schemathesis 3.39.7__py3-none-any.whl → 4.0.0a2__py3-none-any.whl

schemathesis/specs/openapi/checks.py

@@ -1,38 +1,48 @@
 from __future__ import annotations
 
 import enum
+import http.client
 from dataclasses import dataclass
 from http.cookies import SimpleCookie
 from typing import TYPE_CHECKING, Any, Dict, Generator, NoReturn, cast
 from urllib.parse import parse_qs, urlparse
 
-from ... import failures
-from ...exceptions import (
-    get_ensure_resource_availability_error,
-    get_headers_error,
-    get_ignored_auth_error,
-    get_malformed_media_type_error,
-    get_missing_content_type_error,
-    get_negative_rejection_error,
-    get_positive_acceptance_error,
-    get_response_type_error,
-    get_schema_validation_error,
-    get_status_code_error,
-    get_use_after_free_error,
+import schemathesis
+from schemathesis.checks import CheckContext
+from schemathesis.core import media_types, string_to_boolean
+from schemathesis.core.failures import Failure
+from schemathesis.core.transport import Response
+from schemathesis.generation.case import Case
+from schemathesis.generation.meta import ComponentKind, CoveragePhaseData
+from schemathesis.openapi.checks import (
+    AcceptedNegativeData,
+    EnsureResourceAvailability,
+    IgnoredAuth,
+    JsonSchemaError,
+    MalformedMediaType,
+    MissingContentType,
+    MissingHeaders,
+    MissingRequiredHeaderConfig,
+    NegativeDataRejectionConfig,
+    PositiveDataAcceptanceConfig,
+    RejectedPositiveData,
+    UndefinedContentType,
+    UndefinedStatusCode,
+    UseAfterFree,
 )
-from ...internal.transformation import convert_boolean_string
-from ...transports.content_types import parse_content_type
+from schemathesis.specs.openapi.constants import LOCATION_TO_CONTAINER
+from schemathesis.transport.prepare import prepare_path
+
 from .utils import expand_status_code, expand_status_codes
 
 if TYPE_CHECKING:
     from requests import PreparedRequest
 
-    from ...internal.checks import CheckContext
-    from ...models import APIOperation, Case
-    from ...transports.responses import GenericResponse
+    from ...schemas import APIOperation
 
 
-def status_code_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+@schemathesis.check
+def status_code_conformance(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -45,15 +55,12 @@ def status_code_conformance(ctx: CheckContext, response: GenericResponse, case:
     if response.status_code not in allowed_status_codes:
         defined_status_codes = list(map(str, responses))
         responses_list = ", ".join(defined_status_codes)
-        exc_class = get_status_code_error(case.operation.verbose_name, response.status_code)
-        raise exc_class(
-            failures.UndefinedStatusCode.title,
-            context=failures.UndefinedStatusCode(
-                message=f"Received: {response.status_code}\nDocumented: {responses_list}",
-                status_code=response.status_code,
-                defined_status_codes=defined_status_codes,
-                allowed_status_codes=allowed_status_codes,
-            ),
+        raise UndefinedStatusCode(
+            operation=case.operation.label,
+            status_code=response.status_code,
+            defined_status_codes=defined_status_codes,
+            allowed_status_codes=allowed_status_codes,
+            message=f"Received: {response.status_code}\nDocumented: {responses_list}",
         )
     return None  # explicitly return None for mypy
 
@@ -63,7 +70,8 @@ def _expand_responses(responses: dict[str | int, Any]) -> Generator[int, None, N
         yield from expand_status_code(code)
 
 
-def content_type_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+@schemathesis.check
+def content_type_conformance(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -71,25 +79,24 @@ def content_type_conformance(ctx: CheckContext, response: GenericResponse, case:
     documented_content_types = case.operation.schema.get_content_types(case.operation, response)
     if not documented_content_types:
         return None
-    content_type = response.headers.get("Content-Type")
-    if not content_type:
-        formatted_content_types = [f"\n- `{content_type}`" for content_type in documented_content_types]
-        raise get_missing_content_type_error(case.operation.verbose_name)(
-            failures.MissingContentType.title,
-            context=failures.MissingContentType(
-                message=f"The following media types are documented in the schema:{''.join(formatted_content_types)}",
-                media_types=documented_content_types,
-            ),
+    content_types = response.headers.get("content-type")
+    if not content_types:
+        all_media_types = [f"\n- `{content_type}`" for content_type in documented_content_types]
+        raise MissingContentType(
+            operation=case.operation.label,
+            message=f"The following media types are documented in the schema:{''.join(all_media_types)}",
+            media_types=documented_content_types,
         )
+    content_type = content_types[0]
     for option in documented_content_types:
         try:
-            expected_main, expected_sub = parse_content_type(option)
-        except ValueError as exc:
-            _reraise_malformed_media_type(case, exc, "Schema", option, option)
+            expected_main, expected_sub = media_types.parse(option)
+        except ValueError:
+            _reraise_malformed_media_type(case, "Schema", option, option)
         try:
-            received_main, received_sub = parse_content_type(content_type)
-        except ValueError as exc:
-            _reraise_malformed_media_type(case, exc, "Response", content_type, option)
+            received_main, received_sub = media_types.parse(content_type)
+        except ValueError:
+            _reraise_malformed_media_type(case, "Response", content_type, option)
         if (
             (expected_main == "*" and expected_sub == "*")
             or (expected_main == received_main and expected_sub == "*")
@@ -97,28 +104,25 @@ def content_type_conformance(ctx: CheckContext, response: GenericResponse, case:
             or (expected_main == received_main and expected_sub == received_sub)
         ):
             return None
-    exc_class = get_response_type_error(
-        case.operation.verbose_name, f"{expected_main}_{expected_sub}", f"{received_main}_{received_sub}"
-    )
-    raise exc_class(
-        failures.UndefinedContentType.title,
-        context=failures.UndefinedContentType(
-            message=f"Received: {content_type}\nDocumented: {', '.join(documented_content_types)}",
-            content_type=content_type,
-            defined_content_types=documented_content_types,
-        ),
+    raise UndefinedContentType(
+        operation=case.operation.label,
+        message=f"Received: {content_type}\nDocumented: {', '.join(documented_content_types)}",
+        content_type=content_type,
+        defined_content_types=documented_content_types,
     )
 
 
-def _reraise_malformed_media_type(case: Case, exc: ValueError, location: str, actual: str, defined: str) -> NoReturn:
-    message = f"Media type for {location} is incorrect\n\nReceived: {actual}\nDocumented: {defined}"
-    raise get_malformed_media_type_error(case.operation.verbose_name, message)(
-        failures.MalformedMediaType.title,
-        context=failures.MalformedMediaType(message=message, actual=actual, defined=defined),
-    ) from exc
+def _reraise_malformed_media_type(case: Case, location: str, actual: str, defined: str) -> NoReturn:
+    raise MalformedMediaType(
+        operation=case.operation.label,
+        message=f"Media type for {location} is incorrect\n\nReceived: {actual}\nDocumented: {defined}",
+        actual=actual,
+        defined=defined,
+    )
 
 
-def response_headers_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+@schemathesis.check
+def response_headers_conformance(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     import jsonschema
 
     from .parameters import OpenAPI20Parameter, OpenAPI30Parameter
@@ -136,23 +140,17 @@ def response_headers_conformance(ctx: CheckContext, response: GenericResponse, c
     missing_headers = [
         header
         for header, definition in defined_headers.items()
-        if header not in response.headers and definition.get(case.operation.schema.header_required_field, False)
+        if header.lower() not in response.headers and definition.get(case.operation.schema.header_required_field, False)
     ]
-    errors = []
+    errors: list[Failure] = []
     if missing_headers:
         formatted_headers = [f"\n- `{header}`" for header in missing_headers]
         message = f"The following required headers are missing from the response:{''.join(formatted_headers)}"
-        exc_class = get_headers_error(case.operation.verbose_name, message)
-        try:
-            raise exc_class(
-                failures.MissingHeaders.title,
-                context=failures.MissingHeaders(message=message, missing_headers=missing_headers),
-            )
-        except Exception as exc:
-            errors.append(exc)
+        errors.append(MissingHeaders(operation=case.operation.label, message=message, missing_headers=missing_headers))
     for name, definition in defined_headers.items():
-        value = response.headers.get(name)
-        if value is not None:
+        values = response.headers.get(name.lower())
+        if values is not None:
+            value = values[0]
             with case.operation.schema._validating_response(scopes) as resolver:
                 if "$ref" in definition:
                     _, definition = resolver.resolve(definition["$ref"])
@@ -173,14 +171,14 @@ def response_headers_conformance(ctx: CheckContext, response: GenericResponse, c
                         format_checker=jsonschema.Draft202012Validator.FORMAT_CHECKER,
                     )
                 except jsonschema.ValidationError as exc:
-                    exc_class = get_schema_validation_error(case.operation.verbose_name, exc)
-                    error_ctx = failures.ValidationErrorContext.from_exception(
-                        exc, output_config=case.operation.schema.output_config
+                    errors.append(
+                        JsonSchemaError.from_exception(
+                            title="Response header does not conform to the schema",
+                            operation=case.operation.label,
+                            exc=exc,
+                            output_config=case.operation.schema.output_config,
+                        )
                     )
-                    try:
-                        raise exc_class("Response header does not conform to the schema", context=error_ctx) from exc
-                    except Exception as exc:
-                        errors.append(exc)
     return _maybe_raise_one_or_more(errors)  # type: ignore[func-returns-value]
 
 
@@ -202,11 +200,12 @@ def _coerce_header_value(value: str, schema: dict[str, Any]) -> str | int | floa
     if schema_type == "null" and value.lower() == "null":
         return None
     if schema_type == "boolean":
-        return convert_boolean_string(value)
+        return string_to_boolean(value)
     return value
 
 
-def response_schema_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+@schemathesis.check
+def response_schema_conformance(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -214,88 +213,85 @@ def response_schema_conformance(ctx: CheckContext, response: GenericResponse, ca
     return case.operation.validate_response(response)
 
 
-def negative_data_rejection(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+@schemathesis.check
+def negative_data_rejection(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
-    if not isinstance(case.operation.schema, BaseOpenAPISchema):
+    if not isinstance(case.operation.schema, BaseOpenAPISchema) or case.meta is None:
         return True
 
-    config = ctx.config.negative_data_rejection
+    config = ctx.config.get(negative_data_rejection, NegativeDataRejectionConfig())
     allowed_statuses = expand_status_codes(config.allowed_statuses or [])
 
     if (
-        case.data_generation_method
-        and case.data_generation_method.is_negative
+        case.meta.generation.mode.is_negative
         and response.status_code not in allowed_statuses
         and not has_only_additional_properties_in_non_body_parameters(case)
     ):
-        message = f"Allowed statuses: {', '.join(config.allowed_statuses)}"
-        exc_class = get_negative_rejection_error(case.operation.verbose_name, response.status_code)
-        raise exc_class(
-            failures.AcceptedNegativeData.title,
-            context=failures.AcceptedNegativeData(
-                message=message,
-                status_code=response.status_code,
-                allowed_statuses=config.allowed_statuses,
-            ),
+        raise AcceptedNegativeData(
+            operation=case.operation.label,
+            message=f"Allowed statuses: {', '.join(config.allowed_statuses)}",
+            status_code=response.status_code,
+            allowed_statuses=config.allowed_statuses,
         )
     return None
 
 
-def positive_data_acceptance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+@schemathesis.check
+def positive_data_acceptance(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
-    if not isinstance(case.operation.schema, BaseOpenAPISchema):
+    if not isinstance(case.operation.schema, BaseOpenAPISchema) or case.meta is None:
         return True
 
-    config = ctx.config.positive_data_acceptance
+    config = ctx.config.get(positive_data_acceptance, PositiveDataAcceptanceConfig())
     allowed_statuses = expand_status_codes(config.allowed_statuses or [])
 
-    if (
-        case.data_generation_method
-        and case.data_generation_method.is_positive
-        and response.status_code not in allowed_statuses
-    ):
-        message = f"Allowed statuses: {', '.join(config.allowed_statuses)}"
-        exc_class = get_positive_acceptance_error(case.operation.verbose_name, response.status_code)
-        raise exc_class(
-            failures.RejectedPositiveData.title,
-            context=failures.RejectedPositiveData(
-                message=message,
-                status_code=response.status_code,
-                allowed_statuses=config.allowed_statuses,
-            ),
+    if case.meta.generation.mode.is_positive and response.status_code not in allowed_statuses:
+        raise RejectedPositiveData(
+            operation=case.operation.label,
+            message=f"Allowed statuses: {', '.join(config.allowed_statuses)}",
+            status_code=response.status_code,
+            allowed_statuses=config.allowed_statuses,
         )
     return None
 
 
-def missing_required_header(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+def missing_required_header(ctx: CheckContext, response: Response, case: Case) -> bool | None:
+    # NOTE: This check is intentionally not registered with `@schemathesis.check` because it is experimental
+    meta = case.meta
+    if meta is None or not isinstance(meta.phase.data, CoveragePhaseData):
+        return None
+    data = meta.phase.data
     if (
-        case.meta
-        and case.meta.parameter_location == "header"
-        and case.meta.parameter
-        and case.meta.description
-        and case.meta.description.startswith("Missing ")
+        data.parameter
+        and data.parameter_location == "header"
+        and data.description
+        and data.description.startswith("Missing ")
     ):
-        if case.meta.parameter.lower() == "authorization":
+        if data.parameter.lower() == "authorization":
             allowed_statuses = {401}
         else:
-            config = ctx.config.missing_required_header
+            config = ctx.config.get(missing_required_header, MissingRequiredHeaderConfig())
             allowed_statuses = expand_status_codes(config.allowed_statuses or [])
         if response.status_code not in allowed_statuses:
-            allowed = f"Allowed statuses: {', '.join(map(str,allowed_statuses))}"
+            allowed = f"Allowed statuses: {', '.join(map(str, allowed_statuses))}"
             raise AssertionError(f"Unexpected response status for a missing header: {response.status_code}\n{allowed}")
     return None
 
 
-def unsupported_method(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
-    if case.meta and case.meta.description and case.meta.description.startswith("Unspecified HTTP method:"):
+def unsupported_method(ctx: CheckContext, response: Response, case: Case) -> bool | None:
+    meta = case.meta
+    if meta is None or not isinstance(meta.phase.data, CoveragePhaseData):
+        return None
+    data = meta.phase.data
+    if data.description and data.description.startswith("Unspecified HTTP method:"):
         if response.status_code != 405:
             raise AssertionError(
                 f"Unexpected response status for unspecified HTTP method: {response.status_code}\nExpected: 405"
             )
 
-        allow_header = response.headers.get("Allow")
+        allow_header = response.headers.get("allow")
         if not allow_header:
             raise AssertionError("Missing 'Allow' header in 405 Method Not Allowed response")
     return None
@@ -311,14 +307,17 @@ def has_only_additional_properties_in_non_body_parameters(case: Case) -> bool:
     if meta is None:
         # Ignore manually created cases
         return False
-    if (meta.body and meta.body.is_negative) or (meta.path_parameters and meta.path_parameters.is_negative):
+    if (ComponentKind.BODY in meta.components and meta.components[ComponentKind.BODY].mode.is_negative) or (
+        ComponentKind.PATH_PARAMETERS in meta.components
+        and meta.components[ComponentKind.PATH_PARAMETERS].mode.is_negative
+    ):
         # Body or path negations always imply other negations
         return False
     validator_cls = case.operation.schema.validator_cls  # type: ignore[attr-defined]
-    for container in ("query", "headers", "cookies"):
-        meta_for_location = getattr(meta, container)
-        value = getattr(case, container)
-        if value is not None and meta_for_location is not None and meta_for_location.is_negative:
+    for container in (ComponentKind.QUERY, ComponentKind.HEADERS, ComponentKind.COOKIES):
+        meta_for_location = meta.components.get(container)
+        value = getattr(case, container.value)
+        if value is not None and meta_for_location is not None and meta_for_location.mode.is_negative:
             parameters = getattr(case.operation, container)
             value_without_additional_properties = {k: v for k, v in value.items() if k in parameters}
             schema = get_schema_for_location(case.operation, container, parameters)
@@ -329,80 +328,94 @@ def has_only_additional_properties_in_non_body_parameters(case: Case) -> bool:
     return True
 
 
-def use_after_free(ctx: CheckContext, response: GenericResponse, original: Case) -> bool | None:
-    from ...transports.responses import get_reason
+@schemathesis.check
+def use_after_free(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
-    if not isinstance(original.operation.schema, BaseOpenAPISchema):
+    if not isinstance(case.operation.schema, BaseOpenAPISchema):
         return True
-    if response.status_code == 404 or not original.source or response.status_code >= 500:
+    if response.status_code == 404 or response.status_code >= 500:
         return None
-    response = original.source.response
-    case = original.source.case
-    while True:
-        # Find the most recent successful DELETE call that corresponds to the current operation
-        if case.operation.method.lower() == "delete" and 200 <= response.status_code < 300:
+
+    for related_case in ctx.find_related(case_id=case.id):
+        parent = ctx.find_parent(case_id=related_case.id)
+        if not parent:
+            continue
+
+        parent_response = ctx.find_response(case_id=parent.id)
+
+        if (
+            related_case.operation.method.lower() == "delete"
+            and parent_response is not None
+            and 200 <= parent_response.status_code < 300
+        ):
             if _is_prefix_operation(
+                ResourcePath(related_case.path, related_case.path_parameters or {}),
                 ResourcePath(case.path, case.path_parameters or {}),
-                ResourcePath(original.path, original.path_parameters or {}),
             ):
-                free = f"{case.operation.method.upper()} {case.formatted_path}"
-                usage = f"{original.operation.method} {original.formatted_path}"
-                exc_class = get_use_after_free_error(case.operation.verbose_name)
-                reason = get_reason(response.status_code)
-                message = (
-                    "The API did not return a `HTTP 404 Not Found` response "
-                    f"(got `HTTP {response.status_code} {reason}`) for a resource that was previously deleted.\n\nThe resource was deleted with `{free}`"
-                )
-                raise exc_class(
-                    failures.UseAfterFree.title,
-                    context=failures.UseAfterFree(
-                        message=message,
-                        free=free,
-                        usage=usage,
+                free = f"{related_case.operation.method.upper()} {prepare_path(related_case.path, related_case.path_parameters)}"
+                usage = f"{case.operation.method.upper()} {prepare_path(case.path, case.path_parameters)}"
+                reason = http.client.responses.get(response.status_code, "Unknown")
+                raise UseAfterFree(
+                    operation=related_case.operation.label,
+                    message=(
+                        "The API did not return a `HTTP 404 Not Found` response "
+                        f"(got `HTTP {response.status_code} {reason}`) for a resource that was previously deleted.\n\nThe resource was deleted with `{free}`"
                     ),
+                    free=free,
+                    usage=usage,
                 )
-        if case.source is None:
-            break
-        response = case.source.response
-        case = case.source.case
+
     return None
 
 
-def ensure_resource_availability(ctx: CheckContext, response: GenericResponse, original: Case) -> bool | None:
-    from ...transports.responses import get_reason
+@schemathesis.check
+def ensure_resource_availability(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
-    if not isinstance(original.operation.schema, BaseOpenAPISchema):
+    if not isinstance(case.operation.schema, BaseOpenAPISchema):
         return True
+
+    parent = ctx.find_parent(case_id=case.id)
+    if parent is None:
+        return None
+    parent_response = ctx.find_response(case_id=parent.id)
+    if parent_response is None:
+        return None
+
+    overrides = case._override
+    overrides_all_parameters = True
+    for parameter in case.operation.iter_parameters():
+        container = LOCATION_TO_CONTAINER[parameter.location]
+        if parameter.name not in getattr(overrides, container, {}):
+            overrides_all_parameters = False
+            break
+
     if (
         # Response indicates a client error, even though all available parameters were taken from links
         # and comes from a POST request. This case likely means that the POST request actually did not
         # save the resource and it is not available for subsequent operations
         400 <= response.status_code < 500
-        and original.source
-        and original.source.case.operation.method.upper() == "POST"
-        and 200 <= original.source.response.status_code < 400
-        and original.source.overrides_all_parameters
+        and parent.operation.method.upper() == "POST"
+        and 200 <= parent_response.status_code < 400
+        and overrides_all_parameters
         and _is_prefix_operation(
-            ResourcePath(original.source.case.path, original.source.case.path_parameters or {}),
-            ResourcePath(original.path, original.path_parameters or {}),
+            ResourcePath(parent.path, parent.path_parameters or {}),
+            ResourcePath(case.path, case.path_parameters or {}),
         )
     ):
-        created_with = original.source.case.operation.verbose_name
-        not_available_with = original.operation.verbose_name
-        exc_class = get_ensure_resource_availability_error(created_with)
-        reason = get_reason(response.status_code)
-        message = (
-            f"The API returned `{response.status_code} {reason}` for a resource that was just created.\n\n"
-            f"Created with      : `{created_with}`\n"
-            f"Not available with: `{not_available_with}`"
-        )
-        raise exc_class(
-            failures.EnsureResourceAvailability.title,
-            context=failures.EnsureResourceAvailability(
-                message=message, created_with=created_with, not_available_with=not_available_with
+        created_with = parent.operation.label
+        not_available_with = case.operation.label
+        reason = http.client.responses.get(response.status_code, "Unknown")
+        raise EnsureResourceAvailability(
+            operation=created_with,
+            message=(
+                f"The API returned `{response.status_code} {reason}` for a resource that was just created.\n\n"
+                f"Created with      : `{created_with}`\n"
+                f"Not available with: `{not_available_with}`"
             ),
+            created_with=created_with,
+            not_available_with=not_available_with,
         )
     return None
 
@@ -412,7 +425,8 @@ class AuthKind(enum.Enum):
     GENERATED = "generated"
 
 
-def ignored_auth(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
+@schemathesis.check
+def ignored_auth(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     """Check if an operation declares authentication as a requirement but does not actually enforce it."""
     from .schemas import BaseOpenAPISchema
 
@@ -425,7 +439,7 @@ def ignored_auth(ctx: CheckContext, response: GenericResponse, case: Case) -> bo
         if auth == AuthKind.EXPLICIT:
             # Auth is explicitly set, it is expected to be valid
             # Check if invalid auth will give an error
-            _remove_auth_from_case(case, security_parameters)
+            no_auth_case = remove_auth(case, security_parameters)
             kwargs = ctx.transport_kwargs or {}
             kwargs.copy()
             if "headers" in kwargs:
@@ -433,46 +447,36 @@ def ignored_auth(ctx: CheckContext, response: GenericResponse, case: Case) -> bo
                 _remove_auth_from_explicit_headers(headers, security_parameters)
                 kwargs["headers"] = headers
             kwargs.pop("session", None)
-            new_response = case.operation.schema.transport.send(case, **kwargs)
-            if new_response.status_code != 401:
-                _update_response(response, new_response)
-                _raise_no_auth_error(new_response, case.operation.verbose_name, "that requires authentication")
+            ctx.record_case(parent_id=case.id, case=no_auth_case)
+            no_auth_response = case.operation.schema.transport.send(no_auth_case, **kwargs)
+            ctx.record_response(case_id=no_auth_case.id, response=no_auth_response)
+            if no_auth_response.status_code != 401:
+                _raise_no_auth_error(no_auth_response, no_auth_case, "that requires authentication")
             # Try to set invalid auth and check if it succeeds
             for parameter in security_parameters:
-                _set_auth_for_case(case, parameter)
-                new_response = case.operation.schema.transport.send(case, **kwargs)
-                if new_response.status_code != 401:
-                    _update_response(response, new_response)
-                    _raise_no_auth_error(new_response, case.operation.verbose_name, "with any auth")
-                _remove_auth_from_case(case, security_parameters)
+                invalid_auth_case = remove_auth(case, security_parameters)
+                _set_auth_for_case(invalid_auth_case, parameter)
+                ctx.record_case(parent_id=case.id, case=invalid_auth_case)
+                invalid_auth_response = case.operation.schema.transport.send(invalid_auth_case, **kwargs)
+                ctx.record_response(case_id=invalid_auth_case.id, response=invalid_auth_response)
+                if invalid_auth_response.status_code != 401:
+                    _raise_no_auth_error(invalid_auth_response, invalid_auth_case, "with any auth")
         elif auth == AuthKind.GENERATED:
             # If this auth is generated which means it is likely invalid, then
             # this request should have been an error
-            _raise_no_auth_error(response, case.operation.verbose_name, "with invalid auth")
+            _raise_no_auth_error(response, case, "with invalid auth")
         else:
             # Successful response when there is no auth
-            _raise_no_auth_error(response, case.operation.verbose_name, "that requires authentication")
+            _raise_no_auth_error(response, case, "that requires authentication")
     return None
 
 
-def _update_response(old: GenericResponse, new: GenericResponse) -> None:
-    # Mutate the response object in place on the best effort basis
-    if hasattr(old, "__attrs__"):
-        for attribute in new.__attrs__:
-            setattr(old, attribute, getattr(new, attribute))
-    else:
-        old.__dict__.update(new.__dict__)
-
-
-def _raise_no_auth_error(response: GenericResponse, operation: str, suffix: str) -> NoReturn:
-    from ...transports.responses import get_reason
-
-    exc_class = get_ignored_auth_error(operation)
-    reason = get_reason(response.status_code)
-    message = f"The API returned `{response.status_code} {reason}` for `{operation}` {suffix}."
-    raise exc_class(
-        failures.IgnoredAuth.title,
-        context=failures.IgnoredAuth(message=message),
+def _raise_no_auth_error(response: Response, case: Case, suffix: str) -> NoReturn:
+    reason = http.client.responses.get(response.status_code, "Unknown")
+    raise IgnoredAuth(
+        operation=case.operation.label,
+        message=f"The API returned `{response.status_code} {reason}` for `{case.operation.label}` {suffix}.",
+        case_id=case.id,
     )
 
 
@@ -540,19 +544,34 @@ def _contains_auth(
     return None
 
 
-def _remove_auth_from_case(case: Case, security_parameters: list[SecurityParameter]) -> None:
+def remove_auth(case: Case, security_parameters: list[SecurityParameter]) -> Case:
     """Remove security parameters from a generated case.
 
     It mutates `case` in place.
     """
+    headers = case.headers.copy() if case.headers else None
+    query = case.query.copy() if case.query else None
+    cookies = case.cookies.copy() if case.cookies else None
     for parameter in security_parameters:
         name = parameter["name"]
-        if parameter["in"] == "header" and case.headers:
-            case.headers.pop(name, None)
-        if parameter["in"] == "query" and case.query:
-            case.query.pop(name, None)
-        if parameter["in"] == "cookie" and case.cookies:
-            case.cookies.pop(name, None)
+        if parameter["in"] == "header" and headers:
+            headers.pop(name, None)
+        if parameter["in"] == "query" and query:
+            query.pop(name, None)
+        if parameter["in"] == "cookie" and cookies:
+            cookies.pop(name, None)
+    return Case(
+        operation=case.operation,
+        method=case.method,
+        path=case.path,
+        path_parameters=case.path_parameters.copy() if case.path_parameters else None,
+        headers=headers,
+        cookies=cookies,
+        query=query,
+        body=case.body.copy() if isinstance(case.body, (list, dict)) else case.body,
+        media_type=case.media_type,
+        meta=case.meta,
+    )
 
 
 def _remove_auth_from_explicit_headers(headers: dict, security_parameters: list[SecurityParameter]) -> None: