Open thrivikramgit opened 10 months ago
I would also be so appreciative to have an examples of using more than one auth token. Moveover i have different yaml file listed in Swagger Spec File Path parameter. Some of them need "admin" token, others use "user" token. What do u suggest to us, @marina-p ? Thx for future reply!
Hello @marina-p , Could you please help us here?
Thanks for your support
Description
Hello Team,
Firstly thank you for creating such an amazing tool. Using Restler we could cover three areas and I would like to summarize each. Please correct us if we are using the process in correct manner.
Input Validation and Error Handling checks: we are tuning payloads, custom grammar file depending on the Swagger, If possible we would like to provide some examples. Using this I have seen that Restler could found more bugs.
Authentication Checks: We are passing an invalid token and run the Restler like using test mode or fuzz-lean mode. We will verify the network logs and checks if any resource was created or accessed or deleted. We consider this as bug.
Authorization Checks: Let us consider there are two tenants. Tenant A, we are passing a token and run the Restler like using test mode or fuzz-lean mode. Then we need to check if Tenant B token could access resources of Tenant A. But How we can do that? I am little bit confused. Could you please help me?
Thanks for your support, Vikram