Front Page and Login - QA Test Plan

On this page

Test 1: Email Field has Focus on Page Load

Actions:
1. Go to the CollectionSpace login page
Expected:
- Email field should have focus

Test 2: Empty Email Field and Password Field

Actions:
1. Continue from Test 1 (or go to CollectionSpace login page)
2. Click the "Sign In" button
Expected:
- "Sign in failed. Incorrect username/password" error message
- Email field should have focus

Test 3: Empty Email Field

Actions:
1. Go to the CollectionSpace login page
2. Click in the Password field
3. In Password text field, enter: "testtest"
4. Click the "Sign In" button
Expected:
- "Sign in failed. Incorrect username/password" error message
- Password field should still contain "testtest"
- Email field should have focus

Test 4: Empty Password Field

Actions:
1. Go to the CollectionSpace login page (recommended: reload the page to clear all values)
2. Click in the Email field
3. In Email text field, enter: "test@tester.com"
4. Click the "Sign In" button
Expected:
- "Sign in failed. Incorrect username/password" error message
- Email field should still contain "test@tester.com"
- Password field should have focus

Test 5: Correct Sign In

Actions:
1. Go to the CollectionSpace login page
2. Click in the Email field
3. In Email text field, enter: "admin@core.collectionspace.org"
4. Click in the Password field
5. In Password text field, enter: "Administrator"
6. Click the "Sign In" button
Expected:
- The Search page should appear (URL starts with http://qa.collectionspace.org:8180/cspace/core/search/) (or https://core.collectionspace.org/cspace/anthro/search/)

Test 6: Incorrect Sign In

Actions:
1. Go to the CollectionSpace login page (recommended: click the Sign Out button at upper right)
2. Click in the Email field
3. In Email text field, enter: "admin@core.collectionspace.org" (or "admin@anthro.collectionspace.org")
4. Click in the Password field
5. In Password text field, enter: "testerror"
6. Click the "Sign In" button
Expected:
- "Sign in failed. Incorrect username/password" message
- Email field should have focus

Test 7: Password Reset - Working Link

Actions:
1. Go to the CollectionSpace login page
2. Click on the "Forgot password" link
Expected:
- Reset password text and form should appear

Test 8: Password Reset - Invalid Emails

Actions:
1. Continue from Test 7 (or go to the CollectionSpace login page, and click the "Forgot password" link)
2. Variation a: Leave the Email text field blank
Expected:
- "Please enter an email address" message

Actions:
1. Variation b: In Email text field, enter: false@mail
2. Variation c: In Email text field, enter: falsemail
3. Variation d: In Email text field, enter: falsemail.test
4. Variation e: In Email text field enter a valid email that doesn't belong to any current user
5. Click the Submit button
Expected:
- b and e: "Could not locate an account associated with the email..." message
- c: "falsemail is not a valid email address." message
- d: "falsemail.test is not a valid email address." message

Test 9: Password Reset - Valid Email

NB: for this test you need to have created a user with an email address at which you are able to receive mail. To create a user:

Login with admin@core.collectionspace.org / Administrator (or "admin@anthro.collectionspace.org" / Administrator)
Click the Administration tab
Click the Administration -> Users tab
Create a new user with an email address and password (and be sure to remember both of these)
Add the TENANT_READER role to that user

Actions:
1. Go to the CollectionSpace login page
2. Click on the "Forgot password" link
3. In Email text field, enter the valid email address associated with the account you created
4. Click the Submit button
Expected:
- Success message "An email has been sent to (email). Follow the instructions in the email to finish resetting your password."
- You should receive an email with a link in it that includes a token
- Click on the link should take you to the a page where you can reset your password

Test 10: Password Reset - Using New Password

Actions:
1. Continue from test 9 (or follow the steps from "Password Reset - valid email" test)
2. Follow the steps from "Correct login" test, using your email address and the new password you entered.
Expected:
- URL = COLLECTIONSPACE-URL/collectionspace/ui/core/html/findedit.html

Test 11: Password Reset - Using Old Password

Actions:
1. Follow the steps from "Password Reset - valid email" test
2. Follow the steps from "Correct login" test, using your old password.
Expected:
- "Sign in failed. Incorrect username/password" message

Keyboard Navigation

Please note: If testing with Safari, in order to be able to tab to all the controls, you need to either hold down the option key while pressing tab, or check the option labeled "Press Tab to highlight each item on a webpage" in Preferences/Advanced.

Test 12: Navigate to All Fields

Actions:
1. Go to the CollectionSpace login page
2. Focus should be on Email field
3. Hit tab => Focus should be on Password field
4. Hit tab => Focus should be on Forgot password link
5. Hit tab => Focus should be on Sign in button

Test 13: Enter Submits on Password Focus

Actions:
1. Go to CollectionSpace login page
2. Type admin@core.collectionspace.org (or "admin@anthro.collectionspace.org")
3. Hit tab
4. Type Administrator
5. Hit Enter key
Expected:
- URL = COLLECTIONSPACE-URL/collectionspace/ui/core/html/findedit.html (or COLLECTIONSPACE-URL/cspace/anthro/search/collectionobject)

Test 15: Enter Submits

Actions:
1. Go to the CollectionSpace login page
2. Click on the "Forgot password" link
3. Type test in Email field
4. Hit Enter key
Expected:
- "test is not a valid email address" message

Security

Test 16: SQL Injections Testing - Password Field

Actions:
1. Go to the CollectionSpace login page
2. In Email text field, enter: admin@core.collectionspace.org (or "admin@anthro.collectionspace.org")
3. Click in the Password field
4. Variation a: In Password text field, enter: anything' or 'x'='x'
5. Variation b: In Password text field, enter: hi' or 1=1 --
6. Click the Sign in button
Expected:
- "Sign in failed. Incorrect username/password" message

Test 17: SQL Injections Testing - Email field

Actions:
1. Go to the CollectionSpace login page
2. Click in the Email field
3. In Email text field, enter: hi' or 1=1 --
4. Click in the Password field
5. In Password text field, enter: anything
6. Click the Sign in button
Expected:
- "Sign in failed. Incorrect username/password" message

Test 18: SQL Injections Testing - Reset Password

Actions:
1. Go to the CollectionSpace login page
2. Click on the "Forgot password" link
3. Click in the Email field
4. Variation a: In Email text field, enter: test@mail.com' OR 'x'='x'
5. Variation b: In Email text field, enter: test@mail.com' or 1=1 --
6. Click the "Forgot password" link
Expected:
- "... is not a valid email address" message

Test 19: Password/username Not Visible from URL Login

Actions:
1. Go to the CollectionSpace login page
2. Click in the Email field
3. In Email text field, enter: admin@core.collectionspace.org (or "admin@anthro.collectionspace.org")
4. Click in the Password field
5. In Password text field, enter: Administrator
6. Click the Sign in button
Expected:
- URL = COLLECTIONSPACE-URL/collectionspace/ui/core/html/findedit.html* (or COLLECTIONSPACE-URL/cspace/anthro/search/collectionobject*) (where * can be any string)
- URL does not contain: userid=* (where * can be anything)
- URL does not contain: password=* (where * can be anything)

Test 25: Spend 3 minutes trying to break something!

Spend a few minutes forcing the program to expose buggy behavior by:
- using the system in ways not covered by the testplan
- using the system in unexpected ways
- doing whatever you can think of that will produce bugs and unexpected behavior.
- Be creative!
- feel free to extend this to behavior related to this testplan