Login function of software test

Login function test of software test

Sort out the process judgment logic for verifying login

front end

1. User name, password, verification code is empty
2. Whether the password complies with the rules (special characters, length, capitalization, numbers)
3. Is the verification code randomly generated

Server

1. Whether the verification code is correct (whether the corresponding timestamp expires)
2. Does the account exist (registered and cancelled)
3. Is the password correct (And it should be recorded that if the password is entered incorrectly several times in a row, it will be locked and the length of the lock. There will be two situations: wait for the lock time to complete, enter it again, or increase the verification level, account + password + verification Code + mobile number + SMS, etc.）

Basic functional test points

1. Enter the correct user name and password, login is successful
2. Enter the wrong user name and password, login failed
3. Enter the correct user name, wrong password, whether it prompts wrong password
4. Enter the wrong user name, correct password, whether it prompts wrong user name
5. There are errors in the user name and password, are there any hints?
6. Are there any prompts when the username and password are empty?
7. Enter the unregistered user name and password, whether it is prompted to register first, then log in
8. Enter the user name and password that have been logged out, whether to prompt, whether the prompt is friendly
9. Whether the password box is encrypted to display
10. Does the user name support numbers, Chinese, English, and special characters
11. Is there a length limit for the username
12. Whether the password supports numbers, Chinese, English, special characters
13. Is the password length limited
14. Is the password case sensitive
15. When the password setting is too simple (such as 123456), whether it prompts, the level is not enough, it is recommended to change the password
16. Password storage method, whether encrypted
17. Does the login function require a verification code?
18. Valid time of verification code
19. Whether the verification code is valid outside the valid time and whether the login is successful
20. The verification code is entered incorrectly, whether it is prompted, whether the prompt is friendly
21. Is the verification code easy to identify
22. Is the function of changing or refreshing the verification code available?

From the user perspective,
are different people logging in with different permissions

Page test

1. Whether the login page display is normal and whether the design drawing is highly restored
2. Whether the text and pictures are displayed normally
3. Whether the corresponding prompt information is correct
4. Whether the button settings and arrangement are correct
5. Whether the page is concise and conforms to the user’s usage rules
6. Click the input box of the user name, whether the focus is positioned correctly
7. Whether the input box corresponding to the first login is empty
8. There is a default copy in the input box when logging in for the first time, click the input box, whether the copy disappears
9. Log in twice, and choose to remember the password when logging in for the first time, whether there is content in the input box
10. Is the login button available
11. Is the reset button available
12. Whether the forward button of the page is available
13. Whether the exit button of the page is available
14. Is the page refresh button available

Compatibility test: Whether the interface is displayed normally under different browsers, different operating systems, and different resolutions

Safety test

1. Do not log in: directly enter the login address in the browser, can you enter the cookie generated after the login is successful, and how long will it expire?
2. Whether the user name and password are encrypted and sent to the web server
3. User name and password verification is not only client-side JavaScript verification, but also server-side verification
4. The user name and password input box should prevent SQL injection (It is an attack method to pass the SQL statement to the server for analysis and execution by exploiting the loopholes in some query statements）

用户登录时执行的sql语句
Select user_id,user_type,email From users Where user_id=‘用户名’ And password=‘密码’
由于网站后台数据库查询未对单引号‘’进行过滤，当输入用户名admin和密码‘1’or‘1’时，执行的SQL语句为：
Select user_id,user_type,email From users Where user_id=’admin’ And password=‘1’or‘1’
那么就意味着输入用户名admin,输入密码‘1’or‘1’都可登录成功
这就是SQL注入

Performance Testing

1. Does the response time of the single-user login system comply with the "3-5-8" principle (3-5-8: less than 3 seconds is good, 3-5 is good, more than 8 seconds users are easy to lose)
2. A large number of concurrent users log in, what is the response time, whether it will be down and cannot log in

Other tests

1. After the user's session expires, return to log in again, whether you can return to the page where the previous session expired/or start from logging in again
2. Whether the user name and password input box supports shortcut keys, copy, paste, etc.
3. If there are web and app, whether the same user name can log in to the app at the same time, whether to judge the network