I'm attempting to test REST APIs authenticated by tokens. The process is:
Provide username and password to get a token
Extract the token and save it into a variable in Jmeter (AUTH_TOKEN)
Set the header 'Authorization' with the extracted token value.
Send a request using the token.
This is my test plan:
I could extract tokens successfully. However, sending requests in step 4 is failing because of missing authorization. The View Result Tree shows that the requests contains authorization headers, but the server couldn't find authorization headers. As showed in the figure below, I added 2 headers Authorization and Content-Type and they appeared in the request. The server returned the headers it had actually received, but there wasn't Authorization:
Can anyone help me to fix this issue? Thanks so much.
P/S: the server implements RESTful APIs by Python and Flask framework. I deployed the server with Apache HTTP Server.
==========[UPDATED]========================
The server code is implemented with Flask in Pycharm. Everything is perfect when sending requests from JMeter to the server run with the embedded Flask server. The problem only appears when the server code is deployed with Apache HTTP Server. The configurations of JMeter in the above cases are exactly the same except the port. But if the cause is from Apache server, it doesn't seem reasonable.
==========[UPDATED & SOLVED]========================
I found the reason of my problem here Missing authorization header. Because of deploying the web application with Apache and mod_wsgi, Authorization headers are not passed to the application by default. I have to add this line WSGIPassAuthorization On into my virtual host configuration.
Please check if your api endpoint needs a request body with the "GET /regions" request. In your 2nd screenshot of the "Request" section "GET data:" section is blank. It mostly means that the server is expecting a request body along with your GET request.
My expectation is that your Extract token works incorrectly, i.e. your ${BEARER} variable has a blank line before the actual value as it evidenced by your screenshot.
Double check your ${BEARER} variable value using Debug Sampler and View Results Tree Listener combination: it should not contain blank lines. If it does - review your Extract token configuration and amend it to return solely header value.
It is recommended to use JSON Extractor for getting values from JSON data type.
Related
I am looking for the most efficient method of hosting a HTTP endpoint to receive Cloudflare log files.
Cloudflare Logpush now supports the ability to send logs to configurable HTTP endpoints.
Note that when using Logpush to HTTP endpoints, Cloudflare customers are expected to perform their own authentication of the pushed logs. For example, customers may specify a secret token in the URL or an HTTP header of the Logpush destination.
Enable HTTP destination
I was looking at nginx to host the end point, but the upload module is no longer supported and it looks like apache does not have such function. I have found various projects that achieve this, however most of them seem to have way more functionality than what I require. I did post the question on the Cloudflare community, but have yet to have a bite.
If you guys can suggest some simple solution to host the http endpoint, I would be very grateful.
Using the official python library we get this issue at after a few requests.
The same code works on one request and then breaks in the second request.
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://api.soundcloud.com/oauth2/token
This happens on our test account. We need this to work as we have an issue with our pro account which we need to replicate on our test account so we can safely work on this.
The error happens on the creation of the client instance - it does not make it to the "print" statement that follows. All the API keys and username/password details stay the same and are correct but continue to fail on some occasions and succeed on others.
client = soundcloud.Client(client_id=SC_CLIENT_ID,
client_secret=SC_CLIENT_SECRET,
username=SC_USERNAME,
password=SC_PASSWORD)
print (client.get('/me').username)
The system we have only uploads/manages data from our own account.
I have API written in flask and I use JWT token for authorization. I would like to protect my staging environment from unautorized access, so I added apache basic authentication, but it uses same "Authorization" header, and angular replaces my basic auth header with JWT header.
Does anyone know how to resolve this issue? Maybe can I change Apache Authorization header to different key?
I'm doubtful that you would be able to change the authorization header on apache (I imagine that it is hard coded to that, as web browsers wouldn't know to send the actual request in a different header). This is just my intuition though, and might very well be wrong.
If you used flask-jwt-extended instead of flask-jwt, you could change the header which contains the JWT using the JWT_HEADER_NAME option (http://flask-jwt-extended.readthedocs.io/en/latest/options.html). Full disclosure, I'm the author of this extension.
If you want to continue to use flask-jwt, you can probably do this by utilizing one of the jwt_*_callback decorators, or by sub-classing flask-jwt and overwriting the method that checks for the JWT in the authorization header.
I'm trying to implement the manual Facebook login flow as described at:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
The step where the user signs in and authorizes the app is all good. The problem starts when Facebook redirects to my service (after success login); I can see on the browser's URL bar something like:
http://some.local.domain:8080/1/share/fb_login_redirect?#access_token=XXYYZZ&expires_in=6285
But oddly my web service "sees" only:
http://some.local.domain:8080/1/share/fb_login_redirect
I think this is caused by "#" symbol just after "?". As a result I cannot get the access_token through query string.
My web service is a Python WSGI-application. And I have tested serving it with both gunicorn and wsgiref.simple_server. I have debugged the WSGI environment dict and I found out that the partial URL is being passed (not the full one with the query params). So it seems to be a problem while the browser delivers the request info to WSGI environment. BTW, I have tested on Chrome and Firefox; and I'm using MacOS X 10.10.5 .
I would appreciate any help with this.
Thanks.
The hash part of a URL is a purely client-side construct, it never gets send to the server.
You either need to capture the access token client-side (JavaScript), or choose the response_type: code in your login dialog call.
I have been trying to do something which I think should be pretty simple. The situation is as follows. The client makes a request for a resource on my web server. My flask application processes the request and determines that this resource is located at a certain location on another web server and the client should make a request of that server instead.
I know I can use the redirect function to tell the client to send a request to the remote location, but my problem is that the remote location is the Amazon Glacier servers. These servers require a request to be made in a certain way, with a special signature (see http://docs.aws.amazon.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html). My flask application knows how to go about the business of making these requests in the required way. I essentially want to know if it's possible to send a response to my client saying, send this request (generated by my application, with all the required signing) to the Amazon server?
Any ideas?
If the request can be encoded with get params like
http://www.redirecturl.com/?param1=bla¶m2=blub
then it should work no problem. Just construct the request as a string and pass it to redirect().
As far as i know, you can't tell a client to send specific headers to a HTTP redirect URL.
Hitting the Glacier URL serverside would be the easiest. Using javascript on the clientside would only work if Glacier is implementing CORS.