document create-test-user command

docs/one-off-tasks.md

@@ -2,14 +2,18 @@
 
 For these, we're using Flask commands, which live in [`/app/commands.py`](../app/commands.py).
 
-This includes things that might be one-time operations! Using a command allows the operation to be tested, 
-both with `pytest` and with trial runs.
+This includes things that might be one-time operations! If we're running it on production, it should be a Flask 
+command Using a command allows the operation to be tested, both with `pytest` and with trial runs in staging.
+
+To see information about available commands, you can get a list with:
+
+`pipenv run flask command`
+
+Appending `--help` to any command will give you more information about parameters.
 
 To run a command on cloud.gov, use this format:
 
-```
-cf run-task CLOUD-GOV-APP --commmand "YOUR COMMAND HERE" --name YOUR-COMMAND
-```
+`cf run-task CLOUD-GOV-APP --commmand "YOUR COMMAND HERE" --name YOUR-COMMAND`
 
 [Here's more documentation](https://docs.cloudfoundry.org/devguide/using-tasks.html) about Cloud Foundry tasks.
 

docs/testing.md

@@ -23,6 +23,14 @@ We're using GitHub Actions. See [/.github](../.github/) for the configuration.
 
 In addition to commit-triggered scans, the `daily_checks.yml` workflow runs the relevant dependency audits, static scan, and/or dynamic scans at 10am UTC each day. Developers will be notified of failures in daily scans by GitHub notifications.
 
+## Manual testing
+
+If you're checking out the system locally, you may want to create a user quickly.
+
+`pipenv run flask command create-test-user`
+
+This will run an interactive prompt to create a user, and then mark that user as active. *Use a real mobile number* if you want to log in, as the SMS auth code will be sent here.
+
 ## To run a local OWASP scan
 
 1. Run `make run-flask` from within the dev container.