Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Access Granted!

Ramona Schwering
April 01, 2024
45

Access Granted!

Discover the key to effortlessly testing authentication aspects with our workshop: "Access Granted." With the help of the Cypress testing framework, you'll learn how to ensure sturdy security and seamless user experiences by tackling one of the most crucial parts: The Login. So join us in exploring login page testing strategies, including the standard username-password process, social authentication, and passwordless authentication. Whether you're an experienced QA professional, a curious frontend developer, or someone passionate about testing, "Access Granted" will equip you with the skills and knowledge needed to elevate your login page testing game.

Ramona Schwering

April 01, 2024
Tweet

Transcript

  1. Access granted! @leichteckig AGENDA • Login - Why bother? •

    Project Setup • "Default" UI login test • Social Login Test • What’s withPasswordless Is this a Cypress login workshop?
  2. Access granted! @leichteckig WHAT DO I CONSIDER DEFAULT LOGIN? •

    A form with two input fields • Username / email and passwort • Single Factor Authentication …know. …have. …are.
  3. Access granted! @leichteckig WHAT DO I CONSIDER DEFAULT LOGIN? •

    A form with two input fields • Username / email and passwort • Single Factor Authentication …know. …have. …are.
  4. Access granted! @leichteckig WHAT DO I CONSIDER DEFAULT LOGIN? •

    A form with two input fields • Username / email and passwort • Single Factor Authentication …know. …have. …are. • Sends credentials to server, where validation takes place • If credentials map to user, they will be granted access
  5. Access granted! @leichteckig TL;DR STANDARD LOGIN • cy.origin for multi

    domain testing • building a custom command "loginViaAuth0Ui" • Beware rate limit, can be cirmcumvented • Remove the blocked ip address by management API
  6. Access granted! @leichteckig WHAT IS SOCIAL LOGIN? • Single sign

    on for end users • Using existing login information to sign in • Like Google, X, Facebook, GitHub, LinkedIn (Social Providers) • Social Provider validates the user‘s identity
  7. Access granted! @leichteckig TL;DR SOCIAL LOGIN • Evolution of the

    standard • "experimentalModifyObstructiveThirdPartyCode " must be set to true • Some querks of the social providers need to be taken into account • React to them inside your custom command
  8. Access granted! @leichteckig TASK: WRITE A TEST • Install Cypress

    • Decide on the login case you want to use for your test • Try it out <3 • Let me know if you need support • Time: Let's meet back at 3:45
  9. Access granted! @leichteckig CASE: PASSWORDLESS • Often, tools are involved,

    see next slide • Catch the mail and fetch OTP or link from it • Open source way: smtp-tester (SMTP server in Cypress) • In most tools: Setting up + Using custom commands or tasks • Alternative: Mocking
  10. Access granted! @leichteckig EXTRA-CONTENT: LOGIN PER API • You will

    not likely log in per UI for every test • Just once, in dedicated Login test • Otherwise way too slow • use programmatic login
  11. Access granted! @leichteckig cy.origin Social login is similar to default

    workflow Prefer tool usage over mocking Mailosaur or Mailhog