SoftwareTestPilot
Formsadvanced hidden bug 18 min

Multi-Step Auth & OTP Flow — Practice in Playwright, Selenium & Cypress

End-to-end auth automation practice — username/password step, six-digit OTP, simulated network verification, and POM-friendly fixture setup.

Live element

Hidden bug planted — try to catch it

🐞 Sort High→Low and watch your test catch a defect.

Locators cheat-sheet

data-testidRoleAccessible labelWhat it is
email-inputtextboxEmailEmail field. 🐞 Validation is case-sensitive when it shouldn't be.
password-inputtextboxPasswordPassword field (type=password).
login-btnbuttonLog inSubmits the form.
welcomestatusWelcome messageAppears on a successful login.
login-erroralertLogin errorAppears on a failed login attempt.

Reference solutions

import { test, expect } from '@playwright/test';

const EMAIL = 'qa@pilot.test';
const PASS  = 'Password1!';

test('logs in with seed credentials', async ({ page }) => {
  await page.goto('/practice/auth-flow');
  const frame = page.frameLocator('iframe[title="Auth flow live widget"]');

  await frame.getByTestId('email-input').fill(EMAIL);
  await frame.getByTestId('password-input').fill(PASS);
  await frame.getByTestId('login-btn').click();

  await expect(frame.getByTestId('welcome')).toBeVisible();
});

test('🐞 email comparison should be case-insensitive (planted bug)', async ({ page }) => {
  await page.goto('/practice/auth-flow');
  const frame = page.frameLocator('iframe[title="Auth flow live widget"]');

  // Same email, different casing — a real product should accept it.
  await frame.getByTestId('email-input').fill('QA@Pilot.Test');
  await frame.getByTestId('password-input').fill(PASS);
  await frame.getByTestId('login-btn').click();

  // ❌ With the planted bug, login-error appears and this assertion FAILS.
  await expect(frame.getByTestId('welcome')).toBeVisible();
});
Try it in the Practice Hub Open learning module