Using Variables in Basic Authentication in an API Katalon-Studio - variables

I have been trying to use variables for the Username and Password in the katalon-studio API, basic authentication using the following syntax:
Syntax:
GlobalVariable syntax:
However none of them are working.
please advise.

This answer might came a little bit too late, but maybe someone will find this in the future...
What the authorization tab does (and what basic authorizaton means - as mentioned in it's documentation ) is encoding the string of "${username}:${password}" by Base64.
What I did was mimic the "Update to header" button of the Authorization tab by first encoding the said string:
String basicAuthToken = "${username}:${password}".bytes.encodeBase64().toString()
Assuming authToken is a variable of the request with the type of String
Then just skip the Authorization tab and put this value straight into the header:
Name: Authorization Value: Basic ${authToken}
And now just pass the basicAuthToken as a parameter to the Webservice Request the same way you would any other variable:
WS.sendRequest(findTestObject('id_of_your_WSR_object', [('authToken'):basicAuthToken, ...any other variables]))

Related

Base64 Authentication Username and password

I have been able to write a python script to get Base 64 auth for my username and password (Admin:password) equal to --> Basic QWRtaW46cGFzc3dvcmQ=
When I add that to my header manager as:
Authorization Basic QWRtaW46cGFzc3dvcmQ=
all my HTTP Requests succeed.
in Jmeter I have googled and I find to add below in Bean PreProcessor:
import org.apache.commons.codec.binary.Base64;
String username = vars.get("Username");
String password = vars.get("Password");
String combineduserpass = username + ":" + password;
byte[] encodedUsernamePassword =
Base64.encodeBase64(combineduserpass.getBytes());
vars.put("base64HeaderValue",new String(encodedUsernamePassword));
System.out.println(encodedUsernamePassword);
but that system output gives me --> [B#558e816b which is incorrect
when I add that to my Header manager like this
Authorization Basic ${base64HeaderValue}
my HTTP Req obviously fails. The Base64 for "Admin:password should really be Basic QWRtaW46cGFzc3dvcmQ= and not [B#558e816b
You are trying to print byte array. You can print the new variable as:
System.out.println(vars.get("base64HeaderValue"));
Also your Header Manager should be under your HTTP Request so it be execute aftet script and before your request
Instead of scrpting you can use JMeter plugin of custom functions and use inside Header manager the __base64Encode function similar to:
${__base64Encode(test string, base64HeaderValue)}
To do Basic Auth, just add HTTP Authorization Manager to your plan as per this answer:
JMeter Basic Authentication
It would be configured like this if your server URL is http://localhost:8080/test:
There is no need for scripting here.
I would recommend switching to JSR223 PreProcessor and Groovy language as:
Groovy supports all modern Java language features including (but not limited to)
encoding byte arrays into Base64
decoding Base64 strings
Groovy performance is way better comparing to Beanshell
Groovy equivalent of your code would be:
vars.put('base64HeaderValue',(vars.get('Username') + ':' + vars.get('Password')).bytes.encodeBase64().toString())

Unable to test login using jmeter

I am newbie to jmeter. I am trying to test to login to my site say (example.com/session/new).
I have added the http cookie manager and 2 http request defaults.
In the first, am visiting example.com/session/new and extracting the authenticity token in the response data using regex meta content="(.+?)"name="csrf-token" . Now, in the second http request, I have a post request with the parameters as
name:utf value:(tickmark)
name :authenticity_token value: ${token}
name:email value:test#test.com
name:password value:test.
name:commit value:Sign In
And then am asserting for a text post login.
When I run the test, the assertion fails. as it results in 404.
In the request, I can see utf8=%E2%9C%93+&authenticity_token=%24%7Btoken%7D&email=test%40test.com&password=test&commit=Sign+In. Please help me fix this.
I know this is an old post, but I've been struggling with this exact same query, so I've decided to post my answer in case it helps anyone - it worked first time for me. So after requesting the login page for my site, the following csrf token is embedded in the html response;
<input type="hidden" name="csrfToken" value="fe5a48ebda7b98cbbf885b4a220ebe0c23b11125-1459096615520-1ac64aa945986cb1bd318d9c"/>
So when making the initial request for the login page, instead of using a Regular Expression Extractor, if the token is in the body of the HTML response, use an XPath Extractor instead.
If your response is not XML/XHTML compliant then tick the 'use tidy' checkbox.
For reference name add the reference you wish to refer to the token as e.g. token. When you add your parameters to the login request, you can then refer to your csrfToken as ${token}
Then for X-Path query use;
//input[#name="csrfToken"]/#value
The following tutorial shows you how to use a Regular Expression Extractor, but it should also help you to understand how to set up the query a bit more;
https://www.youtube.com/watch?v=SVxB3Tk4O4A&feature=iv&src_vid=hGkrSFKcj10&annotation_id=annotation_85358
Looks like you did every thing good , except correlation . After decoding your error url , I found that you correlation is not working . Below is the decoding URL "utf8=✓ &authenticity_token=${token}&email=test#test.com&password=test&commit=Sign In."
In your "Regular expression extractor" add below details
1. Reference Name:token
2. Regular Expression : name="csrfToken" value="(.+?)"
3. Template : $1$
4. Match No: 1
Note: Check the occurrences of "csrfToken", if you required first occurrence then enter 1 , if you required 2nd occurrence enter 2 ....etc.

Can't get Token based authentication working with NancyFX

I am trying Token based authentication with NancyFX. Token is getting generated perfectly but when I am passing header in Get Request, I can't get pass this.RequiresAuthentication() and getting unauthorized error.
Here is my token format
Token:{ token: "ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=" }
Am I passing wrong way?
I have also tried
Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}
and also
"Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}"
But nothing work.
Please let me know if any more details are required.
The value of the authorization header must simply read "Token ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY" (no quotes).
The brackets in the documentation threw me off as well.

OAuth2_GrantType_UserCredentials with Restler

Does anybody have a sample with OAuth2_GrantType_UserCredentials and Restler ?
I've tried myself but it's very difficult to understand
Thanks
In your storage class, in my case PDO, you need to look at the following functions. Make sure you have your validations in the first one.
public function checkUserCredentials($email, $password) {}
public function getUserDetails($username) {}
Then
POST https://{your_server}/token
With the following payload (obviously changed to suit your environment):
email=me#myemail.com&
password=mypassword&
grant_type=password
client_id=myclient_id
The important one here is the grant_type, it actually is 'password' for what you are attempting.
Not sure exactly what you're asking. If you have OAuth 2 set up already on your server, you just need to change the grant_type to 'client_credentials' and pass the client_id and client_secret in exchange for the token. For example, on my index.php page, I was able to get a token by passing:
index.php/grant?grant_type=client_credentials&client_id=demoapp&client_secret=demopass
Hope this helps.

Authenticate in Xero from Salesforce

I'm new to Oauth and I stack on getting oauth_access_token to work with Xero. Web Service authentication doesn't work for me.
Xero returns the following error message "oauth_problem=signature_invalid&oauth_problem_advice=Failed to validate signature".
The generated signature is incorrect, but what is right way to generate it?
Here is APEX code which generates Endpoint. What is wrong?
Http h = new Http();
String consumer_key='XXX';
Long tmp=(System.now().getTime()/1000);
Blob isItCorrect = Crypto.generateMac('HMacSHA1', Blob.valueOf('https://api.xero.com/api.xro/2.0'), Blob.valueOf(consumer_key));
String signature= EncodingUtil.urlEncode(EncodingUtil.base64Encode(isItCorrect), 'UTF-8');
// Try to get access token
HttpRequest req = new HttpRequest();
req.setEndpoint('https://api.xero.com/oauth/RequestToken?oauth_consumer_key='+consumer_key+
'&oauth_signature_method=RSA-SHA1'+
'&oauth_signature='+signature+
'&oauth_timestamp='+tmp+ '&oauth_nonce='+tmp+'&oauth_version=1.0&scope=https%3A%2F%2Fapi.xero.com%2Fapi.xro%2F2.0');
req.setMethod('GET');
// Send the request, and return a response
HttpResponse res = h.send(req);
System.debug('~~~ '+res.getBody());
It generates following Endpoint:
Endpoint=https://api.xero.com/oauth/RequestToken?oauth_consumer_key=ICSP7Y5K2TG7RIIC6Y7R7KLC1AHWYC&oauth_signature_method=RSA-SHA1&oauth_signature=gWP02y2EIatw4xilTvd5Iq3e0%2Fw%3D&oauth_timestamp=1372123781&oauth_nonce=1372123781&oauth_version=1.0&scope=https%3A%2F%2Fapi.xero.com%2Fapi.xro%2F2.0
Just as an aside: I've never worked with salesforce so I'm not sure if there's a better
way to leverage existing oauth work on the platform, it's very rare
now to have to write all the oauth signature stuff yourself and it's
easy to make a mistake but here goes]
I think your signature base string is incorrect.
As far as I can tell you're just performing HMAC-SHA1 over https://api.xero.com/api.xro/2.0
if you read the OAuth Spec here: http://oauth.net/core/1.0/#anchor14 you need to construct the following base string (based on the request above)
GET&https%3A%2F%2Fapi.xero.com%2Foauth%2Frequesttoken&oauth_consumer_key%3DCONSUMER_KEY%26oauth_nonce (etc etc, just append all your query parameters apart from oauth_consumer as url encoded key=value pairs, in alphabetical order)
and then you need to create the hash with the key CONSUMER_KEY&CONSUMER_SECRET (both CONSUMER_KEY and CONSUMER_SECRET should be parameter encoded as per the OAuth Spec)
That should give you a valid signature..
Edit: I found this library which might be of help: https://code.google.com/p/sfdc-oauth-playground/