Cats

All Tests / Test 6627

Test Id

Test 6627

Test Trace Id

e47aef2e-2957-49f2-91df-8e32b3a97133

Timestamp

Tue, 23 Jun 2026 21:40:52 GMT

Scenario

Send string fields encoded as boolean: field [mfaToken], fuzzed value [false], original [GWIURWTKTJKCQMHVCVHWOEYSFT]. This tests type validation and potential type coercion issues.

Expected Result

Should return 4XX

Result

error

Result Details

The following keywords were detected in the response which might suggest an error details leak: [unauthorized]

Contract Path

/api/auth/mfa

Fuzzer

BooleanValuesInStringFields

Full Request Path

https://qa-api.puk3p.online/api/auth/mfa

Http Method

post

Request Details

Payload

{
  "mfaToken": false,
  "code": "191727"
}

Request Details

Headers

[
  {
    "key": "Accept",
    "value": "application/json"
  },
  {
    "key": "Content-Type",
    "value": "application/json"
  },
  {
    "key": "User-Agent",
    "value": "cats/13.8.1-SNAPSHOT (Test 6627 - BooleanValuesInStringFields)"
  },
  {
    "key": "X-Cats-Trace-Id",
    "value": "e47aef2e-2957-49f2-91df-8e32b3a97133"
  }
]

Request Details

cURL

curl  -X POST \
     -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: cats/13.8.1-SNAPSHOT (Test 6627 - BooleanValuesInStringFields)" \
-H "X-Cats-Trace-Id: e47aef2e-2957-49f2-91df-8e32b3a97133" \
 \
      -d '{"mfaToken":false,"code":"191727"}' \
      https://qa-api.puk3p.online/api/auth/mfa

Response

{
  "responseCode": 401,
  "httpMethod": "POST",
  "responseTimeInMs": "134",
  "numberOfWordsInResponse": "8",
  "numberOfLinesInResponse": "1",
  "contentLengthInBytes": "193",
  "jsonBody": {
    "timestamp": "2026-06-23T21:40:52.187170693Z",
    "status": 401,
    "error": "Unauthorized",
    "message": "Your verification session expired — sign in again",
    "path": "/api/auth/mfa",
    "validationErrors": null
  },
  "headers": [
    {
      "key": "cache-control",
      "value": "no-cache, no-store, max-age=0, must-revalidate"
    },
    {
      "key": "content-type",
      "value": "application/json"
    },
    {
      "key": "date",
      "value": "Tue, 23 Jun 2026 21:40:52 GMT"
    },
    {
      "key": "expires",
      "value": "0"
    },
    {
      "key": "pragma",
      "value": "no-cache"
    },
    {
      "key": "server",
      "value": "nginx/1.24.0 (Ubuntu)"
    },
    {
      "key": "strict-transport-security",
      "value": "max-age=31536000 ; includeSubDomains"
    },
    {
      "key": "vary",
      "value": "Origin"
    },
    {
      "key": "x-content-type-options",
      "value": "nosniff"
    },
    {
      "key": "x-frame-options",
      "value": "DENY"
    },
    {
      "key": "x-xss-protection",
      "value": "0"
    }
  ],
  "responseContentType": "application/json"
}

CATS Replay

cats replay Test6627