TC008 - Securely authenticate user account
Test Case description | Verify users can create accounts, and authenticate securely. Accounts and passwords must meet security standards. |
Test Case ID | TC008 |
Autohor/Designer | Iiro Peuhkuri |
Date of creation | 25.3.2024 |
Class | Functional / Security |
Test description / objective
Verify users can create accounts, and authenticate securely. Accounts and passwords must meet security standards.
Links to requirements or other sources
Test pre-state
- The application's registration and login pages are ready.
Test steps
- Account Creation – Successful
- Access the registration page.
- Input a valid, unused email address.
- Create a password that meets complexity requirements.
- Confirm password (matching).
- Submit registration.
- Verify account creation confirmation (on-screen, success email, etc.).
- Account Creation – Errors
- Attempt creating an account with an existing email. (Error expected)
- Input mismatched password confirmation. (Error expected)
- Attempt using a password below complexity standards. (Error expected)
- Login – Successful
- Access the login page.
- Input the correct email and password from the successful registration (Step 1).
- Submit login.
- Verify successful authentication – user is redirected to the application's main area.
- Login – Failures
- Incorrect password with the correct email. (Error expected)
- Incorrect email (non-existent). (Error expected)
- Empty field(s) submission. (Error expected)
Test end-state
- Log out of any created test accounts.
To be taken into account during test
- Password Complexity: Test with a range of valid and invalid passwords against the defined security rules.
- Account Recovery: If applicable, test "forgot password" functionality.
Test result (Pass/Fail Criteria)
PASS: * Accounts can be created with valid data. * Error messages are clear and prevent invalid account creation. * Successful login grants access to the application. * Incorrect login attempts are rejected and produce appropriate errors.
FAIL: * Account creation fails with valid data, or succeeds with invalid data. * Login is permitted despite incorrect credentials.