100 Test Cases Thường Dùng Trong Web Testing

Hướng dẫn chi tiết về kiểm thử web với Postman

100

Test Cases

9

Chủ đề chính

100%

Postman Scripts

Pro

Level Guide

📋 Mục lục nội dung

🔐 A. Authentication & Authorization (1-15)
👤 B. User Registration (16-25)
📝 C. CRUD Operations (26-40)
📁 D. File Upload (41-50)
🔒 E. API Security (51-65)
⚡ F. Performance Testing (66-75)
✅ G. Data Validation (76-85)
🚨 H. Error Handling (86-95)
🔗 I. Integration & Workflow (96-100)

🔐 A. AUTHENTICATION & AUTHORIZATION (Test Cases 1-15)

1. Đăng nhập thành công với thông tin hợp lệ

Mô tả: Kiểm tra user có thể đăng nhập thành công với username/password đúng

// Postman Pre-request Script pm.environment.set("username", "valid_user@example.com"); pm.environment.set("password", "ValidPass123!"); // Postman Test Script pm.test("Login successful", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.success).to.be.true; pm.expect(responseJson.token).to.exist; pm.environment.set("auth_token", responseJson.token); });

2. Đăng nhập thất bại với password sai

Mô tả: Verify hệ thống từ chối đăng nhập khi password không đúng

// Postman Test Script pm.test("Login failed with wrong password", function () { pm.response.to.have.status(401); const responseJson = pm.response.json(); pm.expect(responseJson.success).to.be.false; pm.expect(responseJson.message).to.include("Invalid credentials"); });

3. Đăng nhập với email không tồn tại

Mô tả: Kiểm tra response khi đăng nhập với email chưa đăng ký

pm.test("Login failed with non-existent email", function () { pm.response.to.have.status(404); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("User not found"); });

4. Đăng nhập với thông tin rỗng

Mô tả: Validate required field validation

pm.test("Login failed with empty credentials", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.errors).to.exist; });

5. Đăng nhập với SQL Injection

Mô tả: Security test để đảm bảo hệ thống không bị SQL injection

// Pre-request Script pm.environment.set("username", "admin' OR '1'='1"); pm.environment.set("password", "anything"); // Test Script pm.test("SQL Injection prevented", function () { pm.response.to.have.status(401); pm.expect(pm.response.text()).to.not.include("SQL"); });

6. Token hết hạn

Mô tả: Kiểm tra xử lý khi JWT token expired

// Pre-request Script pm.environment.set("expired_token", "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."); // Test Script pm.test("Expired token rejected", function () { pm.response.to.have.status(401); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Token expired"); });

7. Access với token không hợp lệ

Mô tả: Test authentication với invalid token

pm.test("Invalid token rejected", function () { pm.response.to.have.status(401); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Invalid token"); });

8. Logout thành công

Mô tả: Verify logout functionality

pm.test("Logout successful", function () { pm.response.to.have.status(200); pm.environment.unset("auth_token"); });

9. Access resource không có quyền

Mô tả: Test authorization - user access restricted resource

pm.test("Access denied for unauthorized resource", function () { pm.response.to.have.status(403); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Access denied"); });

10. Admin access admin panel

Mô tả: Verify admin role có thể truy cập admin functions

pm.test("Admin access granted", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.role).to.equal("admin"); });

11. Regular user không thể access admin panel

Mô tả: Test role-based access control

pm.test("Regular user denied admin access", function () { pm.response.to.have.status(403); });

12. Password reset request

Mô tả: Test forgot password functionality

pm.test("Password reset email sent", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Reset email sent"); });

13. Password reset với token hợp lệ

Mô tả: Test password reset process

pm.test("Password reset successful", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.success).to.be.true; });

14. Session timeout

Mô tả: Test session expiration handling

pm.test("Session timeout handled", function () { pm.response.to.have.status(401); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Session expired"); });

15. Multiple login attempts lockout

Mô tả: Test account lockout after failed attempts

pm.test("Account locked after multiple failed attempts", function () { pm.response.to.have.status(423); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Account locked"); });

👤 B. USER REGISTRATION (Test Cases 16-25)

16. Đăng ký thành công với thông tin hợp lệ

Mô tả: Test successful user registration

// Pre-request Script const timestamp = Date.now(); pm.environment.set("unique_email", `user${timestamp}@example.com`); // Test Script pm.test("Registration successful", function () { pm.response.to.have.status(201); const responseJson = pm.response.json(); pm.expect(responseJson.success).to.be.true; pm.expect(responseJson.user.email).to.equal(pm.environment.get("unique_email")); });

17. Đăng ký với email đã tồn tại

Mô tả: Test duplicate email validation

pm.test("Registration failed with existing email", function () { pm.response.to.have.status(409); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Email already exists"); });

18. Đăng ký với email format không hợp lệ

Mô tả: Test email format validation

pm.test("Registration failed with invalid email format", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.errors.email).to.exist; });

19. Đăng ký với password yếu

Mô tả: Test password strength validation

pm.test("Registration failed with weak password", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.errors.password).to.include("Password too weak"); });

20. Đăng ký với required fields bị thiếu

Mô tả: Test required field validation

pm.test("Registration failed with missing required fields", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.errors).to.exist; });

21. Email verification sau đăng ký

Mô tả: Test email verification process

pm.test("Email verification required", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("Verification email sent"); });

22. Kích hoạt account với verification token

Mô tả: Test account activation

pm.test("Account activated successfully", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.user.is_verified).to.be.true; });

23. Đăng ký với special characters trong tên

Mô tả: Test name field validation

pm.test("Registration handles special characters in name", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.errors.name).to.exist; });

24. Đăng ký với phone number format

Mô tả: Test phone number validation

pm.test("Phone number validation", function () { if (pm.response.code === 400) { const responseJson = pm.response.json(); pm.expect(responseJson.errors.phone).to.exist; } else { pm.response.to.have.status(201); } });

25. Terms and conditions acceptance

Mô tả: Test T&C checkbox validation

pm.test("Terms acceptance required", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.errors.terms).to.include("must accept terms"); });

📝 C. CRUD OPERATIONS (Test Cases 26-40)

26. Tạo mới record thành công

Mô tả: Test successful creation of new resource

// Pre-request Script const timestamp = Date.now(); pm.environment.set("product_name", `Product_${timestamp}`); // Test Script pm.test("Create record successful", function () { pm.response.to.have.status(201); const responseJson = pm.response.json(); pm.expect(responseJson.id).to.exist; pm.environment.set("created_id", responseJson.id); });

27. Lấy danh sách records với pagination

Mô tả: Test list API with pagination

pm.test("Get list with pagination", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.data).to.be.an('array'); pm.expect(responseJson.pagination).to.exist; pm.expect(responseJson.pagination.total).to.be.a('number'); });

28. Lấy chi tiết một record

Mô tả: Test get single record by ID

pm.test("Get single record", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.id).to.equal(parseInt(pm.environment.get("created_id"))); });

29. Update record thành công

Mô tả: Test successful record update

pm.test("Update record successful", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.success).to.be.true; pm.expect(responseJson.updated_at).to.exist; });

30. Update record không tồn tại

Mô tả: Test update non-existent record

pm.test("Update non-existent record", function () { pm.response.to.have.status(404); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("not found"); });

31. Xóa record thành công

Mô tả: Test successful record deletion

pm.test("Delete record successful", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.success).to.be.true; });

32. Xóa record không tồn tại

Mô tả: Test delete non-existent record

pm.test("Delete non-existent record", function () { pm.response.to.have.status(404); });

33. Soft delete verification

Mô tả: Test soft delete functionality

pm.test("Soft delete implemented", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.deleted_at).to.exist; });

34. Bulk operations

Mô tả: Test bulk create/update/delete

pm.test("Bulk operation successful", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.processed_count).to.be.a('number'); pm.expect(responseJson.success_count).to.be.a('number'); });

35. Search và filter

Mô tả: Test search and filtering functionality

pm.test("Search and filter working", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.data).to.be.an('array'); pm.expect(responseJson.filters_applied).to.exist; });

36. Sorting functionality

Mô tả: Test data sorting

pm.test("Data sorted correctly", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); const data = responseJson.data; if (data.length > 1) { pm.expect(data[0].created_at >= data[1].created_at).to.be.true; } });

37. Field validation trên create

Mô tả: Test input validation on create

pm.test("Field validation on create", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.errors).to.exist; });

38. Duplicate prevention

Mô tả: Test duplicate record prevention

pm.test("Duplicate prevention works", function () { pm.response.to.have.status(409); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("already exists"); });

39. Cascade delete

Mô tả: Test cascade deletion of related records

pm.test("Cascade delete working", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.cascade_deleted_count).to.be.a('number'); });

40. Data export functionality

Mô tả: Test data export to CSV/Excel

pm.test("Data export successful", function () { pm.response.to.have.status(200); pm.expect(pm.response.headers.get('Content-Type')).to.include('application/'); pm.expect(pm.response.headers.get('Content-Disposition')).to.include('attachment'); });

📁 D. FILE UPLOAD (Test Cases 41-50)

41. Upload file thành công

Mô tả: Test successful file upload

pm.test("File upload successful", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.file_url).to.exist; pm.expect(responseJson.file_size).to.be.a('number'); pm.environment.set("uploaded_file_url", responseJson.file_url); });

42. Upload file quá dung lượng cho phép

Mô tả: Test file size limit validation

pm.test("File size limit enforced", function () { pm.response.to.have.status(413); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("File too large"); });

43. Upload file với extension không được phép

Mô tả: Test file type validation

pm.test("File type validation", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("File type not allowed"); });

44. Upload multiple files

Mô tả: Test multiple file upload

pm.test("Multiple files upload", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.files).to.be.an('array'); pm.expect(responseJson.files.length).to.be.greaterThan(1); });

45. Upload file với virus

Mô tả: Test virus scanning (mock test)

pm.test("Virus scanning working", function () { pm.response.to.have.status(400); const responseJson = pm.response.json(); pm.expect(responseJson.message).to.include("File contains malware"); });

46. Download uploaded file

Mô tả: Test file download functionality

pm.test("File download successful", function () { pm.response.to.have.status(200); pm.expect(pm.response.headers.get('Content-Type')).to.exist; pm.expect(pm.response.responseSize).to.be.greaterThan(0); });

47. Delete uploaded file

Mô tả: Test file deletion

pm.test("File deletion successful", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.success).to.be.true; });

48. Image resize sau upload

Mô tả: Test automatic image resizing

pm.test("Image resized after upload", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.thumbnails).to.exist; pm.expect(responseJson.thumbnails).to.be.an('array'); });

49. File metadata extraction

Mô tả: Test file metadata extraction

pm.test("File metadata extracted", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.metadata).to.exist; pm.expect(responseJson.metadata.size).to.be.a('number'); });

50. Upload progress tracking

Mô tả: Test upload progress endpoint

pm.test("Upload progress trackable", function () { pm.response.to.have.status(200); const responseJson = pm.response.json(); pm.expect(responseJson.progress).to.be.a('number'); pm.expect(responseJson.progress).to.be.within(0, 100); });

🔒 E. API SECURITY (Test Cases 51-65)

51. Rate limiting enforcement

Mô tả: Test API rate limiting

pm.test("Rate limiting enforced", function () { if (pm.response.code === 429) { pm.expect(pm.response.headers.get('Retry-After')).to.exist; } else { pm.response.to.have.status(200); } });

52. CORS headers kiểm tra

Mô tả: Test CORS configuration

pm.test("CORS headers present", function () { pm.expect(pm.response.headers.get('Access-Control-Allow-Origin')).to.exist; pm.expect(pm.response.headers.get('Access-Control-Allow-Methods')).to.exist; });

53. XSS prevention

Mô tả: Test XSS attack prevention

// Pre-request Script pm.environment.set("xss_payload", ""); // Test Script pm.test("XSS prevention working", function () { const responseText = pm.response.text(); pm.expect(responseText).to.not.include("