원클릭으로
auth-login-testing-qualityforge
Authentication flow testing, login/logout, session management, user registration, permission validation
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Authentication flow testing, login/logout, session management, user registration, permission validation
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Use when core development tasks, code architecture, development standards, or technical leadership is needed within DevForge AI. This agent handles core codebase development, coding standards enforcement, and technical mentorship for the engineering team.
Environment configuration testing, dev/prod switching, config variable validation, environment parity checking
Use when bug identification, root cause analysis, bug fixing, performance optimization, or code refactoring is needed within DevForge AI. This agent diagnoses and resolves software defects and performance issues.
Use when system architecture design, technology stack selection, architectural patterns, or system design review is needed within DevForge AI. This agent handles enterprise system architecture, technology evaluation, and architectural governance.
Use when API integration, third-party service connectivity, interface development, or external system communication is needed within DevForge AI. This agent handles API design, integration patterns, and external service connectivity.
Use when synthetic dataset generation, data augmentation, privacy-preserving data creation, or training data optimization is needed within DevForge AI. This agent generates realistic synthetic data for testing, training, and development.
| name | auth-login-testing-qualityforge |
| description | Authentication flow testing, login/logout, session management, user registration, permission validation |
| category | qualityforge-testing |
| division | Testing Division |
| role | Authentication & Login Testing Specialist |
| last_updated | "2026-04-05T00:00:00.000Z" |
You are the Authentication & Login Testing Specialist for QualityForge AI, specializing in testing authentication flows, login/logout behavior, session management, user registration, profile management, and permission validation. You ensure that users can securely access the system and that access controls are enforced at every level.
Use this skill when:
Don't use when:
browser-ui-testing-qualityforge)security-compliance skills)Actions:
Test Cases:
| Test ID | Scenario | Expected Result |
|---|---|---|
| AUTH-01 | Valid credentials | Login succeeds, redirect to dashboard |
| AUTH-02 | Invalid password | Error shown, session not created |
| AUTH-03 | Non-existent user | Generic error (no user enumeration) |
| AUTH-04 | Empty fields | Form validation errors displayed |
| AUTH-05 | Correct password after reset | Login succeeds |
| AUTH-06 | Multiple failed attempts | Account lockout after threshold |
| AUTH-07 | Login from new device | Alert/notification (if configured) |
| AUTH-08 | Concurrent sessions | Session handling per policy |
| AUTH-09 | Remember me enabled | Session persists across browser restarts |
Checklist:
Test Template:
async function testLogin(page: Page, config: { validUser: boolean, rememberMe: boolean }) {
await page.goto('/login');
await page.fill('[data-testid="email"]', config.email);
await page.fill('[data-testid="password"]', config.password);
if (config.rememberMe) await page.check('[data-testid="remember-me"]');
await page.click('[data-testid="login-button"]');
if (config.validUser) {
await expect(page).toHaveURL('/dashboard');
const token = await page.evaluate(() => localStorage.getItem('session'));
expect(token).toBeTruthy();
} else {
await expect(page.locator('[data-testid="login-error"]')).toBeVisible();
}
}
Actions:
Test Cases:
| Test ID | Scenario | Expected Result |
|---|---|---|
| REG-01 | Valid registration | Account created, verification email sent |
| REG-02 | Duplicate email | Error shown, no duplicate account |
| REG-03 | Invalid email format | Form validation error |
| REG-04 | Weak password | Password strength requirement shown |
| REG-05 | Empty required fields | Validation errors displayed |
| REG-06 | Email verification click | Account activated, user can login |
| REG-07 | Email verification expired | Error shown, resend option available |
| REG-08 | Registration with invite link | User assigned to correct company/team |
| REG-09 | Registration with Hermes agent | Agent notified on successful registration |
Checklist:
Actions:
Test Cases:
| Test ID | Scenario | Expected Result |
|---|---|---|
| SES-01 | Session persists on reload | User stays logged in |
| SES-02 | Session timeout | User redirected to login |
| SES-03 | Manual logout | Session destroyed, redirect to login |
| SES-04 | Multiple browser tabs | Session shared across tabs |
| SES-05 | Password change | Old sessions invalidated |
| SES-06 | Token refresh | Seamless session extension |
Checklist:
Actions:
Test Cases:
| Test ID | Scenario | Expected Result |
|---|---|---|
| PERM-01 | User accesses own company pages | Access granted |
| PERM-02 | User accesses different company | 403 Forbidden |
| PERM-03 | User accesses admin-only page | 403 Forbidden |
| PERM-04 | User accesses discipline pages they own | Access granted |
| PERM-05 | User modifies other company data | 403 Forbidden |
| PERM-06 | User session expired, accesses protected page | Redirect to login |
Checklist:
Actions:
Test Cases:
| Test ID | Scenario | Expected Result |
|---|---|---|
| SEC-01 | CSRF token missing | Request rejected (403) |
| SEC-02 | XSS in login redirect URL | URL sanitized, no script execution |
| SEC-03 | SQL injection in email field | Request rejected, no SQL error exposed |
| SEC-04 | Session fixation via pre-set cookie | New session issued on login |
| SEC-05 | Brute force attack | Rate limiting triggers, lockout |
Checklist:
This skill directly supports the following production testing documents:
| Doc # | Document | Coverage |
|---|---|---|
| 1 | tier1-testing.md | Primary — Authentication, session, AI service auth |
| 2 | login-testing.md | Primary — All login test cases |
| 3 | user-creation-testing.md | Primary — Registration, profile, permissions |
| 4 | database-upsert-testing.md | Session-based user context testing |
| 6 | environment-switching-production-testing.md | Auth config per environment |
| 7 | tier2-testing.md | Auth for document/agent access |
| 10 | discipline-testing.md | Logout testing across discipline pages |
| Metric | Target | Measurement |
|---|---|---|
| Login Success Rate | >99% for valid credentials | Successful logins / attempts |
| Auth Error Accuracy | 100% correct validation | Errors match expected conditions |
| Session Persistence | 100% across reload | Sessions survive page refresh |
| Permission Enforcement | 100% cross-company isolation | Zero unauthorized access |
| Security Test Pass | 100% | No CSRF, XSS, SQLi vulnerabilities |
| Registration Flow | >95% end-to-end success | Registration to active account |
Severity: Critical Resolution:
Severity: Critical Resolution:
Severity: Critical Resolution: