Hide passwords in logs - karate

The following code :
Background:
* url "https://www.google.fr"
Scenario: hide password
Given path "login"
And form field username = 'john'
And form field password = 'secret'
When method post
Then status 200
Gives the following output :
10:38:34.710 request:
1 > POST https://www.google.fr/login
1 > Accept-Encoding: gzip,deflate
1 > Connection: Keep-Alive
1 > Content-Length: 29
1 > Content-Type: application/x-www-form-urlencoded; charset=UTF-8
1 > Host: www.google.fr
1 > User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_191)
username=john&password=secret
Is there a way to hide the password here, while keeping the logs at the DEBUG level? If that means also hiding the username, that's not a problem.

This may need to be a feature request if * configure report = { showLog: false } does not do it already.

Related

Upgrade Karate from 1.1.0 to 1.2.0 Causing Issues Getting Okta Token

After upgrading Karate from 1.1.0 to 1.2.0 I have a error:
'io.netty.handler.codec.http.cookie.CookieHeaderNames$SameSite io.netty.handler.codec.http.cookie.DefaultCookie.sameSite()
Feature: Get Bearer Token from Okta
Scenario: Get access token for OAuth2 client credentials
Given url karate.properties['okta.server.url']
* form field grant_type = 'client_credentials'
* form field scope = scope
* header Authorization = call read('classpath:com/moo/g/karate/basic-auth.js') { username : '#(clientId)', password : '#(secret)' }
When method post
Then status 200
* def authToken = response.access_token
Debug console:
Gets 200 return then errors:
14:41:02.617 [main] DEBUG com.intuit.karate - response time in milliseconds: 758
1 < 200
1 < Date: Tue, 23 Aug 2022 19:41:02 GMT
1 < Server: nginx
1 < Content-Type: application/json
1 < x-okta-request-id: YwUtTpqpDjtZ6CYqc2sA8gAABvQ
1 < x-xss-protection: 0
1 < p3p: CP="HONK"
1 < content-security-policy: frame-ancestors 'self'
1 < x-rate-limit-limit: 2000
1 < x-rate-limit-remaining: 1994
1 < x-rate-limit-reset: 1661283689
1 < cache-control: no-cache, no-store
1 < pragma: no-cache
1 < expires: 0
1 < expect-ct: report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0
1 < x-content-type-options: nosniff
1 < Strict-Transport-Security: max-age=315360000; includeSubDomains
1 < X-Robots-Tag: noindex,nofollow
1 < Keep-Alive: timeout=5, max=100
1 < Connection: Keep-Alive
1 < Transfer-Encoding: chunked
1 < Set-Cookie: JSESSIONID=26F3D925C7E7E003B5430ED9AFCEFCAA; Domain=login-preview.moo.com; Secure
{"token_type":"Bearer","expires_in":3600,"access_token":"eyJraWQiOiJjTl95TE9VWHYtdzA3REQ5OXZIQXNkWDlocnZQWG0wUmJQQnpLNElJbzB3IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULjN5RG5WNnB5X0hTVWR1T2tiY01WZFNaNzNyRDJIWm1RalJKMUdQWWJHTVkiLCJpc3MiOiJodHRwczovL2xvZ2luLXByZXZpZXcubXV0dWFsb2ZvbWFoYS5jb20vb2F1dGgyL2F1c3B4M3c1aXdHZ0huTG9QMWQ2IiwiYXVkIjoiYXBpOi8vZGVmYXVsdCIsImlhdCI6MTY2MTI4MzY2MiwiZXhwIjoxNjYxMjg3MjYyLCJjaWQiOiIwb2EydHlmd3RlaWVRejBMQTFkNyIsInNjcCI6WyJkZWxldGUtZG9jdW1lbnQiLCJzcGVjaWFsLXJpc2stZG9jcyIsImFkZC1kb2N1bWVudCIsImdldC1kb2N1bWVudCIsInJwZC1kb2NzIiwiZ2V0LW1ldGFkYXRhIl0sInN1YiI6IjBvYTJ0eWZ3dGVpZVF6MExBMWQ3In0.JMMatbIe5N5wV0R2SKV8X_ifv_naRw16fbBEN0-WSvptim1xGcrtp7zNOurPJLLIGQlIJvRvpznBAinJqqSIOfAwe718BTfF4Ec98LlzYYXsn9HubJKedSAuM9KM51vjohkljYD9duZF2s4rtd3BZPkKE4WIZurtNb-1-F0a5LyjWdasBH7IIwK5oflDMb-Dxv7HIZck5FQkikWqQZwLTuKHOuKys1gUm3IDgQj6FSnJ6P-HfrOp1ahD4cb2RQJqKS4jQeY8Dv_Ne3sONiBbt8dqWnZGSCpwAOANwOaVUGzalOrk5At65I5ENQKL3PH4h3PdOOl21utME2LugUG8BA","scope":"delete-document special-risk-docs add-document get-document rpd-docs get-metadata"}
14:41:02.619 [main] ERROR com.intuit.karate - classpath:com/moo/g/karate/get-authorization-okta-token.feature:8
When method post
'io.netty.handler.codec.http.cookie.CookieHeaderNames$SameSite io.netty.handler.codec.http.cookie.DefaultCookie.sameSite()'
Not sure what next approach is, besides going back to 1.1.0.
Thanks in advance.
Sincerely
Todd
The best thing to do is follow this process: https://github.com/karatelabs/karate/wiki/How-to-Submit-an-Issue
Note that there were many RC versions released to get this kind of feedback earlier.
I am on version 1.3 and issue has cleared.

Unable to specify round brackets for Odata URL in Karate

I'm trying to create the path for the Odata URL in Karate.
The path looks like: '/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results'
It seems like Karate can't read special characters like round brackets () and ' '. And it cuts the url after opu/odata/srt/ZQ_SRV/ZQ_BI_Q001 right before the round brackets starts. And the rest of the url (OPT_1='0013076036',OPT_To='0013076036')/Results looks like a text.
I've tried to use %28 for ( and 29% for ) and %27 for ' but it didn't help.
P.S.When running the same url in Postman the call went successfully
Running the test url:
Background:
* url "https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
Scenario: test check
* method get
Try building the url fully by hand and don't use param or path:
* url "http://myhost/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
If that still doesn't work, it is likely your server does not handle encoded URL-s correctly which could be a bug: https://stackoverflow.com/a/54477346/143475
EDIT: just try these 2 lines to prove there is nothing wrong with Karate / or see this simpler example: https://stackoverflow.com/a/67068873/143475
* url "https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
* method get
This is the result:
Running com.intuit.karate.junit4.dev.TestRunner
23:11:06.404 [main] DEBUG com.intuit.karate - request:
1 > GET https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results
1 > Accept-Encoding: gzip,deflate
1 > Connection: Keep-Alive
1 > Host: httpbin.org
1 > User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_231)
23:11:08.154 [main] DEBUG com.intuit.karate - response time in milliseconds: 1745.46
1 < 200
1 < Access-Control-Allow-Credentials: true
1 < Access-Control-Allow-Origin: *
1 < Connection: keep-alive
1 < Content-Type: application/json
1 < Date: Wed, 22 Jan 2020 17:41:07 GMT
1 < Referrer-Policy: no-referrer-when-downgrade
1 < Server: nginx
1 < X-Content-Type-Options: nosniff
1 < X-Frame-Options: DENY
1 < X-XSS-Protection: 1; mode=block
{
"args": {},
"data": "",
"files": {},
"form": {},
"headers": {
"Accept-Encoding": "gzip,deflate",
"Host": "httpbin.org",
"User-Agent": "Apache-HttpClient/4.5.5 (Java/1.8.0_231)"
},
"json": null,
"method": "GET",
"origin": "49.206.14.183, 49.206.14.183",
"url": "https://httpbin.org/anything/opu/odata/srt/ZQ_SRV/ZQ_BI_Q001(OPT_1='0013076036',OPT_To='0013076036')/Results"
}
Resolved issue by putting * method get instead of When method GET
Then status 200

XML File upload in karate using Multipart field and getting 415 unsupported media type [duplicate]

This question already has an answer here:
Passing JSON request starting with the character [ gives the error: invalid request format with GET operation [duplicate]
(1 answer)
Closed 2 years ago.
I am trying to upload XML file using multipart field along with the specified content Type as application/x-www-form-urlencoded but boundary getting appended in the request automatically and i am getting 415 unsupported media type in response:
Request:
1 > Accept: application/json
1 > Accept-Encoding: gzip,deflate
1 > Authorization: Bearer Pr3wkHwNDDfPh4Ik4IPLhGDcK1zt
1 > Connection: Keep-Alive
1 > Content-Length: 6739
1 > Content-Type: application/x-www-form-urlencoded; boundary=eeErrSgIwFHJn3_hjEi_-Q8_DHkKIo
1 > Host: api-sandbox.apiboitest.com
1 > User-Agent: Apache-HttpClient/4.5.9 (Java/1.8.0_144)
1 > client_id: jYXMYDGq0uTZee5peZpzwR
1 > client_secret:
1 > request_method: POST
1 > x-fapi-financial-id: 1234
1 > x-idempotency-key: qwe3456
1 > x-jws-signature: qqqqq
--eeErrSgIwFHJn3_hjEi_-Q8_DHkKIo
Content-Disposition: form-data; name="myFile"
Content-Type: application/xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
``````````````````````````````````````````````
and Code:
``````````````````````
And multipart field myFile = read('classpath:path')
And multipart field message = 'File'
When method request_method
Then status 200
``````````````````````
while in postman it works fine.
This is my best guess. This is a url-encoded form NOT a file-upload. The rest is up to you:
* url 'http://api-sandbox.boicloudtest.net/1/api/open-banking/v3.0/pisp/file-payment-consents/4a90e5cb-8450-4743-8cc9-d655d0d615d2/file'
* header x-fapi-financial-id = '0015800000jfQ9aAAE'
* header x-jws-signature = 'ey'
* header x-idempotency-key = 'ghty66'
* form field FileParam = read('FilePayments.xml')
* method post

Content-Type = 'application/x-www-form-urlencoded' in request is changed to Content-Type: application/json; in Karate version 0.9.2

When i send the Content-Type = 'application/x-www-form-urlencoded' as header it is changed to Content-Type: application/json; in Karate version 0.9.2 .
In Karate version 0.7.0 it is sent as Content-Type = 'application/x-www-form-urlencoded' only .
Given url "https://foo.bar.buzz"
And header Content-Type = 'application/x-www-form-urlencoded'
And form field username = "check"
And form field password = "Password"
And request {}
And header Content-Type = 'application/json'
When method POST
Then status 200
In the 3rd last line you have the header set ?
And you should never use a request body for a form submit.
Try the below, it works fine:
Given url 'https://postman-echo.com/post'
And form field foo = 'bar'
When method post
Result:
1 > POST https://postman-echo.com/post
1 > Accept-Encoding: gzip,deflate
1 > Connection: Keep-Alive
1 > Content-Length: 7
1 > Content-Type: application/x-www-form-urlencoded; charset=UTF-8
1 > Host: postman-echo.com
1 > User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_112)
foo=bar

Properly calling an authorization Karate feature with arguments

I have an authentication feature working, but would like to make it reusable. I'm not able to get working through the methods I've tried so far.
The standalone method that works is:
# Created at 10/4/18
Feature: #Authentication Management
Background:
* url gatewayUrl
* def myid = 'myid'
* def mysecret = 'mysecret'
Scenario: # Generate authentication token for x user
Given path 'mypath'
And header Content-Type = 'application/x-www-form-urlencoded'
And request 'grant_type=api_key&myid=' + myid + '&mysecret=' + mysecret
When method post
Then status 200
* print response.Token
Here is the working POST request for this one:
1 > POST <authURL>
1 > Accept-Encoding: gzip,deflate
1 > Connection: Keep-Alive
1 > Content-Length: 108
1 > Content-Type: application/x-www-form-urlencoded; charset=UTF-8
1 > Host: <authURL>
1 > User-Agent: Apache-HttpClient/4.5.5 (Java/10.0.2)
grant_type=api_key&myid=myId&mysecret=mySecret
I'd like to replace myid and mysecret with the args from the feature that performs the call. Using '#(myid)' and '(#mysecret)' doesn't seem to work anywhere but when defining param(s). Is there a way to do this replacement, or another equivalent way of building up the request data to send?
Thanks
Of course it is worth reading through the docs carefully: https://github.com/intuit/karate#calling-other-feature-files
Try this:
Feature: #Authentication Management
Scenario: # Generate authentication token for x user
Given url gatewayUrl
And path 'mypath'
And header Content-Type = 'application/x-www-form-urlencoded'
And request 'grant_type=api_key&myid=' + myid + '&mysecret=' + mysecret
When method post
Then status 200
And then call as follows:
Feature: main
Background:
* def result = call read('auth.feature') { myid: 'actualid', mysecret: 'actualsecret' }
* def token = result.response.Token
# remaining test uses token