How to test user registration api with paw? - express

What do I set in Paw to allow for a login? I have tried to use the allow cookies with to no avail.
I am working through this tutorial on Github to learn the MEAN stack. Sign up seems to be working but sign in is not.
Sign up request is:
GET /auth/success HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: connect.sid=s%3A6q22s9GpNRDITB3wKBoxS1emnKCcIR3B.pI3dzqqtSBSBVgkzl7Uib4aqNAf%2Bh5iszoWDMzWPpR8
Host: localhost:3000
Connection: close
User-Agent: Paw/2.2.2 (Macintosh; OS X/10.10.3) GCDHTTPRequest
and the result is:
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 121
ETag: W/"79-56130229"
Date: Thu, 18 Jun 2015 19:52:43 GMT
Connection: close
{"state":"success","user":{"username":"admin","password":"$2a$10$AD5NBc6c6iZ09/eXuYd9oOfTEZ6MnRNYWneLy.SNPFAWf/HX1V0.6"}}
The user is created. But the login request fails every time; the request is:
GET /auth/failure HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: connect.sid=s%3A6q22s9GpNRDITB3wKBoxS1emnKCcIR3B.pI3dzqqtSBSBVgkzl7Uib4aqNAf%2Bh5iszoWDMzWPpR8
Host: localhost:3000
Connection: close
User-Agent: Paw/2.2.2 (Macintosh; OS X/10.10.3) GCDHTTPRequest
the response is:
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 72
ETag: W/"48-ed4f121"
Date: Thu, 18 Jun 2015 19:53:03 GMT
Connection: close
{"state":"failure","user":null,"message":"Invalid username or password"}
What it comes down to is: Is there something in paw that needs to be enabled to allow sign in testing or is my code more likely to be the problem? My code is almost verbatim from the module three part of that Github repo linked above. Any and all help would be appreciated.
Note: I did not post code on purpose as to not clutter the question. If you need to see something I can add it just let me know.

While I was not sure of my exact error I had with more trouble shooting i saw that you need to make sure that you have follow redirects on and cookies being saved.

Related

Jmeter not showing up proper response instead giving details of server and connection details

I am using Jmeter 5.4.1 version, my API is of oauth1.0 type. When I ran my api through postman , it gave my proper json response for example an proper id, but the same api when ran through jmeter gives 200 response code but giving details of server and connection in response body and not the reponse that is expected(a proper id).
Below is the response :
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 12 May 2021 12:33:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=eqvp0l22u2jo30moqn194meugp; expires=Wed, 12-May-2021 13:33:10 GMT; Max-Age=3600; path=/; domain=dev.moorup.no; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
enter image description here
You're looking at Response Headers tab of the View Results Tree listener therefore you're seeing the HTTP Response Headers
Just switch to Response Body tab and you will be able to see "raw" HTML Response and several options of rendering it:
Also be aware that it is possible to convert your Postman scripts to JMeter, for OAuth you will still have to do some correlation, but for the main logic record and replay should work more or less fine

Creating a user using the SonarQube API returns a 401

I'm trying to create a user using the SaonarQube API (version 6.2 or up).
I have setup a SoapUI project that contains a few test scripts. One of them is login in and creating a user. this one returns a 401 whe the user creation call is done.
The login is used for other calls as well and proves to work. Except for the create user call. The account used to login to SoarQube is member of the System Administror groups.
Below is the raw request.
POST http://localhost:9000/api/users/create HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
Host: localhost:9000
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Cookie: JWT-SESSION=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJBV0ExaGFtX2hnNWdHUWtNNVRHSiIsInN1YiI6ImFkbWluIiwiaWF0IjoxNTEyNzI2NDQwLCJleHAiOjE1MTI5ODU2NDAsImxhc3RSZWZyZXNoVGltZSI6MTUxMjcyNjQ0MDM4MywieHNyZlRva2VuIjoicHRwcXRlYmtzYTR2MTlhaTk3anV0bnVlZW8ifQ.waHqOsMJ9P6FyIOUWuVODl5QcW-IJp10G6oUAvy1DWk; XSRF-TOKEN=ptpqtebksa4v19ai97jutnueeo
Cookie2: $Version=1
login=user01&name=name01&password=%21P%40ssw0rd
Below is the raw resoonse
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 0
Date: Fri, 08 Dec 2017 09:47:20 GMT
Any suggestions are welcome.
BTW: I can create the user using the same values using the UI so there is no issue with he user information, at least it seams so.
Update 1:
Added raw request with querystring parameters
POST http://localhost:9000/api/users/create?login=user01&name=name01&password=%21P%40ssw0rd HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Host: localhost:9000
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Cookie: JWT-SESSION=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJBV0JHZkVGY0h3bW5UZ0V5QklJNyIsInN1YiI6ImFkbWluIiwiaWF0IjoxNTEzMDExMDM2LCJleHAiOjE1MTMyNzAyMzYsImxhc3RSZWZyZXNoVGltZSI6MTUxMzAxMTAzNjQyNCwieHNyZlRva2VuIjoibmIzdmlpcjAyZmZ1ODJnMzNtdW1hYWdkN3QifQ.ur8eZkW1CwNinx4tInFsbkGLQTHQ6yFjheRfup8Z4fQ; XSRF-TOKEN=nb3viir02ffu82g33mumaagd7t
Cookie2: $Version=1
It's not possible to use the generated cookie by a web request in a console request (it could be considered as an attack).
You need either to :
Specify a user token (recommended way)
Specify a login/password

How to test with api-designer (RAML editor)?

Just like postman does, does api-designer support that?
I try to POST my request to my service (127.0.0.1:8180) and if I click 'API is behind a firewall', it POST http://127.0.0.1:8180/v1/deviceļ¼Œand the response is:
Status
0
Headers
If uncheck 'API is behind a firewall', it POST /proxy/http://127.0.0.1:8180/v1/device, and the response is
Status
404
Headers
connection:
keep-alive
content-length:
51
content-type:
text/html; charset=utf-8
date:
Fri, 09 Sep 2016 14:24:06 GMT
x-content-type-options:
nosniff
x-powered-by:
Express
Body
Cannot POST /proxy/http://127.0.0.1:8180/v1/device
1
Cannot POST /proxy/http://127.0.0.1:8180/v1/device
CozyAzure.
Unfortenly, api-designer has several problems with the proxy. I didn't spend much time for the issue and started to use postman collections for this. You can Importing RAML folders as Collections and make a request with postman.

Issue with building an API on top of Devise

I'm building a JSON API on top of devise in order to be able to communicate from mobile devices.
So far so good, I am able to create a user account, to get an auth_token. But when I am trying to perform a PUT request, I get some problems , for example the update action for the user. The behavior is really stange, and I can't figure out what is wrong.
curl -i -H "Accept: application/json" 'http://localhost:3000/users' -X PUT -d 'auth_token=A830ALUv7ztTdSfl3qxFgi13BJpEf6VzNYe4yk8rEhVxbYYlOc0YMtTGMxkz&user[name]=plop'
Returns
HTTP/1.1 401 Unauthorized
Connection: close
Date: Wed, 02 Mar 2011 06:41:29 GMT
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache
X-UA-Compatible: IE=Edge
X-Runtime: 0.157513
Transfer-Encoding: chunked
{"error":"You need to sign in or sign up before continuing."}
On the logs on the server i get this .... Really strange.
Started PUT "/users" for 127.0.0.1 at 2011-03-01 22:41:29 -0800
Processing by Users::RegistrationsController#update as JSON
Parameters: {"auth_token"=>"A830ALUv7ztTdSfl3qxFgi13BJpEf6VzNYe4yk8rEhVxbYYlOc0YMtTGMxkz", "user"=>{"name"=>"plop"}}
Completed in 1ms
Whereas if I modify just the name of the post value from user to users form example, the request works
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Mar 2011 06:43:30 GMT
Content-Type: application/json; charset=utf-8
ETag: "5e1311709931861e469ce2c8a3b2d0e6"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge
Set-Cookie: _u_session=BAh7CEkiGXdhcmRlbi51c2VyLnVzZXIua2V5BjoGRVRbCEkiCVVzZXIGOwBGWwZvOhNCU09OOjpPYmplY3RJZAY6CkBkYXRhWxFpUGGaQG%2FaX1pAfhpAaRpAexpAGkAaQ1JIiIkMmEkMTAkMDVBeDczV29UdVFEZHQxZ1JjN0NXdQY7AFRJjW9uRGlzcGF0Y2g6OkZsYXNoOjpGbGFzaEhhc2h7BjoLbm90aWNlSSIrWW91IHVwZGF0ZWQgeW91ciBhY2NvdW50IHN1Y2Nlc3NmdWxseS4GOwBUBjoKQHVzZWRvOghTZXQGOgpAaGFzaHsASSIPc2Vzc2lvbl9pZAY7AEYiJTcyNmIyZjJiODZhOTBiNjUwZDlhZmIwMzA5MTRkMTlm--0e15953fd7edecb0e08255349c4e55f1eddc8d81; path=/; HttpOnly
X-Runtime: 0.162436
Transfer-Encoding: chunked
{"redirect":"/","status":"ok"}
I precise that, even without my code(For the API) I can't perform this request !!!!
Thanks for your help !
I don't believe that Devise handles JSON calls, there is an open issue on github that is scheduled for the 1.3 release to address this problem.

Cliqset.com Error 403 while trying to update any data through API

I used both Fiddler and my test C# application to update my profile information in Cliqset.com through their API but I always get 403 error. It works well when I just want to get my profile info, not to update. I use all necessary HTTP headers, like CliqsetConsumerKey and Authorization.
Thank you.
When I try to get my status, I use this:
GET https://api.cliqset.com/user/cosmorocket/status HTTP/1.1
Authorization: Basic Y**********rZXQ6ZnVsY3J1bTA=
CliqsetConsumerKey: 11**********3c2ccd26c4ca946e3d8e
Host: api.cliqset.com
And it returns this:
HTTP/1.1 200 OK
Date: Fri, 10 Jul 2009 05:17:37 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
Content-Type: application/xml
Content-Length: 153
Set-Cookie: csp=appInst2; path=/
Connection: close
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><StatusEntry><Updated>2009-06-09T18:09:29.315Z</Updated><Status>cliqsetting all day long</Status></StatusEntry>
But if I use the same credentials for updating with this request:
PUT https://api.cliqset.com/200905/user/cosmorocket/status HTTP/1.1
I get this:
HTTP/1.1 403 Forbidden
Date: Fri, 10 Jul 2009 05:25:04 GMT
Vary: Accept-Encoding
Content-Length: 9
Connection: close
Content-Type: text/html; charset=iso-8859-1
Error 403
I contacted tech support and solved the problem. Each time a new user uses my registered application it's necessary to make an authenticated GET
request to 'https://api.cliqset.com/200905/user/useridentifier'. Notice that you don't change 'useridentifier' to any other login name, just leave it as it is. This
will setup the appropriate permissions to update data.
I did this request and now it works well.