Who should perform account verification testing?
Account verification is used primarily to confirm that the information defining the account is accurate and represents a real person, company, or other organization. It’s an important step for combating fraud, especially with accounts that deal with any financial transactions. It’s also a helpful tool for removing bot and spam accounts, which can otherwise waste resources and introduce security vulnerabilities.
In many account verification systems, the process is something like this: a user inputs their information into a form, the system creates an unverified account based on that form, and then the account is verified - often with an automated email or SMS sent to the email address or number the user provided on sign-up. Once the user has confirmed the email or phone is real by typing in the code, the account is changed to a verified one.
Unverified accounts often have limited permissions and functionality until they are verified. They can also be automatically checked for indications the account is fraudulent if the user does not verify the account, and even automatically deleted if they fail additional checks.
Some verification systems are more complex than checking an email or phone address. Depending on the level of security required, account verification can also involve checking if bank account details are matched to an existing account, if ID documents match photos and addresses, and more. The complexity of the system will determine the amount and depth of testing required.
As a basic rule, account verification testing should be performed by anyone using a system to verify accounts. The accuracy and functionality of the system are crucial – if the system does not correctly verify accounts, your users might not be able to access your services. Even worse, if the system incorrectly verifies fraudulent accounts, it can compromise the security of your organization.
Should you use Cypress for testing account verification?
There are several software tools out there to help you set up account testing, and Cypress is a popular option. It’s a flexible testing platform that runs directly in your browser to mimic user interactions as closely as possible, and it can be integrated easily with other tools to come up with a customized solution for your testing requirements.
A common example of this would be integrating Mailosaur’s software tools for generating real, accessible email addresses and phone numbers ready to use for testing. This is particularly helpful for account verification systems that confirm emails and phones input by users. It makes it possible to automate every step of the verification process directly in Cypress’s interface, including checking verification messages and inputting security codes.
Whether or not Cypress is the right tool for you will depend on your organization’s needs, capabilities, and resources. It may help to try a few different tools for quick and simple tests to see which are best suited.
How to test account verification systems with Cypress
Setting up a test with Cypress involves three main steps: creating your test plan, setting up and performing the test, and finally, evaluating the test results. The next few sections will go over each of these three steps in detail.
Creating a test plan for account verification
Having a thorough, detailed test plan is one of the best things you can do to set up successful and efficient software testing. While the exact contents of the test plan will depend on your specific situation, some things you may want to include are: • Detailed test outline with each step to be tested • Clearly defined goals • People responsible for testing • Where the test results and other information can be accessed
Of all of these, the test outline is often the most complex and detailed part of the plan to create. When drafting a test outline, a starting point can be listing all of the ways the user interacts with the account creation/verification process, how the software is expected to respond at each of these points, and what opportunities there are for users to input incorrect or fraudulent information.
Here is a sample list of possible user interactions and software responses for a simple account verification process that checks if an email and/or phone is functional: • User inputs their info to create an account • User inputs are checked for validity • Account verification email and/or SMS is sent based off user input • User clicks verification link and/or inputs code • Checking if account is successfully verified • User is logged into account or redirected to the right page • Confirmation email/SMS of account verification
Once you have your test plan ready to go, the next step is to familiarize yourself with Cypress and set up the test, which we’ll go over in the next section.
Using Cypress to set up an account verification test
First, if you don’t already have Cypress set up, you’ll need to install it. There are two options for this: you can either install it as a direct download or using npm. You can find additional help with installation in their documentation section. They also have a section in their documentation on setting up a simple test to familiarize yourself with their software if you haven’t used it before.
Once Cypress is ready to go, the next step is to begin writing the test using the test plan you created earlier as a reference. Tests in Cypress are structured in three steps: setting up the base state, performing an action, and checking to see if the base state has changed and how. More complex tests can involve combining multiple actions and checks in a single test, but the overall test structure remains the same.
Here’s an example of the first few steps of verifying an account: 1. Load the page 2. Input user data in the right fields 3. Submit user data 4. Check if account verification email/SMS was sent
In the example above, loading the page is how the base state is defined. Inputting user data and submitting it are two linked actions meant to change the base state. Checking to see if submitting the data triggered an automated email is how the new state is being measured. Depending on the results of the test, you can either perform more tests further along in the verification process or try to adjust your system to fix the results if something went awry.
Cypress has fairly robust error messages to help you determine why a test may have failed, and also includes color changes in the code itself to show if a step was successful or not: blue for pending, red for failures, and green for successes.
It's worth keeping in mind that sometimes when a test fails, it’s because of something in the test code itself, and not necessarily the system you are testing. Checking error messages and Cypress’s documentation can help you determine whether this is the case.
Incorporating additional software tools with Cypress
Cypress has the option to integrate other software tools to make testing easier and increase testing capabilities. A lot of account verification testing systems involve checking user email addresses and sometimes phone numbers as well, and while Cypress does not have a way to generate email addresses or phone numbers for testing, there are tools that can create both of these.
Mailosaur develops software tools and more that are specifically focused on supporting and automating end-to-end testing of systems relying on emails and SMS. Our software can be used to simulate real world interactions by incorporating working phone numbers and unlimited email addresses into your testing. This helps with testing any systems that require checking if an email address or phone number is authentic, since you will have access to any of the messages they receive.
Learn more about testing account verification
If you have questions about testing account verification, setting up automated email and SMS tests, integrating Mailosaur with Cypress, or Mailosaur’s software tools, please reach out to us!