Staging Test: Authentication & Login

Test Area: Authentication & Security
Estimated Time: 10-15 minutes
Difficulty: Easy

Overview

This guide walks you through testing the login and authentication flows in the staging environment. You’ll verify that users can log in, stay logged in, and log out correctly.

Before You Start

Staging URLs

EnvironmentURL
Frontendhttps://zestamc.savibm.com
Login Pagehttps://zestamc.savibm.com/login

Test Accounts

All test accounts use OTP-based login. You’ll receive a 6-digit code via email.
Account TypeEmailPurpose
Adminadmin@zestamc.comFull admin access
Investortestinvestor@zestamc.comPrimary test investor with portfolio
Investortest@zestamc.comSecondary investor
Investorl2investor@zestamc.comL2 referral chain investor
Investorl3investor@zestamc.comL3 referral chain investor
Institutioninstitution@zestamc.comInstitutional investor (70/30 split)
Support Agentsupportagent@zestamc.comSupport agent for ticket management

Test Cases

Test 1: Basic Login Flow

Goal: Verify that a user can log in with email and OTP Steps:
  1. Open your browser and go to the login page
  2. Enter email: testinvestor@zestamc.com
  3. Click “Send OTP” (or similar button)
  4. You should see a message confirming OTP was sent
  5. Enter OTP from email
  6. Click “Verify” or “Login”
Expected Results:
StepWhat You Should See
After entering email”OTP sent to your email” message
After entering OTPRedirect to investor dashboard
DashboardWelcome message with your name
Pass Criteria: ✅ Successfully logged in and see the investor dashboard

Test 2: Invalid OTP

Goal: Verify that wrong OTP codes are rejected Steps:
  1. Go to the login page
  2. Enter email: testinvestor@zestamc.com
  3. Click “Send OTP”
  4. Enter wrong OTP: 123456
  5. Click “Verify”
Expected Results:
ResultWhat You Should See
Error message”Invalid OTP” or similar error
StatusRemain on the login page
RetryAble to enter OTP again
Pass Criteria: ✅ System rejects invalid OTP with a clear error message

Test 3: Admin Login

Goal: Verify admin account can log in and access admin features Steps:
  1. Go to the login page
  2. Enter email: admin@zestamc.com
  3. Click “Send OTP”
  4. Enter OTP from email
  5. Click “Verify”
Expected Results:
StepWhat You Should See
After loginRedirect to admin dashboard
NavigationAdmin menu options visible
Admin sectionsAccess to Deposits, Wallets, Cycles, Clients
Pass Criteria: ✅ Admin can access admin dashboard and admin-specific features

Test 4: Session Persistence

Goal: Verify that login session persists when refreshing the page Steps:
  1. Log in as testinvestor@zestamc.com using steps from Test 1
  2. After reaching the dashboard, press F5 or click the browser refresh button
  3. Wait for the page to reload
Expected Results:
ResultWhat You Should See
After refreshRemain on the dashboard (still logged in)
User infoYour name/email still displayed
Pass Criteria: ✅ User remains logged in after page refresh

Test 5: Logout

Goal: Verify that users can log out successfully Steps:
  1. Log in as any test user
  2. Find the logout button (usually in the top-right menu or profile dropdown)
  3. Click “Logout” or “Sign Out”
Expected Results:
ResultWhat You Should See
After logoutRedirect to login page
SessionNo longer logged in
Dashboard accessCannot access dashboard without logging in again
Pass Criteria: ✅ User is logged out and redirected to login page

Test 6: Protected Pages (Without Login)

Goal: Verify that protected pages require login Steps:
  1. Log out (or open a new private/incognito browser window)
  2. Try to directly access: https://zestamc.savibm.com/investor/dashboard
  3. Observe what happens
Expected Results:
ResultWhat You Should See
RedirectAutomatically sent to login page
Message”Please log in” or similar prompt (optional)
Pass Criteria: ✅ Cannot access dashboard without logging in

Test 7: Admin-Only Pages (As Investor)

Goal: Verify that investors cannot access admin pages Steps:
  1. Log in as testinvestor@zestamc.com
  2. Try to directly access: https://zestamc.savibm.com/admin/dashboard
  3. Observe what happens
Expected Results:
ResultWhat You Should See
Access deniedError message or redirect
StatusCannot view admin pages
Pass Criteria: ✅ Investor cannot access admin-only pages

Test Results Summary

After completing all tests, fill in this summary:
TestStatusNotes
Test 1: Basic Login⬜ Pass / ⬜ Fail
Test 2: Invalid OTP⬜ Pass / ⬜ Fail
Test 3: Admin Login⬜ Pass / ⬜ Fail
Test 4: Session Persistence⬜ Pass / ⬜ Fail
Test 5: Logout⬜ Pass / ⬜ Fail
Test 6: Protected Pages⬜ Pass / ⬜ Fail
Test 7: Admin-Only Access⬜ Pass / ⬜ Fail

Troubleshooting

”OTP expired” error

OTPs are valid for 30 minutes. If you see this error:
  • Request a new OTP by clicking “Resend OTP”
  • Enter the new code within 30 minutes

”Too many OTP requests” error

OTP requests are rate-limited (3 per 5 minutes). If you hit this limit:
  • Wait 5 minutes before trying again
  • Or use a different test email

Page shows “Loading…” forever

  1. Check your internet connection
  2. Try refreshing the page
  3. Clear browser cache and try again
  4. Try a different browser

Cannot access any pages

  1. Make sure you’re using the correct staging URL
  2. Check if the staging environment is online
  3. Try opening the login page in an incognito/private window

Next Steps

After completing authentication testing, proceed to:

Feedback

If you find any issues during testing, please note:
  1. Which test failed
  2. What you expected to happen
  3. What happened instead
  4. Screenshot (if possible)