In any application, logging in is the process to access an application by an individual who has valid user credentials. Logging in is usually used to enter a specific page, which trespassers cannot see. In this post, we will see the “Test Scenarios Login Page”. Testing of the Login page is very important for any application in terms of the security aspect. We will try to cover the most widely used Login Page scenarios here.
Must Read: Test Case Template With Detailed Explanation
We usually write test cases for the login page for every application we test. Every login page should have the following elements.
- ‘Email/Phone Number/Username’ Textbox
- ‘Password’ Textbox
- Login Button
- ‘Remember Me’ Checkbox
- ‘Keep Me Signed In’ Checkbox
- ‘Forgot Password’ Link
- ‘Sign up/Create an account’ Link
Here we focus on the following to write test cases for a login page.
We have to write test cases on each object in the login form.
- We have to write both positive and negative test cases.
- We have to write both funcitonal and nonfunctional test cases.
- We have to write UI, functional, compatibility and performance test cases.
Following are the test cases for User Login Page. The list consists of both Positive and Negative test scenarios login page.
Must Read: Test Plan Template With Detailed Explanation
Test Cases of a Login Page (Test Scenarios Login Page):
- Verify that cursor is focused on the “Username” text box on the page load (login page)
- Verify that the login screen contains elements such as Username, Password, Sign in button, Remember password check box, Forgot password link, and create an account link.
- Verify that tab functionality is working properly or not
- Verify that Enter/Tab key works as a substitute for the Sign-in button
- Verify that all the fields such as Username, Password has a valid placeholder
- Verify whether all the text boxes have a minimum and maximum length.
- Verify that the labels float upward when the text field is in focus or filled (In case of the floating label)
- Verify that the User is able to Login with Valid Credentials
- Verify that the User is not able to Login with an invalid Username and invalid Password
- Verify that the User is not able to Login with a Valid Username and invalid Password
- Verify that the User is not able to log in with an invalid Username and Valid Password
- Verify that the User is not able to log in with a blank Username or Password
- Verify that the User is not able to Login with inactive credentials
- Verify that the reset button clears the data from all the text boxes in the login form
- Verify that the login credentials, mainly password stores in a database in an encrypted format
- Verify that clicking on the browser back button after successful login should not take the User to log out mode
- Verify that clicking on the browser back button after successful logout should not take the User to a logged-in mode
- Verify that there is a limit on the total number of unsuccessful login attempts (No. of invalid attempts should be based on business logic. Based on the business logic, User will be asked to enter the captcha and try again or user will be blocked)
- Verify that the password is in encrypted form (masked format) when entered
- Verify the password can be copy-pasted. System shouldn’t allow users to copy paste password.
- Verify that encrypted characters in the “Password” field should not allow deciphering if copied
- Verify that the User should be able to login with the new password after changing the password
- Verify that the user should not be able to login with the old password after changing the password
- Verify that spaces should not be allowed before any password characters attempted
- Verify whether the user is still logged in after a series of actions such as sign-in, close the browser, and reopen the application.
- Verify that the ways to retrieve the password if the user forgets the password
- Verify that the “Remember password” checkbox is unselected by default (depends on business logic, it may be selected or unselected)
- Verify that the “Keep me logged in” checkbox is unselected by default (depends on business logic, it may be selected or unselected)
- Verify that the timeout of the login session (Session Timeout)
- Verify that the logout link is redirected to login/home page
- Verify that User is redirected to appropriate page after successful login
- Verify that the User is redirected to the Forgot password page when clicking on the Forgot Password link
- Verify that the User is redirected to the Create an account page when clicking on the Signup / Create an account link
- Verify that validation message is displayed in the case when User leaves Username or Password as blank
- Verify that validation message is displayed in case of exceeding the character limit of the Username and Password fields
- Verify that validation message is displayed in case of entering special character in the Username and password fields
- Verify whether the login form is revealing any security information by viewing the page source
- Verify that the login page is vulnerable to SQL injection
- Verify whether Cross-site scripting (XSS ) vulnerability works on a login page. XSS vulnerability may be used by hackers to bypass access controls.
If there is a captcha on the login page (Test Cases for CAPTCHA):
- Verify that whether there is a client-side validation when the User doesn’t enter the CAPTCHA
- Verify that the refresh link of CAPTCHA is generating the new CAPTCHA
- Verify that the CAPTCHA is case sensitive
- Verify whether the CAPTCHA has audio support to listen
- Verify whether virtual keyboard is available and working properly to enter login credentials incase of banking applications.
- Verify two-way authentication through OTP is working properly incase of banking applications.
- Verify SSL certificate is implemented or not
- Verify the login page and all the fields in the login page are displaying without any break in different browsers
Cookies – Learn Website Cookie Testing
- Verify that the user is able to login when the browser cookies are cleared. When the cookies are cleared, system should not allow user to login automatically.
- Verify the login functionality when the browser cookies are turned off.
Must Read: Test Scenarios of a Signup form
Writing test cases for an application takes a little practice. A well-written test case should allow any tester to understand and execute the tests and make the testing process smoother and saves a lot of time in the long run. Earlier we have posted a video on How To Write Test Cases. I am concluding this post “Test Scenarios Login Page / Test Scenarios of Login form”.
Like this post? Don’t forget to share it! If you have queries, please comment below.
Here are a few hand-picked articles for you to read next: