There are a lot of projects to do test friends, it may also involve payment related functions. For example: do the mall, games and other online trading sites, APP and so on. If the payment is a problem, or the user to take less money to buy goods by tampering with a large amount of data requested, if it is real, then there is likely to be found before shipment. If the bill is virtual goods, currency and other game it may cause damage.
So, whether it is physical or, virtual goods or, when it comes to payment capabilities, we must pay attention to in the process of testing, otherwise, it will cause great losses. Before you all may have seen or heard of a bug loss of $ 460 million or around the painful lessons and there have been other cases since the bug payment function leads to direct losses occur.
Let me give you a real case: for example, use Paypal to purchase virtual goods, when the jump to Alipay, tampering with a small amount of money to purchase virtual goods successful results. (Original 10 yuan of goods, 0.01 yuan to get). What a horrible bug ah, of course, this problem may be done to pay for a test had the experience of friends, might think: Oh, this problem can not be found, but also what tests? Yes, the problem is very simple, started going to the workplace for a friend or test test relevant experience not paid friends, is likely to be ignored.
So, the question is, to pay for related test modules, how should we proceed? For example, for the game, the use of third-party payment to play the game currency recharge function, appears to be not very simple, we think the following main elements:
1, are paid with third-party payment (Alipay, micro-channel, TenPay, QQ wallet, SMS payments, etc.) for docking, then, is to know what the third party interface? Are we able to know how to interact with third-party is? You can draw a flow chart?
2, abnormal scene what?
3. What are the risks, how to avoid?
Third-party payment process, with the butt joint business are similar, similar. (Extraneous Recommended: chrome plugin use the following flow chart: Gliffy, individuals feel more useful.)
Payment process:
Refund process:
Query Process:
Look at the flowchart, if some understanding of the flow chart, do not just pay for functions related to testing before going to figure out the process of them, as do other tests have to figure out the process, only to find out the process in order to better assess the one of the risk and be conducive to the test case design.
Of course, the flow chart just mentioned how businesses interact with third parties are, the same business processes handled internally should be how to understand and data storage, which involves the DB should be clear.
After the process is clear, let us look at what the interface which will involve? This flow chart which involves payment to the third party payment interface:
· Interface orders: businesses under a single request to submit the third party payment interface, third-party payment after a successful return to the acquirer to the merchant system down to a single successful result. (Final processing results into a single interface under orders successes and failures orders, if not receive a clear result can be called single order query interface query results.)
* Payment interface: parameters specified payment invoking the interface, complete buyers accounts to pay merchant account, using interactive mode and jump pages background information interactive mode. (Return were divided into two: the way results are displayed as the front desk to pay in return_url page jump; all the way to respond to the results after payment notice is received in the background notify_url)
· Refund Interface: call third-party payment payment payment request interface return after a successful call when you need to make a refund request interface to initiate the refund process refund process. (The final result of the processing refunds interface is divided into refunds success and failure refund, if no clear result can receive a refund query interface calls the query results.)
· Single order query interface: single order information based on inquiry and order number status.
· Refund Order Tracking Interface: call third-party payment of the refund after return to the interface, the need to query the status of a refund request a refund can call the order query interface to query the status of a refund orders and order information.
So for the third-party interfaces, we generally have some understanding, then it comes to a major test points are summarized as follows for testing:
testing should be noted that the main point and abnormal test scenarios:
• First, to ensure that the interface can be normal call;
generate an order, after payment is completed, repeat synchronous or asynchronous callback, only one effective;
generate an order, order number and the amount of copy, generate an order again, set a breakpoint with a fiddler, with the first pen completed order number and order amount to replace the existing order number and amount of the payment can not be completed;
generate an order to jump to the third party to modify the amount can not be credited into account, or if the game is the game currency recharge it, credited for the amount tampered corresponding game currency;
· asynchronous notification shield, effective synchronization, payment, synchronizing the normal arrival;
synchronous setting is invalid, asynchronous effective payment, the normal asynchronous arrival;
* synchronous asynchronous all setting is invalid, after the completion of third-party payment, within the time frame retransmission mechanism, have set up asynchronous , The next time you notice a point in time, be able to properly notify the arrival verification (make up a single mechanism, if the merchant receive notification of successful third-party payment, to inform the third party payment received notification successful if the third party payment is received merchant is not ok response or a timeout, third-party payment notice will be considered a failure, it will continue to call notify_url within the specified time, usually limited time or number);
· payment for the order is complete and correctly stored in the database check (example: third-party order number - with a third party to facilitate reconciliation and troubleshooting, the amount of orders, order status, etc.);
• If the user is to buy physical goods, the user initiates a return, to ensure the normal return process, funds can be returned to normal, to consider the verification of concurrency to ensure safety;
• If the user is to purchase virtual goods, such as calls, the oil card like commodities can only be initiated at the time of the return shipment failure, pay attention to verification;
encountered pit:
• When users buy game currency 100 yuan, to the third-party payment amount for tampering jump by 100 yuan into 0.01 yuan, 0.01 yuan recharge the results took a $ 100 game coins. Do not check for the amount of orders led to such consequences, the loss is relatively large. We must pay attention to the server for verification in the process of testing, tampering with pay when the data must be verified.
• When synchronous, asynchronous notification circumstances are present, the asynchronous notification (third-party payment successfully Background information), there is no arrival, resulting in some users do not recharge arrival, causing customer complaints. When synchronous, asynchronous co-exist, they must pay separately for synchronous and asynchronous inspection, can ensure normal arrival.
We do the vast number of Internet products will involve third-party payment, the payment function must be important, as a test of Internet products, we must make payment security.
So, how to avoid the risk of payment?
In order to further strengthen the security of payment function, you can also add some appropriate monitoring mechanisms, such as: order and third-party order to compare, you can use the batch run is complete, when we complete the payment orders and check out from the database by third-party order when the same order amount query interface to check out the abnormal, the alarm notification ability to detect treatment, even when there is an abnormal termination situation created order, so to minimize the loss.
A payment process to take into account what the test point?
1. Select the payment from the buyer to start, choose online bank or credit card payment, the payment until the end, this process should take into account what the test point?
Card with the same account or not, whether or not the account is consistent with the Code, the amount debited and the amount payable is consistent, whether debit account and shall debit the account agreement and so on
2. Alipay recharge test case design?
Suppose a way to write a few scenes by bank card recharge
1), through online banking recharge 10 yuan (title) and then describe in detail the steps at your own
expected results Alipay account increased 10 yuan (provided that irrespective of network latency , or each an account online banking delay)
2) recharge through online banking online banking balance is less than
the expected result recharge failure does not affect Alipay account in the amount of
3,) recharge through online banking, in any operation step (recommended is the final step) cancel the service
expected the results recharge failure does not affect Alipay account in the amount of
4,) filled with 0 yuan (basically would not agree to the operation charge 0 bar)
is expected to result recharge failure prompted enter the amount is greater than 0,
5), filled with n-ary (N = Alipay the maximum amount of each recharge limit)
the expected results Alipay account increased n-
6) filled with N + 1 yuan (as in the first five are the boundary value method . However, to write two separate)
Expected results recharge failure / prompt a large amount limit
3. How to pay CUP test?
The main function is to the right, it comes to money, should be carefully tested, and can not have any errors in calculations.
In addition, testing can be considered safe, payment request forgery, tampering amount of malicious analog interface CUP to call you ......
1. Select the payment from the buyer to start, choose online bank or credit card payment, the payment until the end, this process should take into account what the test point?
Card with the same account or not, whether or not the account is consistent with the Code, the amount debited and the amount payable is consistent, whether debit account and shall debit the account agreement and so on
2. Alipay recharge test case design?
Suppose a way to write a few scenes by bank card recharge
1), through online banking recharge 10 yuan (title) and then describe in detail the steps at your own
expected results Alipay account increased 10 yuan (provided that irrespective of network latency , or each an account online banking delay)
2) recharge through online banking online banking balance is less than
the expected result recharge failure does not affect Alipay account in the amount of
3,) recharge through online banking, in any operation step (recommended is the final step) cancel the service
expected the results recharge failure does not affect Alipay account in the amount of
4,) filled with 0 yuan (basically would not agree to the operation charge 0 bar)
is expected to result recharge failure prompted enter the amount is greater than 0,
5), filled with n-ary (N = Alipay the maximum amount of each recharge limit)
the expected results Alipay account increased n-
6) filled with N + 1 yuan (as in the first five are the boundary value method . However, to write two separate)
Expected results recharge failure / prompt a large amount limit
3. How to pay CUP test?
The main function is to the right, it comes to money, should be carefully tested, and can not have any errors in calculations.
In addition, testing can be considered safe, payment request forgery, tampering amount of malicious analog interface CUP to call you ......