Verify the login screen will appear after clicking on a login link or login button.
Verify all login related elements and fields are present on the login page. i-e Login button, Register link, Forgot password link, Keep me logged in and Social logins.
Verify the alignment of displayed elements on the login screen should be compatible in cross browsers testing.
Verify that the size, colour and UI of different elements should match with the specifications.
Verify that the login page of the application is responsive and all elements align properly on different screen resolutions and devices. On tab and different mobile devices.
Verify login page title.
After the user login page is open, the cursor should remain in the username text box by default.
Verify that there is a checkbox with the label remember password on the login page.
Verify the remember me checkbox should mark as checked after clicking on the label text and the check box.
Login Test Cases
Verify the user credential remained on the field after clicking remember and get back to the login screen again.
Verify that the user will be able to log in with their account with the correct credential.
Verify that the user will get into their dashboard screen after login with the correct credentials.
Verify that the user can access all controls and elements by pressing the Tab key from the keyboard.
Verify that the user can log in by entering valid credentials and pressing Enter key.
Verify that the user can log in by entering valid credentials and clicking on the login button.
Verify that the password entered should be in encrypted form.
Verify an eye icon is added on the password field or not.
Verify that the user can be able to view the password by clicking on the eye icon.
Verify line spacing added on password on mac.
There should be an email verification check, as the user verifies the email address then the user is able to view the dashboard and access features.
Add captcha on the login form to prevent the robot attack.
Verify the error message should display after just entering an email address and leaving the password field blank.
Verify the error message should display after just entering a password and leave the email field blank.
Verify the error message should display after entering the invalid credentials.
Verify the error message should display after entering an invalid email format.
Verify the displayed error message for invalid email format should be correct.
Verify the displayed error message grammar should be correct.
Verify the displayed error message spell should be correct.
Check logged in user should not log out on closing the browser.
Verify the login session timeout duration. So, that once logged in a user can not be authenticated for a lifetime.
Verify logged in user doesn’t log out by clicking the back button on the browsers tab.
Verify that there is a limit to the total number of unsuccessful login attempts. Therefore, users cannot use brute force mechanisms to try all possible username-password combinations.
Verify logged in user copies the URL and paste it in a new browser window, it should redirect to the login page.
Check login by google and all social options for login in the private window separately.
Verify the behaviour if the user tries to log in with Facebook but the user is registered on Facebook by phone number, not by email. In this case, instead of a 500 error message, a proper error message should be shown. Email not found.
As the user sign in, at the home page there is no need for displaying Sign Up or Try Now etc (if the user logged in).
Add rate limit on login. After how many attempts user should be able to restrict by the app for the wait.
Verify it should not be always in loading in case if the user adds an invalid email and password.
Verify all the functionalities should be working condition as the user sign-in from social login i-e Facebook and google.
Prevent login page from SQL injection attack.
Security login Test case with social login
Hacker registers with the user A account. User A now login using social login that account is already created by the hacker. Now hacker has access to the user A email and password as the user register with social login