Checking vs Testing Login Page

const userCredentials = require('../fixtures/credentials.json');

describe('Login page', () => {
it('Log in', () => {
cy
.visit('/login');

cy
.get('#email')
.type(userCredentials.valid.email);

cy
.get('#password')
.type(userCredentials.valid.password);

cy
.get('#login')
.click();

cy
.url()
.should('contain', '/profile');
});

it('Cannot log in with invalid credentials', () => {
cy
.visit('/login');

cy
.get('#email')
.type(userCredentials.invalid.email);

cy
.get('#password')
.type(userCredentials.invalid.password);

cy
.get('#login')
.click();

cy
.get('#error')
.should('be.visible');

cy
.url()
.should('match', /\/$/);
});
});
-valid credentials
-invalid credentials
-valid username with invalid password
-invalid username with valid password
-invalid username with invalid password
-valid username with empty password
-empty username with valid password
-type of account - admin, guest, ...
-frontend validations
-backend validations (valid, invalid, empty, corrupted fields)
-seding corrupted data to the backend
-verification token
-empty verification token
-corrupted verification token
-missing verification token
-speed of login
-speed of typing
-physical keyboard
-virtual keyboard
-pasting in text
-using mouse to switch into another input box
-using tab to switch into another input box
-focus on elements
-sending the form with Enter
-sending the form with mouse clicking
-double click on the submit button
-possible multiple FE error messages when I click the send buttom multiple times when credentials are invalid
-possible multiple FE a BE error messages that might mess up the FE for the user
-session management
-how long I can stay logged in
-security of session
-cookies
-cookie attributes
-DB log of logged in users
-DB tokens
-security of data at rest - password
-using salt for passwords
-password hash algorithm
-comparing only hashes
-request headers
-response headers - information disclosure
-different browsers
-different mobile browsers
-resizing the browser window
-rotating mobile screen
-smart watch login
-speed of network conneection
-throttled network connecting - 3g, 2g, ...
-TTFB
-response time
-number of requests for the login page
-priority of resources
-amount of data transferred over the network
-browser long tasks
-browser CPU
-FP
-FCP
-load event end
-CLS
-possibly using prefetch-dns, preconnect, preload
-security of transferred data
-TLS version
-TCP handshake
-TLS handshake
-how about using old browsers
-old OS
-different OS
-IE, and MS browsers
-security setings in Firefox
-spoofed referer header
-blocked JS
-blocked 3rd parties JS
-blocked DNS domains, transferred to 0.0.0.0
-format of pictures
-size of pictures
-new picture formates - webp, AVIF
-understandable error messages
-language
-grammar
-colors
-different cultures - language, color appropriate
-show password feature
-DOM structure
-DOM number of elements
-DOM unique ids
-DOM vlidator
-JS code conventions
-BE code conventions
-rate limiting on the BE
-correct status codes coming from the BE
-actionable error messages
-clear communication of benefits of logging in
-is loggging in useful?
-does it bring some value? to whom?
-is it ethical to log in?
-GDPR
-legal issues
-legal issues for minors, e.g. we need an info stripe first
-can the page be inserted into an iframe?
-low RAM
-dark mode
-back button in the browser
-forward button in the browser
-buttons to go away from the page
-http protocol version
-clearing cookies after login
-logging in on multiple devices
-working with one account on multiple devices
-logging out on a different device, do I stay logged in on this one?
-tablets
-rotate a tablet
-Safari
-Chrome on Mac
-Chrome on tablets
-shapes of the elements
-shapes with regard to cultures
-overlapping elements
-cookie bar
-possible popup appearing over the login form
-scrolling
-slow scrolling
-fast scrolling
-filling in credentials, but logging after half an hour, does the verification token expired?
-expiration of verification token?
-expiration of verification token across releases?
-do I stay logged in across releases?
-screen readers
-if I'm blind, can I log in?
-if I'm blind, how fast can I log in?
-magnifying glass in the browser
-magnifying glass in the OS
-URL - siple to understand? long? nonsence query params in it? in a foreign language?
-auto-fill in feature in the browser
-auto-fill in feature in mobile devices
-auto-fill in feature in tables
-auto-fill in feature on different OS
-compression of resources - brotli, gzip, deflate
-refreshing the page
-refreshing with key
-refreshing multiple times
-number of parallelly logged users
-web performance
-backend performance
-speed with regard to the number of users in the DB
-documentation
-documentation for API - is it accurate?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store