Test case checklist based on the "user login" scenario on the Web side

Test cases given by junior engineers

1. Enter the registered username and correct password to verify whether the login is successful
2. Enter the registered user name and incorrect password, verify whether the login fails and the prompt information is correct
3. Enter an unregistered username and any password, verify whether the login fails and the prompt information is correct
4. Both the username and password are empty, verify whether the login failed, and the prompt information is correct.
5. If one of the username and password is empty, verify whether the login failed and the prompt information is correct.
6. If the login function has the verification code function enabled, on the premise that the user name and password are correct, enter the correct verification code to verify whether the login is successful.
7. If the verification code function is enabled for the login function, if the user name and password are correct and the wrong verification code is entered, verify whether the login fails and the prompt information is correct.

Experienced test engineers will add test cases

1. Are usernames and passwords case sensitive?
2. Whether the password box on the page is encrypted and displayed
3. When a user created by the background system successfully logs in for the first time, is he or she prompted to change his password?
4. Are the Forgot Username and Forgot Password functions available?
5. Whether the front-end page limits the length of username and password according to design requirements
6. If the login function requires a verification code, click on the verification code image to see whether to change the verification code and whether the changed verification code is available.
7. Will refreshing the page refresh the verification code?
8. If the verification code is time-sensitive, you need to verify the validity of the verification code within and outside the time limit separately.
9. After the user logs in successfully but the reply times out, will continuing the operation redirect him to the user login interface?
10. Do users at different levels, such as administrator users and ordinary users, have correct permissions after logging into the system?
11. Whether the default focus of the page is located in the input box of the user name
12. Can the shortcut keys Tab and Enter be used normally?

Test cases given by senior test engineers

1. Security test cases
   (1) Whether the user password is encrypted in the background storage
   (2) Whether the user password is encrypted during network transmission
   (3) Whether the password has a validity period, and whether the password needs to be changed after the password validity period expires
   (4) Not logging in In this case, directly enter the URL address after login in the browser to verify whether it will be redirected to the user login interface
   (5) whether the password input box does not support copying and pasting
   (6) whether the password entered in the password input box can be The page is viewed in source code mode
   (7) Enter typical "SQL injection attack" strings in the user name and password input boxes, and the verification system returns the page (8) Enter
   typical "XSS cross-site" strings in the user name and password input boxes. Script attack" string to verify whether the system behavior has been tampered with
   (9) In the case of multiple consecutive failed logins, whether the system will block subsequent attempts to deal with brute force cracking
   (10) The same user logs in on multiple browsers on the same terminal , verify whether the mutual exclusivity of the login function meets the design expectations
   (11) The same user logs in on the browsers of multiple terminals successively, verify whether the login function is mutually exclusive
2. Performance stress test cases
   (1) Whether the response time of a single user login is less than 3 seconds
   (2) When a single user logs in, whether the number of background requests is too many
   (3) Whether the response time of a user login in a high concurrency scenario is less than 5 seconds
   (4) Whether the monitoring indicators on the server side meet expectations in
   high concurrency scenarios (5) In high rendezvous point concurrency scenarios, whether there are resource deadlocks and unreasonable resource waiting
   (6) A large number of users log in and log out continuously for a long time, and whether there is memory on the server side leakage
3. Compatibility test cases
   (1) Verify the display and functional correctness of the login page under different browsers
   (2) Verify the display and functional correctness of the login page under different versions of the same browser
   (3) Differences in different mobile device terminals Under the browser, verify the display and functional correctness of the login page
   (4) Under the interface of different resolutions, verify the display and functional correctness of the login page

Note: Limited by time cost and economic cost, in actual work, non-exhaustive testing based on risk-driven model needs to be adopted, and test scope and test case design should be focused. Therefore, testing is inexhaustible.