How-To GuidesTest Auth Flows

Test Authenticated Flows

Learn how to test applications that require login, 2FA, OTP, and magic links.

Creating a Persona

A Persona is a set of login credentials that BugBrain uses to authenticate before running tests.

1
Go to Personas
Dashboard → Personas → New Persona
2
Enter Basic Info
Persona name (e.g., 'Test User 1'), Email, Password
3
Select Auth Type
Choose: Basic Auth / Email OTP / TOTP / Magic Link
4
Configure Auth Details
Add required credentials (TOTP secret, Mailosaur address, etc.)
5
Save Persona
Use immediately in test plans

Auth Type: Basic Login

Simplest authentication method

Setup

  1. Create Persona
  2. Enter email and password
  3. No additional config needed
  4. Save

How It Works

  • BugBrain navigates to login page
  • Fills email + password fields automatically
  • Clicks login button
  • Session cached for 8 hours
  • Next test reuses login (faster execution)

Test It

1. Create test: "Login Flow"
2. First step: Create and link persona
3. Run test → BugBrain logs in automatically
4. Create second test with same persona
5. Note: Much faster (login cached!)

Auth Type: Email OTP (One-Time Password)

Requires Mailosaur integration

Prerequisites

  1. Mailosaur account (free tier available)
  2. API key and Server ID
  3. Set environment variables: 
    MAILOSAUR_API_KEY=your_key
MAILOSAUR_SERVER_ID=your_server_id

Setup

  1. Create Persona
  2. Select “Email OTP” auth type
  3. Enter Mailosaur email address (e.g., test@ABC123.mailosaur.net)
  4. BugBrain retrieves OTP automatically during login
  5. Save

How It Works

  1. User enters email at login prompt
  2. BugBrain submits login form
  3. Application sends OTP to email
  4. BugBrain calls retrieve_email_code() action
  5. Mailosaur API fetches OTP from inbox
  6. BugBrain enters OTP automatically
  7. Session cached for future tests

Test It

1. Create Persona with Mailosaur address
2. Test: "Login with OTP"
3. Steps:
   - Navigate to /login
   - Fill email (uses persona email)
   - Click "Send OTP"
   - Wait for OTP form
   - BugBrain auto-fills OTP
   - Click submit
   - Assert logged in

Auth Type: Magic Link

Email link-based login

Setup

  1. Create Persona with Mailosaur address
  2. Select “Email OTP / Magic Link” auth type
  3. Save

How It Works

  1. User enters email
  2. App sends magic link email
  3. BugBrain retrieves magic link from Mailosaur
  4. Navigates to link automatically
  5. User logged in
  6. Session cached

Test It

1. Test: "Magic Link Login"
2. Steps:
   - Navigate to /login
   - Fill email
   - Click "Send magic link"
   - Wait for confirmation message
   - BugBrain retrieves link from Mailosaur
   - Navigate to link
   - Assert logged in (home page)

Auth Type: TOTP / 2FA

Time-based one-time passwords (Google Authenticator, Authy)

Prerequisites

  • TOTP secret (base32 encoded seed)
  • Usually provided during 2FA setup

Where to Find Secret

  1. From dev account setup:

    • Look for “Secret key” or “Manual entry code”
    • Save the 32-character base32 string

  2. Extract from QR code:

    # QR code scanner tools can extract secret
# Or check your password manager

Setup

  1. Create Persona
  2. Select “TOTP / 2FA” auth type
  3. Paste TOTP secret (base32 format)
  4. Save

How It Works

  1. BugBrain uses pyotp library to generate 6-digit codes
  2. Codes valid for 30 seconds (standard TOTP)
  3. Auto-fills 2FA field during login
  4. Works with Google Authenticator, Authy, etc.

Test It

1. Create Persona with TOTP secret
2. Test: "Login with 2FA"
3. Steps:
   - Navigate to /login
   - Fill email
   - Fill password
   - Click login
   - BugBrain generates TOTP code
   - Auto-fills 2FA field
   - Click verify
   - Assert logged in

Using Personas in Tests

In Test Plans

  1. Create test step
  2. Click “Link Persona”
  3. Select persona from dropdown
  4. BugBrain logs in automatically
  5. Subsequent steps run as authenticated user

In Exploratory Sessions

  1. New Session
  2. Select “Persona” dropdown
  3. Choose persona (or leave blank for guest)
  4. AI explores as authenticated user
  5. Tests authenticated-only pages

In Discovery Crawls

  1. Start Discovery
  2. Select Persona to use
  3. Crawler logs in automatically
  4. Discovers authenticated pages and flows

Troubleshooting

”Login Failed: Invalid Credentials”

  • Verify persona email/password is correct
  • Ensure account isn’t locked
  • Check 2FA/OTP codes are generating (TOTP)

“OTP Code Not Retrieved”

  • Confirm Mailosaur API key is correct
  • Check environment variables are set
  • Verify email address receives OTP
  • Check Mailosaur server ID is correct

”TOTP Code Wrong”

  • Verify TOTP secret is base32 format
  • Check if secret uses spaces or dashes (remove them)
  • Ensure time is synchronized on server

”Session Timeout”

  • Default 8-hour cache TTL
  • Increase in Persona settings if needed
  • Sessions reset if persona credentials change

”Multiple Users, Same Email”

Best Practices

  1. ✅ Use test accounts for personas (not real user accounts)
  2. ✅ Keep TOTP secrets secure (use secrets manager)
  3. ✅ Regularly rotate test account passwords
  4. ✅ Name personas clearly (e.g., “Admin User”, “Free Tier User”)
  5. ✅ Document which tests use which personas
  6. ❌ Don’t share persona credentials in Slack
  7. ❌ Don’t hardcode passwords in test code
  8. ❌ Don’t use production accounts for testing
Setup CI/CDRun Compliance Audit