Lately, I have to conduct lots of interviews for various positions in the QA organizations which I lead. One of my favorite questions is- “How will you test a login form?”. You will be surprised how complex the testing of such ‘simple’ functionality can get. In this post, I will share my answer to the question where I generated 110 test case scenarios. Sharing the questions and the information I hope that I will help some of you who want to prepare better for your future interviews.
As part of the professional services we provide at BELLATRIX, we consult companies and help them to improve their QA process and set up an automated testing infrastructure. After the initial review process and giving improvement recommendations for some companies we need to hire new talents that can help the company to scale-up the solutions we provided. Others don’t want to hire people, so they hire our company to do the job. Which path you will choose if you are a manager depends on the company’s/product’s context and how much money it will cost you.
Requirements
Since I asked you only - “How will you test a login form?”, your most obvious first question should be- “What are the requirements?”, “Who should I ask?”, otherwise, how would you know what to test?
Okay, so here are the requirements.
Login form
-
Email/Username
-
Password
-
Remember me checkbox
-
Login button
-
Login via Facebook button
-
Login via Twitter button
-
Login via GitHub button
-
Login via Google button
Should be tracked with a special code to Google Analytics
Additional requirements
-
You get web designs how it should look on different resolutions and mobile- should be PX perfect
-
If you try to access the account section should be redirected to the login page
-
SSO - Single Sign-On to all websites- forums, support system, my account, shopping cart
-
CAPTCHA displayed on 10 try to login unsuccessfully
Test Cases
-
1. Login with correct email and password, remember me = NO
-
2. Login with correct username and password, remember me = NO
-
3. Login with correct email and password - remember me = YES
-
4. Login with correct username and password - remember me = YES
-
5. Existing FB account login
-
6. Existing Twitter account login
-
7. Existing Google account login
-
8. Existing LinkedIn account login
-
9. Deleted client - “not correct username/email or password”
-
10. Deactivated client SPAM - “not correct username/email or password”
-
11. Non-existing username and password- “not correct username/email or password” JS = ON
-
12. Non-existing email and password- “not correct username/email or password” JS = ON
-
13. Existing username and wrong password- “not correct username/email or password” JS = ON
-
14. Existing email and wrong password- “not correct username/email or password” JS = ON
-
15. Existing username and empty password- “not correct username/email or password” JS = ON
-
16. Existing email and empty password- “not correct username/email or password” JS = ON
-
17. Empty username and correct password- “not correct username/email or password” JS = ON
-
18. Empty email and correct password- “not correct username/email or password” JS = ON
-
19. Empty username and empty password- “not correct username/email or password” JS = ON
-
20. Empty email and empty password- “not correct username/email or password” JS = ON
-
21. Try 9 unsuccessful login attempts and try to login with correct credentials 10th time
-
22. 11th unsuccessful login attempt displays captcha
-
23. After login with email check SSO website whether logged-in
-
24. After login with username check SSO website whether logged-in
-
25. After login with FB check SSO website whether logged-in
-
26. After login with G check SSO website whether logged-in
-
27. After login with TW check SSO website whether logged-in
-
28. After login with LI check SSO website whether logged-in
-
29. Reset password link displayed on unsuccessful login attempt
-
30. Try to login with username in password reset status - “not correct username/email or password”, JS = ON
-
31. Try to login with email in password reset status - “not correct username/email or password”, JS = ON
-
32. Try to login with Fb in password reset status - “not correct username/email or password”, JS = ON
-
33. Try to login with G in password reset status - “not correct username/email or password”, JS = ON
-
34. Try to login with TW in password reset status - “not correct username/email or password”, JS = ON
-
35. Try to login with LI in password reset status - “not correct username/email or password”, JS = ON
-
36. Existing FB account login after resetting password
-
37. Existing Twitter account login after resetting password
-
38. Existing Google account login after resetting password
-
39. Existing LinkedIn account login after resetting password
-
40. Login with correct email and password after resetting password
-
41. Login with correct username and password after resetting password
-
Server-side validation
-
42. Non-existing username and password- “not correct username/email or password” JS = OFF
-
43. Non-existing email and password- “not correct username/email or password” JS = OFF
-
44. Existing username and wrong password- “not correct username/email or password” JS = OFF
-
45. Existing email and wrong password- “not correct username/email or password” JS = OFF
-
46. Existing username and empty password- “not correct username/email or password” JS = OFF
-
47. Existing email and empty password- “not correct username/email or password” JS = OFF
-
48. Empty username and correct password- “not correct username/email or password” JS = OFF
-
49. Empty email and correct password- “not correct username/email or password” JS = OFF
-
50. Empty username and empty password- “not correct username/email or password” JS = OFF
-
51. Empty email and empty password- “not correct username/email or password” JS = OFF
-
52. Try to login with username in password reset status - “not correct username/email or password”, JS = ON
-
53. Try to login with email in password reset status - “not correct username/email or password”, JS = ON
-
54. Try to login with Fb in password reset status - “not correct username/email or password”, JS = ON
-
55. Try to login with G in password reset status - “not correct username/email or password”, JS = ON
-
56. Try to login with TW in password reset status - “not correct username/email or password”, JS = ON
-
57. Try to login with LI in password reset status - “not correct username/email or password”, JS = ON
-
58. Open login under Chrome and test design
-
59. Open login under Firefox and test design
-
60. Open login under IE11 and test design
-
61. Open login under Edge and test design
-
62. Open login under Opera and test design
-
63. Open login under Safari and test design
-
64. Open login under iPhone Safari and test design
-
65. Open login under Samsung Chrome and test design
-
66. Open login under Samsung Firefox and test design
-
67. Open login under iPad Safari and test design
-
68. Successful login with email- stored in Google Analytics
-
69. Successful login with username- stored in Google Analytics
-
70. Successful login with FB- stored in Google Analytics
-
71. Successful login with G- stored in Google Analytics
-
72. Successful login with TW- stored in Google Analytics
-
73. Successful login with LI- stored in Google Analytics
-
74. Login with the shortest email possible
-
75. Login shortest password possible
-
76. Login shortest username possible
-
77. Login with longest email possible
-
78. Login with longest username possible
-
79. Login with longest password possible
-
80. Login with password containing special symbols
-
81. Test keyboard shortcuts (pressing tab should move from email to password to remember me to login button)
-
82. Enter should submit the form
-
83. If already logged-in hitting login page should redirect to my account section
-
84. Open my account without logged-in - redirected to login
-
85. Login with email with empty space at beginning - should be trimmed- logged-in successfully
-
86. Login with email with empty spaces at end - should be trimmed- logged-in successfully
-
87. Login with username with empty space at beginning - should be trimmed- logged-in successfully
-
88. Login with username with empty spaces at end - should be trimmed- logged-in successfully
-
89. Login with password with empty space at beginning - should be trimmed- logged-in successfully
-
90. Login with password with empty spaces at end - should be trimmed- logged-in successfully
-
91. Use SQL injection for email field- “not correct username/email or password”, JS = ON
-
92. Use SQL injection for password field- “not correct username/email or password”, JS = ON
-
93. Use SQL injection for email field- “not correct username/email or password”, JS = OFF
-
94. Use SQL injection for password field- “not correct username/email or password”, JS = OFF
-
95. Verify all requests made are made under HTTPs
-
96. Verify all page resources are using compression
-
97. After logged-in successfully as a client - cannot see admin sections of the website
-
98. Verify login page opens under 5 seconds for standard user load
-
99. Verify that all the fields such as Username, Password has a valid placeholder
-
100. Verify that the client is redirected to my account page after logged-in successfully
-
101. Verify that cursor is focused on the email text box on page load
-
102. Verify that proper labels are displayed next to all parts of login
-
103. Verify that the password is in *** format when entered
-
104. Verify that the client should not be able to login with the old password after changing the password
-
105. Verify that remember me checkbox is unselected by default
-
106. Verify whether the login form is revealing any security information by viewing page source
-
107. Verify that whether there is a client-side validation when User doesn’t enter the CAPTCHA
-
108. Verify that the refresh link of CAPTCHA is generating new CAPTCHA
-
109. Verify that the CAPTCHA is case sensitive
-
110. Verify whether the CAPTCHA has audio support to listen
