Setting: Test Mode

Many of Suma’s features which require a license to operate in Production Mode can be run in Test mode without requiring a license.

Test Mode is useful if:

  1. you want to experiment with a feature of Suma but don’t have a license for that feature, or
  2. you are using a licensed feature in production and need to be able to exercise it with test payment methods (i.e. Sandbox payment accounts) but without excluding regular users from using the site.

Test Mode is available for most licensed features of Suma and is activated per feature from Suma’s Settings page in the Wordpress Administration area.

When a feature is activated in Test Mode:

  1. the feature will only be available in Test Mode to the Administrator (as explained below),
  2. the feature will continue to operate in Live Mode for all other users if that feature is licensed, and
  3. the feature will use the Sandbox Payment Processor when required (e.g. PayPal’s Sandbox instead of your Live account).

An important principal of Test Mode is that its use is restricted to the Wordpress Administrator (specifically, requests from the Administrator’s computer).  If any other user requests a Test Mode enabled feature they will be given that feature operating in live mode if there is a valid license for it or it will be treated as a disabled feature if there is no valid license.  Suma achieves this operational behavior using the following mechanism.  When the Administrator activates Test Mode on a feature, Suma saves their IP Address (i.e. their network address), which is reported on the Settings page beneath each feature that is in Test Mode.  Then whenever Suma receives a request for that feature and Test Mode is enabled for it, it will compare the requester’s IP Address with the saved one. If they match then the request will be given a Test Mode version of the feature.  If they don’t match, then the requester will be given the Live Mode version of the feature if its been licensed otherwise its treated as though the feature is disabled.  Since only the Administrator has access to Suma’s Setting page, only the Administrator’s IP Address will be saved for comparison.

The Administrator’s IP address was used as the basis of this scheme because it allows the Administrator to access features in Test Mode without being logged into Wordpress.  This is an important requirement because Suma treats logged-in users differently than anonymous users (as when determining whether they have access to content, or whether access to Subscription Plans) and furthermore treats a logged-in user in the Wordpress Administrator role differently again (not interfering at all).  Using IP Addresses does however create the possibility that a malicious user could impersonate the IP Address of the Administrator in order to access a feature in Test Mode but this would merely offer them the ability to subscribe using a Sandbox account instead of a Production account and for this they would need the password for the Sandbox.  Since this scheme does not grant any access to the administrative functions of Suma or Wordpress,there is no threat that this could be used as a backdoor to perpetrate other exploits.

Being able to have the Administrator test a feature on a live site using the site’s live data and its actual configuration (posts, subscription plans, other plugins active on the site, etc) means the Administrator can reproduce the same scenarios as actual users without needing valid payment methods.  And allowing Suma to service both Sandbox and Live Payment Processors simultaneously means that you don’t need to shut out users from the site (e.g. maintenance mode) in order to run test transactions.

Features that can be run in Test Mode: