After upgrading Karate from 1.1.0 to 1.2.0 I have a error:
'io.netty.handler.codec.http.cookie.CookieHeaderNames$SameSite io.netty.handler.codec.http.cookie.DefaultCookie.sameSite()
Feature: Get Bearer Token from Okta
Scenario: Get access token for OAuth2 client credentials
Given url karate.properties['okta.server.url']
* form field grant_type = 'client_credentials'
* form field scope = scope
* header Authorization = call read('classpath:com/moo/g/karate/basic-auth.js') { username : '#(clientId)', password : '#(secret)' }
When method post
Then status 200
* def authToken = response.access_token
Debug console:
Gets 200 return then errors:
14:41:02.617 [main] DEBUG com.intuit.karate - response time in milliseconds: 758
1 < 200
1 < Date: Tue, 23 Aug 2022 19:41:02 GMT
1 < Server: nginx
1 < Content-Type: application/json
1 < x-okta-request-id: YwUtTpqpDjtZ6CYqc2sA8gAABvQ
1 < x-xss-protection: 0
1 < p3p: CP="HONK"
1 < content-security-policy: frame-ancestors 'self'
1 < x-rate-limit-limit: 2000
1 < x-rate-limit-remaining: 1994
1 < x-rate-limit-reset: 1661283689
1 < cache-control: no-cache, no-store
1 < pragma: no-cache
1 < expires: 0
1 < expect-ct: report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0
1 < x-content-type-options: nosniff
1 < Strict-Transport-Security: max-age=315360000; includeSubDomains
1 < X-Robots-Tag: noindex,nofollow
1 < Keep-Alive: timeout=5, max=100
1 < Connection: Keep-Alive
1 < Transfer-Encoding: chunked
1 < Set-Cookie: JSESSIONID=26F3D925C7E7E003B5430ED9AFCEFCAA; Domain=login-preview.moo.com; Secure
{"token_type":"Bearer","expires_in":3600,"access_token":"eyJraWQiOiJjTl95TE9VWHYtdzA3REQ5OXZIQXNkWDlocnZQWG0wUmJQQnpLNElJbzB3IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULjN5RG5WNnB5X0hTVWR1T2tiY01WZFNaNzNyRDJIWm1RalJKMUdQWWJHTVkiLCJpc3MiOiJodHRwczovL2xvZ2luLXByZXZpZXcubXV0dWFsb2ZvbWFoYS5jb20vb2F1dGgyL2F1c3B4M3c1aXdHZ0huTG9QMWQ2IiwiYXVkIjoiYXBpOi8vZGVmYXVsdCIsImlhdCI6MTY2MTI4MzY2MiwiZXhwIjoxNjYxMjg3MjYyLCJjaWQiOiIwb2EydHlmd3RlaWVRejBMQTFkNyIsInNjcCI6WyJkZWxldGUtZG9jdW1lbnQiLCJzcGVjaWFsLXJpc2stZG9jcyIsImFkZC1kb2N1bWVudCIsImdldC1kb2N1bWVudCIsInJwZC1kb2NzIiwiZ2V0LW1ldGFkYXRhIl0sInN1YiI6IjBvYTJ0eWZ3dGVpZVF6MExBMWQ3In0.JMMatbIe5N5wV0R2SKV8X_ifv_naRw16fbBEN0-WSvptim1xGcrtp7zNOurPJLLIGQlIJvRvpznBAinJqqSIOfAwe718BTfF4Ec98LlzYYXsn9HubJKedSAuM9KM51vjohkljYD9duZF2s4rtd3BZPkKE4WIZurtNb-1-F0a5LyjWdasBH7IIwK5oflDMb-Dxv7HIZck5FQkikWqQZwLTuKHOuKys1gUm3IDgQj6FSnJ6P-HfrOp1ahD4cb2RQJqKS4jQeY8Dv_Ne3sONiBbt8dqWnZGSCpwAOANwOaVUGzalOrk5At65I5ENQKL3PH4h3PdOOl21utME2LugUG8BA","scope":"delete-document special-risk-docs add-document get-document rpd-docs get-metadata"}
14:41:02.619 [main] ERROR com.intuit.karate - classpath:com/moo/g/karate/get-authorization-okta-token.feature:8
When method post
'io.netty.handler.codec.http.cookie.CookieHeaderNames$SameSite io.netty.handler.codec.http.cookie.DefaultCookie.sameSite()'
Not sure what next approach is, besides going back to 1.1.0.
Thanks in advance.
Sincerely
Todd
The best thing to do is follow this process: https://github.com/karatelabs/karate/wiki/How-to-Submit-an-Issue
Note that there were many RC versions released to get this kind of feedback earlier.
I am on version 1.3 and issue has cleared.
Related
Working with YouTube Data API v3
I want to get Access token using this tutorial: https://developers.google.com/youtube/v3/guides/auth/server-side-web-apps
[[CODE]] :
4%2F0AdQt8qiarZnP_RFvafYA-ABLABLA*UpZ6YlB1_Byzrvqfm9iRthXll6F6TfG_f-cGw
[[CLIENT_ID]] :
27501137863BLABLA*sd2918n2gqqclurlegm6j2.apps.googleusercontent.com
[[CLIENT_SECRET]] :
GOCSPX-T0lF1yVLJ*BLABLAGgfL7qvcwB5p
I send a POST request:
screenshot: https://i.imgur.com/9DzF4aK.png
I get a 400 error, What's wrong?:
Status: 400
Pragma: no-cache
Date: Thu, 11 Aug 2022 18:14:44 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Server: scaffolding on HTTPServer2
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked
{
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}```
Your endpoint is wrong to start with its https://oauth2.googleapis.com/token Thats why you are getting a 404
POST /token HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=https%3A//oauth2.example.com/code&
grant_type=authorization_code
You may want to try watching this Understanding Google OAuth 2.0 with curl or this How to set up Oauth2 in PostMan. although im not sure if what you are using is postman or not.
I'm trying to create the path for the Odata URL in Karate.
The path looks like: '/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results'
It seems like Karate can't read special characters like round brackets () and ' '. And it cuts the url after opu/odata/srt/ZQ_SRV/ZQ_BI_Q001 right before the round brackets starts. And the rest of the url (OPT_1='0013076036',OPT_To='0013076036')/Results looks like a text.
I've tried to use %28 for ( and 29% for ) and %27 for ' but it didn't help.
P.S.When running the same url in Postman the call went successfully
Running the test url:
Background:
* url "https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
Scenario: test check
* method get
Try building the url fully by hand and don't use param or path:
* url "http://myhost/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
If that still doesn't work, it is likely your server does not handle encoded URL-s correctly which could be a bug: https://stackoverflow.com/a/54477346/143475
EDIT: just try these 2 lines to prove there is nothing wrong with Karate / or see this simpler example: https://stackoverflow.com/a/67068873/143475
* url "https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
* method get
This is the result:
Running com.intuit.karate.junit4.dev.TestRunner
23:11:06.404 [main] DEBUG com.intuit.karate - request:
1 > GET https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results
1 > Accept-Encoding: gzip,deflate
1 > Connection: Keep-Alive
1 > Host: httpbin.org
1 > User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_231)
23:11:08.154 [main] DEBUG com.intuit.karate - response time in milliseconds: 1745.46
1 < 200
1 < Access-Control-Allow-Credentials: true
1 < Access-Control-Allow-Origin: *
1 < Connection: keep-alive
1 < Content-Type: application/json
1 < Date: Wed, 22 Jan 2020 17:41:07 GMT
1 < Referrer-Policy: no-referrer-when-downgrade
1 < Server: nginx
1 < X-Content-Type-Options: nosniff
1 < X-Frame-Options: DENY
1 < X-XSS-Protection: 1; mode=block
{
"args": {},
"data": "",
"files": {},
"form": {},
"headers": {
"Accept-Encoding": "gzip,deflate",
"Host": "httpbin.org",
"User-Agent": "Apache-HttpClient/4.5.5 (Java/1.8.0_231)"
},
"json": null,
"method": "GET",
"origin": "49.206.14.183, 49.206.14.183",
"url": "https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
}
Resolved issue by putting * method get instead of When method GET
Then status 200
The following code :
Background:
* url "https://www.google.fr"
Scenario: hide password
Given path "login"
And form field username = 'john'
And form field password = 'secret'
When method post
Then status 200
Gives the following output :
10:38:34.710 request:
1 > POST https://www.google.fr/login
1 > Accept-Encoding: gzip,deflate
1 > Connection: Keep-Alive
1 > Content-Length: 29
1 > Content-Type: application/x-www-form-urlencoded; charset=UTF-8
1 > Host: www.google.fr
1 > User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_191)
username=john&password=secret
Is there a way to hide the password here, while keeping the logs at the DEBUG level? If that means also hiding the username, that's not a problem.
This may need to be a feature request if * configure report = { showLog: false } does not do it already.
I'm trying to debug some JMS code by running an ActiveMQ locally - Using the Docker image rmohr/activemq:5.15.4-alpine - and using cURL to read the messages posted to the topic. This is mostly working, but I'm not getting the actual body of the message.
What I'm doing is:
curl -v -XGET http://admin:admin#localhost:8161/api/message?destination=topic://Events&json=true&oneShot=true
And this works as follows:
> GET /api/message?destination=topic://Events&json=true&oneShot=true HTTP/1.1
> Host: localhost:8161
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 20 Nov 2018 17:09:03 GMT
< X-FRAME-OPTIONS: SAMEORIGIN
< Set-Cookie: JSESSIONID=mcjaka6dsuz6534j0gj0gfnv;Path=/api
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1
< destination: topic://Events
< id: ID:b8b750274409-46243-1542707161912-1:23:1:1:6
< eventTime$iso8601: 2018-11-20T17:09:13.216Z
< eventTime$millis: 1542733753216
< eventName: ProcessItemEvent
< Transfer-Encoding: chunked
< Server: Jetty(9.2.22.v20170606)
<
However, the actual payload of the message is not returned. If I take off the json=true&oneShot=true then I get this instead:
{ [5 bytes data]
But still no more than that. And there should be a lot more than 5 bytes of payload data for these messages.
What am I missing in getting these messages to come through correctly?
Cheers
You are subscribing to topic://Events . Could it be that all the event information is in the header of the http response, and ActiveMQ is not adding anything extra in the body?
< destination: topic://Events
< id: ID:b8b750274409-46243-1542707161912-1:23:1:1:6
< eventTime$iso8601: 2018-11-20T17:09:13.216Z
< eventTime$millis: 1542733753216
< eventName: ProcessItemEven
If you want the messages posted to a specific topic, say 'foo.bar' you need to subscribe to topic://foo.bar .
I tried your command. As you can see below, I am getting the message body.
Could it be that you are receiving binary data that is not displaying in the terminal? Can you try saving the message body to a file. e.g. curl -o body.dat -v -XGET ...
$ curl -v -XGET 'http://admin:admin#localhost:8161/api/message?destination=topic://bayCarrState'
> GET /api/message?destination=topic://bayCarrState HTTP/1.1
> Authorization: Basic YWRtaW46YnJva2VyYWRtaW4=
> User-Agent: curl/7.29.0
> Host: localhost:8161
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 23 Nov 2018 04:55:59 GMT
< X-FRAME-OPTIONS: SAMEORIGIN
< Set-Cookie: JSESSIONID=sbwv48hmp5w9zw4zgttrbmyn;Path=/api
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Content-Type: text/plain; charset=ISO-8859-1
< destination: topic://bayCarrState
< id: ID:prd-rh7.mirrabooka.local-40596-1541746708502-3:160:-1:1:105
< Transfer-Encoding: chunked
< Server: Jetty(9.2.22.v20170606)
<
[{"elemId":"BayCarrState1","elemType":"BayCarrState","elemValue":{"bayId":"1","binFullWt":0,"binTipng":0,"binUntipdWt":0,"continuableRailSam
":0,"delivType":"R","frontPos":14,"lastSamTipng":0,"lastTickTipng":0,"locNum":1,"milltrainId":"A","rearPos":1,"samInProgress":0,"samTipng":0
,"tickTipng":0,"tipInProgress":0,"tipReady":0},"version":294},{"elemId":"BayCarrState2","elemType":"BayCarrState","elemValue":{"bayId":"2","
binFullWt":0,"binTipng":0,"binUntipdWt":0,"continuableRailSam":0,"delivType":"T","frontPos":28,"lastSamTipng":0,"lastTickTipng":0,"locNum":1
,"milltrainId":"A","rearPos":15,"samInProgress":0,"samTipng":0,"tickTipng":0,"tipInProgress":0,"tipReady":0},"version":294}]
* Connection #0 to host localhost left intact
DISCLAIMER: perhaps wrong forum, might not be coding related…
If having a valuePicker on a Xpage like the following
<xe:djextListTextBox
id="djextListTextBox1"
value="#{requestScope.category}"
multipleTrim="true"
multipleSeparator=","
>
</xe:djextListTextBox>
<xe:valuePicker
id="valuePicker1"
for="djextListTextBox1"
dialogTitle="Category"
dojoType="extlib.dijit.PickerCheckbox"
>
<xe:this.dataProvider>
<xe:simpleValuePicker
valueList="red,green,blue"
valueListSeparator=","
>
</xe:simpleValuePicker>
</xe:this.dataProvider>
</xe:valuePicker>
The response header from the Ajax call is NOT honoring the http server headers set.
The reply:
HTTP/1.1 200 OK
Date: Wed, 14 Feb 2018 10:21:01 GMT
Content-Type: application/json;charset=utf-8
Expires: -1
Content-Encoding: gzip
Content-Length: 73
Strict-Transport-Security: max-age=604800; includeSubDomains
But another control on the same page using also an ajax call to the server honors the headers:
<xp:inputText
id="inputText1"
value="#{document1.subject}"
>
<xp:typeAhead
mode="full"
minChars="1"
valueList="alpha#beta#charlie#delta#echo#foxtrot"
valueListSeparator="#"
tokens=",/"
ignoreCase="true"
>
</xp:typeAhead>
</xp:inputText>
Response:
HTTP/1.1 200 OK
Date: Wed, 14 Feb 2018 10:34:36 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=UTF-8
Expires: -1
Content-Encoding: gzip
Content-Length: 48
Strict-Transport-Security: max-age=604800; includeSubDomains
Expires: Mon, 01 Jan 1990 23:59:59 GMT
Pragma: no-cache
Cache-Control: no-cache,no-store,private,must-revalidate
X-Frame-Options: DENY
The server has defined several HTTP headers that we need to be honored thru all the system but for this valuePicker the response excludes them.
Why is that and how can this be fixed?
Using Domino 9.0.1FP10 on a Win/64 server and headers are defined as Web Site Rule and in notes.ini:
Rule:
HTTP response codes: 200, 206, 404, 403, 401, 500
Always add header
Specify a date: Expires after 1900-01-01
Header 1: Pragma, no-cache, override=true
Header 2: Cache-Control, no-cache,no-store,private,must-revalidate, override=true
Header 3: X-Frame-Options, DENY, override=true
Notes.ini
HTTPAdditionalRespHeader=Content-Security-Policy: default-src 'self'; script-src 'self' https://*.fontawesome.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.fontawesome.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://*.fontawesome.com https://fonts.gstatic.com
Excluded the HTTPAdditionalRespHeader header from logs to make more readable…