We Keep Coding

SoapUI testing: remove quotation marks from session ID

So, I am new to SoapUI, and working with API's in general, but I am trying to set up an automated test for a REST API in SoapUI (the freeware version).
The first call I make returns a session ID in JSON, which is placed between quotation markslike: "session ID goes here". This key is needed, without quotation marks, in the next API call. I use SOAPUI's "Property Transfer Teststep", and this is working well, apart from the quotationmarks which are still around the session ID, resulting in an error responce by the subsequent call.
Any idea how I can remove the quotation marks? Ive been reading up/Googling on Xpath and JSONPath, which are some of the coding languages I can use in the screen, but I cant see how to use this to remove said quotation marks.
Your help would be greatly appreciated!!
Full RAW Response:
HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Tue, 02 May 2017 18:31:48 GMT Content-Length: 38 "48d45ba2-4549-41be-8b31-e85b3c738a03"

you say that the message is returned as "48d45ba2-4549-41be-8b31-e85b3c738a03". Although the message says it is json, that does not mean that SoapUI will interprete it as valid json. Valid JSON like in the question referred to in another answer, starts and ends with curly brackets. Also it should have a key and value pair. Like so:
{
"sessionId":"48d45ba2-4549-41be-8b31-e85b3c738a03"
}
In that case the transfer $.sessionId would yield 48d45ba2-4549-41be-8b31-e85b3c738a03(without quotation marks), and not "48d45ba2-4549-41be-8b31-e85b3c738a03" (with quotation marks).
In attachment there is a project with a mock. It has got one call. If you open the project, you have to launch the mock by clicking play, then you can execute the test case. - https://www.dropbox.com/s/rsgc9q1g45jze5z/StackOverflow_43745255_QuestionQuotationMarks.xml?dl=0. You can save this as XML, then you can open it with SoapUI.
You will see a property transfer step. It has one step that is passed. Then one where you transfer the value without any paramter. It will transfer the message in full. Including the quotation marks.
The sencond transfer is '$'. For a valid json, this would render the same result as for the property transfer without any parameter because '$' represents the root. At least that is how I understand it.
Included you will also find a script:
response = context.testCase.getTestStepAt(0).testRequest.response.getResponseContent()
assert response == '"48d45ba2-4549-41be-8b31-e85b3c738a03"'
stripResponse = response.replace("\"", "")
assert stripResponse == '48d45ba2-4549-41be-8b31-e85b3c738a03'
The stripResponse is the response where the quotation marks are stripped away. You could then proceed to assign this variable to a property of choice, or inject it directly in the headers of a next step.
Sometimes scripting is the way to go.

Onenote API (REST) - PATCH append - "must include a 'commands'" error when Commands is already supplied (?!)

Note: I'm pretty sure nothing's wrong with the PATCH query, I had it working before with 'Content-type':'application/json' and a constructed json file:
[
{
'target':'|TARGET_ID|',
'action':'append',
'content':'|HTML|'
}
]
For the purposes of this, the header supplied (authentication bearer is correct and will be omitted)
'Content-type':'multipart/form-data; Boundary=sectionboundary'
(note: Boundary=sectionboundary is in the same line)
Attempting to pass the following body as a PATCH to
https://www.onenote.com/api/v1.0/pages/|GUID|/content
returns a
"code":"20124","message":"A multi-part PATCH request must include a 'commands' part containing the PATCH action JSON structure." :
--sectionboundary
Content-Disposition: form-data; name="Commands"
Content-Type: application/json
[
{
'target':'|TARGET_ID|',
'action':'append',
'content':'|HTML|'
}
]
--sectionboundary
Content-Disposition: form-data; name="image-part-name"
Content-Type: image/png
|BINARY_IMAGE_DATA|
--sectionboundary--
As you can see, there's a Commands section already. Using smallcaps 'commands' doesn't help, and the correct syntax should be "Commands" as per the OneNote Dev Center documentation.
PS: |TARGET_ID| |HTML| |GUID| and |BINARY_DATA| are replaced with the correct content at runtime. Due to privacy constraints, the fact that you may use a different schema than I do, and how long |BINARY_IMAGE_DATA| actually is, I will not show the actual input unless required to solve the problem.
Would like to know if I missed anything - thanks in advance.
PPS: Yes, I realize i've omitted the img tag inside |HTML| somewhere. It shouldn't have anything to do with code 20124, and if I got it wrong should return another thing entirely.

Based on investigating the request information you shared, I can confirm that the PATCH request referenced as part of the correlation you provided does not match your posted header information.
The correlated PATCH request shows up as a multi-part request with only a single part that has Media Type "TEXT/HTML" and not "Application/JSON". Can you please check and confirm your request content ?
Let us continue to discuss this on email. If you still face issues calling the API, please write to me at machandw#microsoft.com
Regards,
Manoj

Fiddler add binary file data to POST

I'm try to add binary file data directly to the request body of a POST call so I can simulate a file upload. However, I tried setting a 'before request' breakpoint and using 'insert file' but I couldn't seem to get that to work. I also tried to modify CustomRules.js to inject the file but couldn't figure out how to load binary data via JScript. Is there an easy solution here?

I'm sure this is a new feature in the year since this question was answered, but thought I'd add it anyhow:
There's a blue "[Upload file]" link in Composer now on the right side under the URL textbox. This will create a full multipart/form-data request. If you use this, you'll notice in the body you now have something that looks like this:
<#INCLUDE C:\Some\Path\my-image.jpg#>
In my case, I just wanted to POST the binary file directly with no multipart junk, so I just put the <#INCLUDE ... #> magic in the request body, and that sends the binary file as the body.

In order to send multipart/form-data, this receipe will be helped.
In upper panel (Http header), set Content-Type as below. Other values are automatically resolved.
Content-Type: multipart/form-data; boundary=-------------------------acebdf13572468
And, input Response Body at the below panel as follows.
---------------------------acebdf13572468
Content-Disposition: form-data; name="description"
the_text_is_here
---------------------------acebdf13572468
Content-Disposition: form-data; name="file"; filename="123.jpg"
Content-Type: image/jpg
<#INCLUDE *C:\Users\Me\Pictures\95111c18-e969-440c-81bf-2579f29b3564.jpg*#>
---------------------------acebdf13572468--
The import rules are,
Content-Type should have two more - signs than boundary words in body.
The last of the body should be ended with two - signs.

In Fiddler script: (in Fiddler: Rules... Customize Rules), find the OnBeforeRequest function, and add a line similar to:
if (oSession.uriContains("yourdomain"))
{
oSession.LoadRequestBodyFromFile("c:\\temp\\binarycontent.dat");
}

since version 2.0, the Request Body has an "Upload File..." link that allows you to post/upload binary data.

Why am I not getting the soap header?

Why is this so hard in WCF 4.0
I add a custom header in my client
Authorization: 18732818 gfdsgShoyh3sfayql6jWCRc=
so that my header looks like the following
GET http://HOSTNAME/Public/Xml/SyncReply/TestClearUsername?Id=1 HTTP/1.1
Authorization: 18732818 gfdsgShoyh3sfayql6jWCRc=
Host: HOSTNAME
Connection: Keep-Alive
in my wired up service responder I can access the property Id and get the value 1. I would also like to access the value Authorization, but it always shows as null.
What am I doing wrong?

After much googling I finally found the answer to this so I will post it here so it might be of use to someone else. I am assuming this is an undocumented feature, since it is so well hidden, but someone else might know different.
I found this enumeration System.Web.HttpWorkerRequest.HeaderAuthorization (value=24)
and this method System.Web.HttpWorkerRequest.GetKnownRequestHeader(24)
Just to summarize the reason Authorization was hiding from me was that its a reserved header value. if you add a random word and want to retrieve you can use.
.GetUnknownRequestHeader("YOUR_WORD_HERE").
so in full you need
HttpRequestContext hrc = (HttpRequestContext)this.RequestContext;
RequestAttributes ra = (RequestAttributes)hrc.RequestAttributes;
System.Web.HttpWorkerRequest hwr = ra.HttpWorkerRequest;
string Auth = hwr.GetKnownRequestHeader(System.Web.HttpWorkerRequest.HeaderAuthorization);

can i use "http header" to check if a dynamic page has been changed

you can request the http header to check if a web page has been edited by looking at its date but how about dynamic pages such as - php, aspx- which grabs its data from a database?

Even though you might think it's outdated I've always found Simon Willison's article on Conditional GET to be more than useful. The example is in PHP but it is so simple that you can adapt it to other languages. Here it is the example:
function doConditionalGet($timestamp) {
// A PHP implementation of conditional get, see
// http://fishbowl.pastiche.org/archives/001132.html
$last_modified = substr(date('r', $timestamp), 0, -5).'GMT';
$etag = '"'.md5($last_modified).'"';
// Send the headers
header("Last-Modified: $last_modified");
header("ETag: $etag");
// See if the client has provided the required headers
$if_modified_since = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ?
stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']) :
false;
$if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ?
stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) :
false;
if (!$if_modified_since && !$if_none_match) {
return;
}
// At least one of the headers is there - check them
if ($if_none_match && $if_none_match != $etag) {
return; // etag is there but doesn't match
}
if ($if_modified_since && $if_modified_since != $last_modified) {
return; // if-modified-since is there but doesn't match
}
// Nothing has changed since their last request - serve a 304 and exit
header('HTTP/1.0 304 Not Modified');
exit;
}
With this you can use HTTP verbs GET or HEAD (I think it's also possible with the others, but I can't see the reason to use them). All you need to do is adding either If-Modified-Since or If-None-Match with the respective values of headers Last-Modified or ETag sent by a previous version of the page. As of HTTP version 1.1 it's recommended ETag over Last-Modified, but both will do the work.
This is a very simple example of how a conditional GET works. First we need to retrieve the page the usual way:
GET /some-page.html HTTP/1.1
Host: example.org
First response with conditional headers and contents:
200 OK
ETag: YourETagHere
Now the conditional get request:
GET /some-page.html HTTP/1.1
Host: example.org
If-None-Match: YourETagHere
And the response indicating you can use the cached version of the page, as only the headers are going to be delivered:
304 Not Modified
ETag: YourETagHere
With this the server notified you there was no modification to the page.
I can also recommend you another article about conditional GET: HTTP conditional GET for RSS hackers.

This is the exact purpose of the ETag header, but it has to be supported by your web framework or you need to take care that your application responds properly to requests with headers If-Match, If-Not-Match and If-Range (see HTTP Ch 3.11).

You can if it uses the http response headers correctly but it's often overlooked.
Otherwise storing a local md5-hash of the content might be useful to you (unless there's an easier in-content string you could hook out). It's not ideal (because it's quite a slow process) but it's an option.

Yes, you can and should use HTTP headers to mark pages as unexpired. If they are dynamic though (PHP, ASPX, etc.) and/or database driven, you'll need to manually control setting the Expires header/sending HTTP Not Modified appropriately. ASP.NET has some SqlDependency objects for this, but they still need to be configured and managed. (Not sure if PHP has something just like it, but there's probably something in PEAR if not...)

The Last-Modified header will only be of use to you if the programmer of the site has explicitly set it to be returned.
For a regular, static page Last-Modified is the timestamp of the last modification of the HTML file. For a dynamically generated page the server can't reliably assign a Last-Modified value as it has no real way of knowing how the content has changed depending on request, so many servers don't generate the header at all.
If you have control over the page, then ensuring the Last Modified header is being set will ensure a check on Last-Modified is successful. Otherwise you may have to fetch the page and either perform a regex to find a changed section (e.g. date/time in the header of a news site). If no such obvious marker exists, then I'd second Oli's suggestion of an MD5 on the page content as a way to be sure it has changed.