Authorization problem - Githubissues

SeUniVr / RestTestGen

A framework for automated black-box testing of RESTful APIs.

Apache License 2.0

36 stars 9 forks source link

Authorization problem #6

Closed painsAgains closed 1 year ago

painsAgains commented 1 year ago

When I wrote an py file to config authorization in header,I got some problems as following： and then I checked the request out found that authorization's value not be writeen in header: Is it because the output format of my py file is not json? But when I tested auth.py,the output format of the file is indeed json This is my auth.py and config.json content: import json;

def main():
    str = '''
    [
      {
        "name": "Authorization",
        "value": "Bearer xxx",
        "in": "header",
        "timeout": 600
      }
    ]
    '''
    json1 = json.loads(str)
    print(json1)
if __name__ == '__main__':
    main()

{
  "specificationFileName": "resources/openapi.json",
  "authCommand": "python auth/auth.py",
  "strategyName": "NominalAndErrorStrategy",
  "testingSessionName": "customNameForTestingSession",
  "outputPath": "output/k8s"
}

Hope someone can help me, Thanks!

davidecorradini commented 1 year ago

Hello @painsAgains,

I see you closed the issue... Were you able to run RestTestGen eventually?

I will leave here some hints:

The first error you mentioned (Request execution failed...) is caused by a non responding REST API. Make sure to have the correct server URL in your OpenAPI specification.
Authorization tokens are not stored into report files for security reasons. They are used in actual requests, but they are masked in reports, as you could observe.

I think your auth script is correct. If something is not working, please do not hesitate to reopen this issue.

Best, Davide

painsAgains commented 1 year ago

Hello @painsAgains,

I see you closed the issue... Were you able to run RestTestGen eventually?

I will leave here some hints:

The first error you mentioned (Request execution failed...) is caused by a non responding REST API. Make sure to have the correct server URL in your OpenAPI specification.

Authorization tokens are not stored into report files for security reasons. They are used in actual requests, but they are masked in reports, as you could observe.

I think your auth script is correct. If something is not working, please do not hesitate to reopen this issue.

Best, Davide Thanks for your reply,I checked my URL and found some error,after I fixed it worked will.So I closed my issue. But I still have some cofussions,when I observe the authentication:flag in the report like I posted in picture, does it mean that the authentication is already included in the request header, even if there is no specific value

davidecorradini commented 1 year ago

Yes, the token is being used. In the report file, we mask it to prevent token leakage.