DO yu See JWT Token`s in the Request, below are the JSON Tests cases for Authentication Checks.
Basic credentials: {“login”: “admin” , “password”: “admin”}Empty credentials: {“login”: “” , “password”: “”}Null values: {“login”: null, “password”: null}Credentials as numbers: {“login”: 123, “password”: 456}Credentials as booleans: {“login”: true, “password”: false}Credentials as arrays: {“login”: [“admin”], “password”: [“password”]}Credentials as objects: {“login”: {“username”: “admin” , “password”: {“password”: “password”}}}Special characters in credentials: {“login”: “@dm!n” , “password”: “p@ssw0rd#”}SQL Injection: {“login”: “admin’ — “ , “password”: “password”}HTML tags in credentials: {“login”: “admin“ , “password”: “ololo-HTML-XSS”}Unicode in credentials: {“login”: “\u0061\u0064\u006D\u0069\u006E” , “password”: “\u0070\u0061\u0073\u0073\u0077\u006F\u0072\u 0064”}Credentials with escape characters: {“login”: “ad\\nmin” , “password”: “pa\\ssword”}Credentials with white space: {“login”: “ “ , “password”: “ “}Overlong values: {“login”: “a”*10000, “password”: “b”*10000}Malformed JSON (missing brace): {“login”: “admin” , “password”: “admin”}Malformed JSON (extra comma): {“login”: “admin” , “password”: “admin” , }Missing login key: {“password”: “admin”}Missing password key: {“login”: “admin”}Swapped key values: {“admin”: “login” , “password”: “password”}Extra keys: {“login”: “admin” , “password”: “admin” , “extra”: “extra”}Missing colon: {“login” “admin” , “password”: “password”}Invalid Boolean as credentials: {“login”: yes, “password”: no}All keys, no values: {“”: “” , “”: “”}Nested objects: {“login”: {“innerLogin”: “admin” , “password”: {“innerPassword”: “password”}}}Case sensitivity testing: {“LOGIN”: “admin” , “PASSWORD”: “password”}Login as a number, password as a string: {“login”: 1234, “password”: “password”}Login as a string, password as a number: {“login”: “admin” , “password”: 1234}Repeated keys: {“login”: “admin” , “login”: “user” , “password”: “password”}Single quotes instead of double: {‘login’: ‘admin’ , ‘password’: ‘password’}Login and password with only special characters: {“login”: “@#$%^&*” , “password”: “!@#$%^&*”}Unicode escape sequence: {“login”: “\u0041\u0044\u004D\u0049\u004E” , “password”: “\u0050\u0041\u0053\u0053\u0057\u004F\u0052\u 0044”}Value as object instead of string: {“login”: {“$oid”: “507c7f79bcf86cd7994f6c0e”}, “password”: “password”}}Nonexistent variables as values: {“login”: undefined, “password”: undefined}Extra nested objects: {“login”: “admin” , “password”: “password” , “extra”: {“key1”: “value1” , “key2”: “value2”}}Hexadecimal values: {“login”: “0x1234” , “password”: “0x5678”}Extra symbols after valid JSON: {“login”: “admin” , “password”: “password”}@@@@@@}Only keys, without values: {“login”:, “password”:}Insertion of control characters: {“login”: “ad\u0000min” , “password”: “pass\u0000word”}Long Unicode Strings: {“login”: “\u0061”*10000, “password”: “\u0061”*10000}Newline Characters in Strings: {“login”: “ad\nmin” , “password”: “pa\nssword”}Tab Characters in Strings: {“login”: “ad\tmin” , “password”: “pa\tssword”}Test with HTML content in Strings: {“login”: “admin” , “password”: “password”}JSON Injection in Strings: {“login”: “{\”injection\”:\”value\”}” , “password”: “password”}Test with XML content in Strings: {“login”: “admin” , “password”: “password”}Combination of Number, Strings, and Special characters: {“login”: “ad123min!@” , “password”: “pa55w0rd!@”}Floating numbers as Strings: {“login”: “123.456” , “password”: “789.123”}Value as a combination of languages (Here, English and Hindi): {“login”: “adminवà¥à¤¯à¤µà¤¸à¥à¤ ¥à¤¾à¤ªà¤•” , “password”: “passwordपासवरà¥à¤¡”}Non-ASCII characters in Strings: {“login”: “∆admin∆” , “password”: “∆password∆”}Single Character Keys and Values: {“l”: “a” , “p”: “p”}Use of environment variables: {“login”: “${USER}” , “password”: “${PASS}”}
![]()
.png)
9 months ago
84 
Bengali (Bangladesh) · 
English (United States) ·