Simple summary of the login function of the test point, the Internet also has a lot of posts can be consulted, here to make a record, convenient for later access and use:
First, the basic function test:
- Enter the correct user name and password to log on successfully
- Enter the wrong username password login failed
- The user name is correct, the password is wrong, are you prompted for a password error?
- User name error, password OK, are you prompted to enter a user name error?
- Is there a hint when the user name password is empty?
- logged out user Login failed, prompt information friendly? Does the
- password box appear encrypted? Does the
- user name support Chinese, special characters? Does the
- user name have a length limit? Does the
- password support Chinese, special characters? Does the
- password have a length limit? is the
- password case-sensitive? is the
- password prompt for modifications when it is a simple, common string? such as: 123456
- How is the password stored? Is it encrypted? is the
- login function required to enter a verification code?
- Validation code valid time?
- Code input error, Login failed, prompt information is friendly?
- Enter expired authentication can I log on successfully?
- is the verification code easy to identify?
- is the captcha feature available? Can I click the captcha image to change the verification code?
- user system: For example, the system is divided into ordinary users, advanced users, different users can log on to the system after different permissions.
- If you use a third-party account (QQ, Weibo account) to log in, then the third-party account and the system's account system corresponding relationship how to save? First logon requires a totalitarian wait
Second, the page test:
- Does the sign-in page appear normal? Text and pictures can be normal display, the corresponding prompt information is correct, button settings and arrangement is normal, the page is simple and spectacular.
- Whether the default focus of the page is located in the input box of the user name
- is the corresponding input box empty at the first logon? Or if you have a default copy, does the default scheme disappear when you click the input box?
- The corresponding button such as login, reset and so on, whether the page's forward, rewind, refresh button is available?
- Shortcut key Tab,esc,enter, etc., can control the use of
- Compatibility test: Different browsers, different operating systems, different resolutions of the interface is normal
three . Safety test:
- do not log in: The browser directly enter the address after login, to see if you can directly enter the
- login successfully generated after the cookie, whether it is httponly (otherwise easy to be scripted)
is the user name and password sent to the Web server
The user name and password input box should block the SQL injection attack
The input box for username and password should prohibit input script (prevent XSS attack)
The number of error login limit (prevent brute force)
Consider whether multiple users are supported to log on on the same machine;
Consider a user logging on on multiple machines
four . Performance test:
- Whether the response time of single-user login system conforms to the "3-5-8" principle
- The number of users at the critical point when concurrent logins can also comply with the "3-5-8" principle
- Pressure: A large number of concurrent user logins, what is the response time of the system? Will there be downtime, memory leaks, CPU saturation, and no sign-in?
- Stability: Can the system process the number of concurrent users in a continuous login to n at the point of the scene?
five . Other tests:
- Input 3 or more consecutive error password, remember whether to be locked for a certain time (such as: 15 minutes)? The time is not allowed to log in, beyond the point of time can continue to log in.
- After the user session expires, will re-login again return to the previous session expired page?
- User name and password input box is the thing that supports keyboard shortcuts? such as: Undo, Copy, paste, etc.
- Do you want to allow users with the same name to log in simultaneously? Consider web and app simultaneous logins
- When mobile phone log on, whether to determine the network is available?
- When you log in, do you first determine if the app has a new version?
- Do you support single sign-on?
- Is there a buried interface?
Login Function Test Summary