndexedDB") than the other two vaults, as well as different vault ID, username, and display-name. And this time, skip the timeout again.
  7. Add another distinct key/value entry to this vault, then close the vault dialog.
  8. Click 'lock vault'.
  9. Click 'open vault', select the chosen storage type (from step 1), then enter the copied vault ID (from step 1), and skip the timeout. Notice you're not prompted for passkey authentication, because this vault hasn't yet been "locked" (aka, logged out), and its key is still in the cache. Close the vault dialog.
  10. Click 'lock vault'.
  11. Just like step 9, click 'open vault', select the chosen storage type (from step 1), and the vault ID (from step 1), but now select the timeout. This time you're prompted to authenticate with the passkey, but let the dialog sit long enough until it cancels and closes.
  12. Repeat step 9 again (skipping the timeout), and authenticate with your passkey. Close the vault dialog.
  13. Click 'add vault passkey', and enter a different username and display-name. Authenticate with the new passkey.
  14. Click 'detect (and open) vault', select the storage type (from step 1) -- but no need to enter the vault ID! -- and skip the timeout and authenticate with the newest passkey, thereby opening the vault dialog. Close the vault dialog.
  15. Click 'reset vault lock-key', confirm the action, then enter a new username and display-name, and authenticate with the new passkey.
  16. To verify the new vault lock-key works, click 'open vault' to see the vault's key-value entries. Close the vault dialog.
  17. Verify that "Raw storage tests: PASS" is displayed below. Note: The OPFS adapter only works in Chrome/Firefox, so those specific raw storage tests will fail in other browsers.

When complete with testing:

  1. Click 'reset (remove all vaults/passkey accounts)', and confirm the action.
  2. Use the device's system management settings to remove all the passkeys registered during testing.

Raw storage tests: ...