Horrifying Story of a Facebook Bug

My friend recently had an experience which reminded me of a similar experience from the Netflix "Black Mirror" series. Imagine that a technology, which is defining your ability to survive, is malfunctioning... and there's nothing you can do about it!

In his particular case, he lives off Facebook. Literally. He has a business which requires him to constantly communicate with his team and customers via Facebook.

Everything was working fine for him until one day he mysteriously got locked out.

Facebook suddenly decided to verify that he is indeed who he claims to be. And it asked him to verify his email. The system sent him a code to verify himself.

No big deal, right?

Well, it wouldn't have been if the verification system actually worked. But instead it showed him this:

Well, how about contacts which can confirm that he is actually himself, you might ask?

That functionality didn't work either.

Now he has no way of getting back into the system to get back to his normal life and, more importantly, his customers.

He's just one guy and Facebook has billions of users, so he has little expectation that he'll get this issue solved promptly. Meanwhile his business suffers.

How did this happen?

Welcome to the world of software testing. People normally test their software and, moreover, have a way to create an automated test to verify that this behavior does not break in the future.

But testing email verifications is a bit more complex. You need to run infrastructure to handle sending, receiving and verifying the emails.

The person who wrote the code which performs the verification probably didn't have a way to test it. On top of that, it looks like Facebook also lacks the infrastructure to validate this via automated tests.

This issue is not isolated to Facebook. Testing user flows which include email verifications is something most companies struggle to do well, if they bother to do it at all.

I have not encountered any company which can validate the full sign-up flow with emails or mobile devices. Mostly because there is no easy way to do it.

However, this is probably one of the most fragile pieces of login flows and one of the most frequent to break precisely because nobody ever tests that it indeed works.

This is why we've created a way for our customers to easily test sign-up flows and any email-related workflows.

Since testRigor's system works by parsing plain English, it is as easy as the following set of commands:

click "Register"
generate by regex "testing\+[a-z0-9]{10,18}\@testrigor-mail\.com", then enter into "Email" and save as "newEmail"
enter "password123" into "Password"
click "Sign Up"
wait 10 seconds
check that email to saved value "newEmail" was delivered
check that page contains button "Confirm Registration"
click "Confirm Registration"
check that page contains text "Successfully confirmed"

And yes, you can try it free.

How are you currently testing workflows which include email verifications?