Provide extractors to work with raw cookie data

[nitrocode]

I'm trying to do the following

1. Run login test to grab the SESSION_ID cookie
2. Run actual test using SESSION_ID cookie

Here is my YAML

---
- config:
    - testset: "Testing login..."

# This works
- test:
    - group: "Quickstart"
    - name: "Login"
    - url: "/api/v1/users/process-login"
    - method: "POST"
    - body: '[email protected]&password=qa'
    - headers: {'Content-Type': 'application/x-www-form-urlencoded'}

# This does not because it doesn't use the cookie obtained in the previous test
- test:
    - group: "Quickstart"
    - name: "Get data"
    - url: "/api/v1/search"
    - method: "GET"
    - body: 'type=contacts'
    - headers: {'Content-Type': 'application/json'}

Is there a way I can write an extractor that will extract the cookie from the first test and push it into the second test?

I got the underlying curl commands to work:

loginurl="http://localhost:8888/api/v1/users/process-login"
# create cookie
curl -c mycookie "$loginurl" -d "[email protected]" -d "password=qa" --referer "$loginurl"
# use cookie
curl -b mycookie "http://localhost:8888/api/v1/search?type=contacts"

I could do this all in curl but I'd much rather use your YAML abstraction layer. Any advice on how to make my YAML connect to my API like I was able to using curl's cookie I/O?

[svanoort]

Hi,
Yes, there's a header extractor that should be able to pull cookies out and reuse them in tests, example case here: #70

It's fairly basic, you can use it to pull the cookie headers out and use them as variables for templating, but may serve for your use case. It won't be able to set multiple cookie headers at the same time though until #74 is resolved.

Does that work?

Thanks,
Sam

[svanoort]

@nitrocode ^ reply above

[nitrocode]

Thank you for the quick reply @svanoort but I'm having trouble setting up the extractor. I read through your advanced guide but I wasn't able to find any examples that would work for me. I also found #70 and attempted the following to no avail.

    ... (from the first test)
    - body: '[email protected]&password=qa'
    - headers: {'Content-Type': 'application/x-www-form-urlencoded'}
    - extract_binds: # added this
        - 'SetCookie': { header: 'Set-Cookie'} # added this

# This does not because it doesn't use the cookie obtained in the previous test
- test:
    - group: "Quickstart"
    - name: "Get data"
    - url: "/api/v1/search"
    - method: "GET"
    - body: 'type=contacts'
    #- headers: {'Content-Type': 'application/json'}
    - headers: {'Content-Type': 'application/json', 'Set-Cookie': $SetCookie} #added this but it doesnt use the $SetCookie variable from the 1st test

How would I change my YAML file so I can extract Set-Cookie and plugin the same into the second test?

[nitrocode]

@svanoort

Also tried

    - headers: {'Content-Type': 'application/json', 'Set-Cookie': {'template': '$SetCookie'} }

but my output still doesn't replace my $SetCookie with the correct cookie.

[nitrocode]

@svanoort

Alright, well this is interesting.

Change Test 1 to

    - extract_binds:
        - 'cookie': {header: 'set-cookie'}

Changed Test 2 to
- headers: {'Content-Type': 'application/json', 'template': {'Set-Cookie': '$cookie'}}

This caused the correct headers to be sent

User-Agent: PycURL/7.19.5 libcurl/7.37.0 WinSSL zlib/1.2.8
Host: 127.0.0.1:8888
Accept: */*
Set-Cookie:SESSID=5d9o339eboueos2sqpoevm4nr5; path=/
Connection: close

But the response contained a different SESSID

< HTTP/1.1 401 Unauthorized
< Date: Tue, 02 Feb 2016 21:42:31 GMT
* Server Apache/2.2.15 (CentOS) is not blacklisted
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.5.18
< Set-Cookie: SESSID=42gkvh97bh3htmh1akpddrvjl0; path=/

Also tried changing Set-Cookie to Cookie in Test 2 which resulted in the same 401 failure.

[svanoort]

@nitrocode That's the correct syntax for the test, yes, and it should be "set-cookie"... but the test doesn't do anything to modify the response, that's coming straight from your server. So what I'm thinking is there's a missing piece here for server behavior.

My guess is that the server is changing the session ID every time to prevent some form of attack, possibly session fixation (see http://stackoverflow.com/questions/14466595/apache-tomcat-7-changing-jsessionid-on-every-request).

What happens with session IDs when run by curl in verbose mode? Does it stay static? Are you able to reuse the cookie JAR on multiple requests? (My guess is no, in this case.)

[nitrocode]

@svanoort Thanks for all of your help! That seemed to shed some light on the situation. I changed my Set-Cookie to just cookie and I added my second test's body attribute to the url attribute. It says both tests are passing now.

It would be nice as a feature request for a commandline switch to automatically save the cookie retrieved and used. What do you think?

[svanoort]

@nitrocode Hmm, I think I'd misread something here yesterday in the headers, but I'm glad you've got it working now!

I have a better idea for how to do this than saving all cookies (which could introduce issues with what are supposed to be isolated tests): provide an extractor that will save all cookie data in a raw string format to a variable that can be used in header templating. How does that sound?

An optional extension might be to just save a specific cookie element or elements. We've got a definite weakness in that area.

What do you think?

[nitrocode]

@svanoort yeah that sounds like a good starting point. Since the following tests require a cookie to perform the action intended, it would be good if the login test did not pass, it should exit from the entire YAML test because all of the tests following will fail.

[svanoort]

Yeah, it needs a failfast option I believe. That is a little tricker to do than it sounds though.

[svanoort]

@nitrocode Added an issue for failfast or setup/teardown - #146

[nitrocode]

Great, thanks