How to automate password reset tests with Selenium

Even with password managers becoming more and more common, every one of us will have had to reset a password at some point. It’s a simple process, but one that has significant potential for frustration and failure. It’s also something that’s not easy to test without the right tools, leaving it overlooked far too often.

Fortunately, with a few lines of code, you can configure Selenium to automate this critical interaction, stopping any issues before they even start.

Why test your password reset process?

In the last 24 hours, 32% of web users across the globe have forgotten a password. 15% of them go on to abandon a purchase once a week, because the process of retrieving it was too long or difficult. So, it’s clearly important to make the password reset process as stress-free as possible.

It’s also a process that’s often overlooked, simply because it sits outside the "happy path" when developing a website or app, but one that you definitely can’t afford to neglect. Plus, it’s a process that can easily be broken by seemingly unrelated changes within your app or website, making regular testing essential.

The challenge of testing a password reset with Selenium

While Selenium does an excellent job of automating web browsers, allowing you to easily replicate the actions a typical user might take when interacting with a website or product, it is limited in what it can do with emails as it has no built-in mechanism for capturing and processing emails and subjecting them to tests.

Even if you browsed to a webmail client using Selenium, you would only be able to use an email address that's already been set up. That means you have to use that same email address for every test - not great when you have lots of test cases to cover. You’re left with the option of either manually testing, which is inevitably time-consuming and understates the importance of this process for users, or using just one or two dedicated test email addresses, which limits scale and is never as robust for a CI/CD pipeline.

Using Selenium to test a password reset workflow

A simple way of adding the functionality Selenium needs for this sort of testing is to integrate a tool like Mailosaur. It provides the extra functionality required for Selenium to be able to automate email tests at scale, so you can effectively check password reset processes, without having to do so manually.

In this article we’ll show you how to use Mailosaur to capture a password reset request and follow the link to your website to complete the process. The code below shows you what a typical test might look like, which we'll break down in more detail below:

String apiKey = "API_KEY"; 
String serverId = "SERVER_ID"; // The unique ID of the inbox (server) that you are using 
 
// Create a MailosaurClient instance, using your API key 
MailosaurClient m = new MailosaurClient(apiKey); 
 
// Random test email address (this uses a catch-all pattern)
String randomString = UUID.randomUUID().toString().replaceAll("-", "").substring(7, 13);
String emailAddress = randomString + "@" + serverId + ".mailosaur.net";

// 1 - Request password reset
browser.get("https://example.mailosaur.com/password-reset");
browser.findElement(By.cssSelector("input#email")).sendKeys(emailAddress);
browser.findElement(By.cssSelector("button[type='submit']")).click();

// 2 - Create the search criteria for the email
MessageSearchParams params = new MessageSearchParams();
params.withServer(serverId);

SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.withSentTo(emailAddress);

// 3 - Get the email from Mailosaur using the search criteria
Message msg = m.messages().get(params, searchCriteria);

assertEquals("Set your new password for ACME Product", msg.subject());

// 4 - Extract the link from the email
String passwordResetLink = msg.html().links().get(0).href();

// 5 - Navigate to the link and reset your password
browser.get(passwordResetLink);
browser.findElement(By.cssSelector("input#password")).sendKeys(randomString);
browser.findElement(By.cssSelector("input#confirmPassword")).sendKeys(randomString);
browser.findElement(By.cssSelector("button[type='submit']")).click();
WebElement h1 = browser.findElement(By.cssSelector("h1"));
assertEquals("Your new password has been set!", h1.getText());

browser.quit();

The first few lines are just to do with setting up a connection to the Mailosaur API. Mailosaur works by giving all users their own domain name, which supports a wildcard email pattern. This means that any email address that ends with @{SERVER_ID}.mailosaur.net works out the box. Therefore we can use a unique email address for every test:

String randomString = UUID.randomUUID().toString().replaceAll("-", "").substring(7, 13);
String emailAddress = randomString + "@" + serverId + ".mailosaur.net";

Once you have that, you can use Selenium to request the password reset by navigating to the 'forgot password' screen and using your test email address:

// 1 - Request password reset
browser.get("https://example.mailosaur.com/password-reset");
browser.findElement(By.cssSelector("input#email")).sendKeys(emailAddress);
browser.findElement(By.cssSelector("button[type='submit']")).click();

Locate the email in your inbox

Once the password reset email is sent, you can pull it down into your test. Use 'SearchCriteria' to programmatically locate the email associated with your test email address:

// 2 - Create the search criteria for the email
MessageSearchParams params = new MessageSearchParams();
params.withServer(serverId);

SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.withSentTo(emailAddress);

// 3 - Get the email from Mailosaur using the search criteria
Message msg = m.messages().get(params, searchCriteria);

assertEquals("Set your new password for ACME Product", msg.subject());

Using the link in the email to complete the process

Of course, the crucial part of this test is following the link in the email to complete the process, to ensure customers don't start flooding your support team with enquires.

Mailosaur automatically extracts any links found in the content of an email or SMS message, allowing you to navigate to them using Selenium, just like any other URL:

// 4 - Extract the link from the email
String passwordResetLink = msg.html().links().get(0).href();

// 5 - Navigate to the link and reset your password
browser.get(passwordResetLink);
browser.findElement(By.cssSelector("input#password")).sendKeys(randomString);
browser.findElement(By.cssSelector("input#confirmPassword")).sendKeys(randomString);
browser.findElement(By.cssSelector("button[type='submit']")).click();
WebElement h1 = browser.findElement(By.cssSelector("h1"));
assertEquals("Your new password has been set!", h1.getText());

Verify recipient and sender information

Adding additional assertions to this test is easy. For example, you'll probably want to make sure that each email is addressed to the right person.

Likewise, if you want to allow for recipients to reply to an email in order to open a support ticket you'll also want to check that the 'sender' information never breaks:

// Check the recipient is correct
assertEquals("Jill Smith", msg.to[0].name);
assertEquals("jill@example.com", msg.to[0].email);

// Check the sender is correct
assertEquals("Customer Support", msg.from[0].name);
assertEquals("support@example.com", msg.from[0].email);

By following these steps, you'll add an extra level of capability to Selenium, and ensure a more reliable communication experience for your customers.