Cross-Device Profile Sync Testing Guide

Purpose: Verify that zero-knowledge encrypted profiles sync correctly across devices using Firebase Auth + Firestore.

Time: ~20 minutes

---

Test Scenario

You'll create an account on Device 1, set up your profile, then log in on Device 2 and verify all data syncs correctly (including decryption).

---

Prerequisites

1. Two devices (or browser profiles):

   • Device 1: Your main browser
   • Device 2: Another browser, incognito window, or another physical device

2. Dev server running:

   npm run dev

3. Firebase DEV project configured (see ENVIRONMENT_SETUP.md)

4. Have these ready:

   • Email address (e.g., test@example.com)
   • Strong passphrase (write it down!)
   • Birth date (18+ years old)

---

Test Steps

Device 1: Create Account

1. Open app:

   http://localhost:5174

2. Navigate to signup:

   • Click "Get Started" or go to #/signup

3. Fill out signup form:

   • Email: test-sync@example.com
   • Birth date: Any date making you 18+
   • Click "Continue"

4. Create passphrase:

   • Passphrase: MyTestPassphrase123!
   • Confirm passphrase: MyTestPassphrase123!
   • ⚠️ WRITE THIS DOWN - you'll need it on Device 2
   • Click "Continue"

5. Agree to terms:

   • Check the box confirming you understand passphrase recovery policy
   • Click "Create My Account"

6. Verify account creation:

   • Open browser DevTools → Console (F12)
   • Look for: ✅ Account created with zero-knowledge encryption
   • Should show:

     {
       userId: "abc123...",
       lanternName: "Amber Beacon",
       email: "test-sync@example.com"
     }

7. Set up profile (if redirected to profile creation):

   • Add interests: Coffee, Jazz, Late Night
   • Set mood: Chatty
   • Click "Save"

8. Go to Profile Settings:

   • Navigate to #/profile
   • Add more interests: Books, Tech
   • Change mood to: Exploring
   • Enable location tracking
   • Click "Save Changes"

9. Verify Firestore (optional):

   • Go to Firebase Console → Firestore Database
   • Find users collection
   • Open your user document
   • Verify fields:

     {
       email: "test-sync@example.com",
       lanternName: "...",
       encryptedBirthDate: "k2j3n4lk5j6..." // gibberish
       salt: "p9o8i7u6y5...",  // random
       interests: ["Coffee", "Jazz", "Late Night", "Books", "Tech"],
       mood: "exploring",
       locationTracking: true,
       createdAt: "2025-01-...",
       updatedAt: "2025-01-..."
     }

   • ✅ Birth date is ENCRYPTED (unreadable gibberish)

10. Sign out:

    • Click your profile → "Sign Out" (if implemented)
    • Or close the browser tab

---

Device 2: Log In

1. Open app on Device 2:

   • Different browser, incognito, or another device
   • Go to http://localhost:5174

2. Navigate to login:

   • Click "Sign In" or go to #/login

3. Enter credentials:

   • Email: test-sync@example.com
   • Passphrase: MyTestPassphrase123!
   • Click "Sign In"

4. Verify login success:

   • Open DevTools → Console
   • Look for: ✅ Signed in successfully
   • Should show:

     {
       userId: "abc123...",  // Same as Device 1
       lanternName: "Amber Beacon",
       email: "test-sync@example.com"
     }

5. Go to Profile Settings:

   • Navigate to #/profile
   • Verify all data synced:
     • Lantern Name: Should match Device 1
     • Interests: Coffee, Jazz, Late Night, Books, Tech
     • Mood: Exploring
     • Location Tracking: Enabled

6. Verify encrypted data:

   • Open DevTools → Console
   • Birth date should be decrypted (if you log user profile)
   • Not visible in UI (privacy-first design)

7. Test profile update from Device 2:

   • Add interest: Photography
   • Change mood to: Quiet Vibes
   • Disable location tracking
   • Click "Save Changes"

---

Device 1: Verify Sync

1. Refresh Device 1 (or sign in again):

   • Go back to Device 1 browser
   • Refresh page or navigate to #/profile

2. Verify changes from Device 2:

   • Interests should now include: Photography
   • Mood: Quiet Vibes
   • Location Tracking: Disabled

3. ✅ SUCCESS: Changes from Device 2 are visible on Device 1!

---

What to Test

✅ Authentication

• [ ] Signup creates Firebase Auth user
• [ ] Signup creates Firestore profile
• [ ] Login authenticates with correct passphrase
• [ ] Login fails with incorrect passphrase
• [ ] Login unlocks encryption (key derived from passphrase)

✅ Encryption

• [ ] Birth date is encrypted before storage
• [ ] Birth date in Firestore is unreadable gibberish
• [ ] Birth date can be decrypted with correct passphrase
• [ ] Birth date cannot be decrypted without passphrase
• [ ] Salt is stored publicly (visible in Firestore)

✅ Profile Sync

• [ ] Profile data created on Device 1 appears on Device 2
• [ ] Profile updates on Device 1 sync to Device 2
• [ ] Profile updates on Device 2 sync to Device 1
• [ ] Public fields (interests, mood) sync instantly
• [ ] Encrypted fields (birth date) decrypt correctly on all devices

✅ Security

• [ ] Passphrase never appears in Firestore
• [ ] Encryption key never appears in Firestore
• [ ] Encrypted birth date cannot be read without login
• [ ] Security rules prevent reading other users' encrypted data

---

Expected Behavior

Action	Device 1	Device 2	Firestore
Create account	✅ Account created	-	✅ User document created with encrypted birth date
Add interests	✅ Saved	-	✅ interests array updated
Login	-	✅ Authenticated	✅ Salt fetched, key derived
View profile	-	✅ All data synced	✅ No changes
Update mood	-	✅ Changed to "Quiet Vibes"	✅ mood updated, updatedAt changed
Refresh D1	✅ Sees "Quiet Vibes"	-	✅ No changes

---

Debugging

Issue: "Failed to load profile"

Possible causes:

• User not authenticated → check getCurrentUser()
• Firestore security rules blocking read → check console for permission errors
• Network issue → check DevTools → Network tab

Issue: "Failed to decrypt birth date"

Possible causes:

• Wrong passphrase entered → encryption key derivation failed
• Encryption key not cached → user must re-enter passphrase
• Corrupted encrypted data → check Firestore for encryptedBirthDate field

Issue: "Profile not syncing"

Possible causes:

• Firestore offline persistence not working → check browser console for warnings
• Security rules blocking update → test with Rules Playground
• Multiple accounts → verify same userId on both devices

Issue: "Passphrase rejected"

Possible causes:

• Typo in passphrase → case-sensitive, must match exactly
• Wrong email → Firebase Auth rejects incorrect credentials
• Account doesn't exist → check Firebase Console → Authentication

---

Verify in Firebase Console

Firestore Database

1. Go to https://console.firebase.google.com
2. Select lantern-app-dev project
3. Click "Firestore Database"
4. Find your user document in users collection
5. Verify:
   • encryptedBirthDate: Gibberish (encrypted ✅)
   • salt: Random base64 string
   • interests: Array of strings
   • mood: String
   • locationTracking: Boolean
   • updatedAt: Recent timestamp

Authentication

1. Click "Authentication" in Firebase Console
2. Find your test user
3. Verify:
   • Email: test-sync@example.com
   • UID matches userId in Firestore
   • Created: Recent timestamp

---

Success Criteria

✅ PASS if:

• Account created on Device 1
• Login works on Device 2 with same credentials
• All profile data syncs correctly
• Encrypted birth date is unreadable in Firestore
• Encrypted birth date can be decrypted with passphrase
• Profile updates on one device appear on the other
• Security rules prevent unauthorized access

❌ FAIL if:

• Cannot create account
• Cannot log in on Device 2
• Profile data doesn't sync
• Birth date is stored in plaintext
• Birth date cannot be decrypted
• Unauthorized users can read encrypted data

---

Next Steps

After successful cross-device testing:

1. ✅ Deploy Firestore security rules to DEV
2. ✅ Test with real Firebase DEV project (not emulator)
3. ✅ Audit security with Firestore Rules Playground
4. ✅ Test on mobile devices (PWA)
5. ✅ Deploy to production when ready

See also:

• DEPLOY_FIREBASE_RULES.md for deploying security rules
• ZERO_KNOWLEDGE_ENCRYPTION.md for encryption details
• ENVIRONMENT_SETUP.md for Firebase setup