I want to parameterise the login feature file so that is can be used for multiple user credentials. Can anyone please help me here? Below is the code that I am using:
Given url baseUrl
And form field username = 'admin'
And form field password = 'admin'
When method GET
Then status 200
I want to parameterise the value for username and password so that it can be passed from another feature file and can be reused again.
Related
I am attempting to use TRESTClient/REST Debugger to get the User ID and token from a Joomla website.
The url is as follows:
For the Login API Call Please provide the Username and password in the API request body - https://thesite.com/index.php?app=users&resource=login&option=com_api&format=raw
The request must contain 2 values:
key-> username, value-> exampleUser
key-> password, value-> xyz
I am failing to get the correct response. I am able to get results from other resources from the same website, but this I am only getting an empty body.
You need to change the parameter type of the username and password parameter to BODY instead of GET/POST. This will place them into the request body instead of the URL.
Here we need to run the same feature file with different login and provide login user name from tags.
Run the feature file with user1 and user2
#user1 #user2
Feature: Feature-1
Background :
Given I am login with user
Scenario:
Scenario:
Run the feature file with user1
#user1
Feature: Feature-2
Background :
Given I am login with user
Scenario:
Scenario:
Use Scenario Outline concept of gherkin language where you can pass user name and password as a Example. For ex:
-- Feature file
Scenario Outline: Verify Login Functionality
Given There is a user "<username>" and <password>"
When I login to the application
Examples:
|username|password|
|user1|pass1|
|user2|pass2|
-- Spec file
Given(/^There is a user (.*) and (.*)$/, async function(username, password) {
driver.findElement(Locator to identify the username element).sendKeys(username);
driver.findElement(Locator to identify the password element).sendKeys(password);
});
Here, same test scenario written above will be repeated for two different users.
Take these two regular expressions as a parameter in spec file and send it to username and password text fields using selenium
I have my Ldap working the only issue i'm facing was when I try to login with email that is when I land in the else part in the below code. If my username is different from email then it throws error. i.e if my email is 'skumar#gmail.com' and my username is 'saurakumar' then it will through invalid username password error.
As internally I'm using username to make email i.e if the user login with name 'karan' then i'm expecting the email to be karan #gmail.com which is not true in many scenario and the Authentication fails. I'm looking for some solution wherein I can login either via email or via username I'll be able to authenticate user. Below is the snippet of my code. Please suggest?
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
ldapEnv.put(Context.PROVIDER_URL, url);
ldapEnv.remove(Context.SECURITY_PROTOCOL);
if (email == null) {
lContext = new InitialLdapContext(ldapEnv, null);
entryResult = searchUserEntry(lContext, user, searchCtrls);
final String usrDN = ((Context) entryResult.getObject()).getNameInNamespace();
lContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
lContext.addToEnvironment(Context.SECURITY_PRINCIPAL, usrDN);
lContext.addToEnvironment(Context.SECURITY_CREDENTIALS, pass);
lContext.reconnect(null);
} else {
ldapEnv.put(Context.SECURITY_PRINCIPAL, email);
ldapEnv.put(Context.SECURITY_CREDENTIALS, credentials);
lContext = new InitialLdapContext(ldapEnv, null);
return lContext;
searchUserEntry(lContext, user, searchCtrls);
}
Normally this is a 3-step process:
Bind to LDAP as an administrative user. Note that this should not be the master user defined in the configuration file: that's for OpenLDAP's use itself. Instead it should be a user mentioned in the DIT that has the appropriate search access for the next step.
Search for the user via some unique attribute, e.g. in your case email.
Using the found DN of the user and the password he specified, attempt to bind as that user (with the reconnect() method, after changing the environment of the context appropriately).
If all that succeeds, you have a login success. If (2) or (3) fail, you have a failure, and note that you should not tell the user which it was: otherwise you are leaking information to attackers. You should not mention whether it was the username (email) or the password that was wrong.
I am trying to find a solution which will allow me to change a user's password from our Central User Administration (CUA) system where the user's access and password is on the child system.
I tried to use BAPI_USER_CHANGE with destination call but it doest suit in my case.
(we locked change password function in child systems). This is my code with destination call
CALL FUNCTION 'BAPI_USER_CHANGE'
DESTINATION 'CLNT_500'
EXPORTING
username = p_bname
password = wa_password
passwordx = wa_passwordx
TABLES
return = it_return.
Any suggestions welcome.
We tried to do something similar a while ago, and we ended up doing it in two steps:
BAPI_USER_CHANGE sets an initial password for the user
SUSR_USER_CHANGE_PASSWORD_RFC sets a productive password. It needs the old password as a parameter, that's why we needed to call BAPI_USER_CHANGE first.
What is the best way to reset password only with token?
Now it mades with token and email, I want to get an email by checking tocket in reminders table.
Thanks!
Update
Resolved this by:
$email = DB::table(Config::get('auth.reminder.table'))->where('token', $token)->pluck('email');
Here's how I do password resets.
User clicks Forgot Password link and is taken to a form with one field for email.
They enter their registered email address and I check the email exists in the DB. If it does, I store a random reset code for that user using Str::random(60). I then save the user and email them a link with a reset code (eg. http://domain.com/reset/CODE).
User clicks the link and is taken to the URL above which checks the CODE. If the CODE exists in the DB, the password for the matching user is reset to something random using Str::random(10) and this new password is mailed to the user.
Not sure if this is right/wrong, but it works for me.