Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Incomplete authentication test suite
See original GitHub issueI’m submitting a
- bug report.
- feature request.
Current Behaviour:
Authentication tests need to be updated. Current tests only test /+ API_NAME, rest everything needs to be tested as well.
Expected Behaviour:
Tests should check the authentication part thoroughly.
Steps to reproduce:
See hydrus/hydrus/tests/test_auth.py.
Do you want to work on this issue?
NO
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:11 (9 by maintainers)
Top Results From Across the Web
How to Cope With Incomplete Test Coverage? - QATestLab
The test coverage is a very important indicator for a software test team. The specialists try to cover the most part of the...
Read more >Test Cases for 3D Secure 1.0 - Cybersource Developer Center
In both cases, the card is authenticated, and validation is successful. Test Case 4: Visa Secure Card Enrolled: Incomplete Authentication. Card Number. 445653...
Read more >Troubleshoot the Regression suite automation tool
If a test case inconsistently fails with the following error, this usually indicates an incomplete configuration of the authentication ...
Read more >Card authentication and 3D Secure | Stripe Documentation
Use a Stripe test card with any CVC, postal code, and future expiration date to trigger 3DS authentication challenge flows while in test...
Read more >Hunting flaky tests 4: Incomplete Teardown - Doctolib - Medium
If it also need to login, the test will fail. This is precisely the case with Safari: our authentication token is stored as...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Maybe if we do not show the endpoints. We can create a specific file (for example http://localhost:8080/serverapi/endPoints) which can be password protected. I think that it will be safer.
Right now: If someone who is not authorized tries to login the server responds with:
I have found this checklist[1]. Should i implement the checks that are there? Also the pentest part in [2] is interesting. PS: I am asking because i am not sure what behavior you are expecting.
[1] https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#Validate_content_types [2] https://www.owasp.org/index.php/REST_Assessment_Cheat_Sheet
@xadahiya, if I am not wrong, the tests remain the same for all endpoints, it’s just that the URL inside self.client.get() changes?