Skip to content
This repository has been archived by the owner on Mar 26, 2021. It is now read-only.

How to use a cookie from response in the next request? #147

Open
WimmerAlex opened this issue Mar 30, 2020 · 1 comment
Open

How to use a cookie from response in the next request? #147

WimmerAlex opened this issue Mar 30, 2020 · 1 comment

Comments

@WimmerAlex
Copy link

This is a rather general question for stRest authentication.

Authentication is already covered by your documentation:

requests:
  login: # will return { authenticated: true }
    ...
  authNeeded:
    request:
    ...
      headers:
      - name: Authorization
        value: Bearer <$ login.content.authenticated $>  # It's possible to use the status code, headers, and status text from previous calls.

That is exactly what I need, but (for me) it is only the second step.

The way I need to authenticate and where I would need your help to manage this looks like this:

Step 1:
reqest to the webserver -> webserver authenticates the session and returns a cookie

Step 2: <- this is where I fail
request user data with the cookie -> webserver returns the user data AND a token.

Step 3: <- your documented auth approach (works fine)
Further requests can be done with the approach you have already documented. The returned token from step 2 is used.

What I am missing now is how session-handling works with stRest, how to pass a cookie to the server. Do I need to transfer the cookie in chaining or is there a way to use the cookie cache?
I've tested several approaches but unfortunately had no success yet.

In the code example below I am listing some of my most promising approaches:

requests:
  authenticationRequest: # initial request that authenticates the session and returns a cookie 
    request:
      url: <$ base_url $>/foo/login 
      method: POST              
      postData:        
        mimeType: application/json
        text: 
          { 
            "Username":"username",
            "Password":"password"
          }         
    
  userDataRequest1: # approach 1 -> did not work
    request:
      url: <$ base_url $>/foo/userdata
      method: GET
      headers: 
        - name: Cookie
          value: <value of 'Set-Cookie' in response of authenticationRequest>
    
  #-------------------------------------------

  userDataRequest2: # approach 2 -> did not work
    request:
      url: <$ base_url $>/foo/userdata
      method: GET
    cookies: 
      - name: <cookie name>
        value: <cookie value>
        path: "/"
        secure: true
    
  #-------------------------------------------

  userDataRequest3: # approach 3 -> did not work
    request:
      url: <$ base_url $>/foo/userdata
      method: GET
    headers:
     - name: <cookie name>
       value: <cookie value>



  furherDataRequest:
    request:
      url: <$ base_url $>/foo/bar
      method: GET    
      headers:
        - name: Authorization
          value: Bearer <$ userDataRequest.content.token $>
    validate:
    - jsonpath: content

The response to the first request (authenticationRequest) looks like this:

{
  "base_url": "https://somewebsite.net/api",
  "loginRequest": {
    "status": 201,
    "statusText": "Created",
    "headers": {
      "cache-control": "private,private, no-cache, no-store, must-revalidate",
      "location": "https://somewebsite.net//user/id",
      "vary": "Accept",
      "server": "Microsoft-IIS/10.0",
      "set-cookie": [
        "ss-id=EXdBqX1EftWlIdbp3bDE; path=/; secure",
        "ss-pid=E1L7iXV2OkAr285Chd1B; expires=Fri, 30-Mar-2040 08:53:50 GMT; path=/; secure",
        "X-UAId=179; expires=Fri, 30-Mar-2040 08:53:58 GMT; path=/",
        "ARRAffinity=08de20d64c245f8af5775d6657a76ccfd5v4d42f70f6ba8f981ce3670547e89f;Path=/;HttpOnly;Domain=somewebsite.net",
        "ARRAffinity=196fe2fe6a8ae3ed160790b414ecb9f7f16rfaf6e05a51f227672a762e5e300e;Path=/;HttpOnly;Domain=somewebsite.net"
      ],
      "x-powered-by": "ServiceStack/5.50 Net45/Windows, ASP.NET, ARR/3.0",
      "access-control-allow-origin": "https://somewebsite.net",
      "access-control-allow-methods": "GET, POST, PATCH, PUT, DELETE, OPTIONS",
      "access-control-allow-headers": "Content-Type,withCredentials,Authorization",
      "access-control-allow-credentials": "true",
      "x-aspnet-version": "4.0.30319",
      "date": "Mon, 30 Mar 2020 08:53:58 GMT",
      "connection": "close",
      "content-length": "0"
    },
    "content": ""
  }

Thanks in advance!
@WimmerAlex
Copy link
Author

WimmerAlex commented Apr 29, 2020
edited
Loading

Well, I found a solution by myself, not perfect but I am glad that I can use strest now.

For anyone who might be interersted in the solution:

The problem was the further usage of set-cookie.

Strest-Client allows to use values from fields of the previous request like this:

loginRequest.headers.set-cookie[0]

That is a valid JSONPath and would show following result:

"ss-id=EXdBqX1EftWlIdbp3bDE; path=/; secure"

Unfortunately this does not work with strest. The response is saved in HAR format and can also be accessed with JSON Syntax. I guess Nunjucks is used for JSON parsing and adds some other behaviour.
Every JSONPath without a "-" is valid and returns the correct result.
In my case "set-cookie" seems to lead to a math operation where cookie is substracted from set (set - cookie). The result is "NaN" (not a number).

A valid JSONPath to avoid this behaviour looks like this:

loginRequest.headers["set-cookie"][0]

Now that I've got the value, I need to cut the resulting string to pass it in the next request with just "name=value" without "path=/; secure".

The only way I found to accomplish this task is to use Nunjucks' 'slice()'.

With 'slice(x, y)' it is possible to cut a string starting from index x to index y. While the length of the cookie value was different over several approaches, the string ending (path=/; secure) remained the same. This approach leads to:

loginRequest.headers["set-cookie"][0].slice(0, -15) // slice(0, string.length-15)

"ss-id=EXdBqX1EftWlIdbp3bDE; path=/; secure" 
leads to:
"ss-id=EXdBqX1EftWlIdbp3bDE;"

The complete request now looks like this:

userDataRequest:
    request:
      url: <$ base_url $>/foo/
      method: GET
      headers: 
        - name: cookie
          value: <$ loginRequest.headers["set-cookie"][0].slice(0, -15) $> <$ loginRequest.headers["set-cookie"][1].slice(0, -54) $> <$ loginRequest.headers["set-cookie"][2].slice(0, -46) $> <$ loginRequest.headers["set-cookie"][3].slice(0, -57) $>

leads to:

userDataRequest:
    request:
      url: <$ base_url $>/foo/
      method: GET
      headers: 
        - name: cookie
          value: ss-id=EXdBqX1EftWlIdbp3bDE; ss-pid=E1L7iXV2OkAr285Chd1B; X-UAId=179; ARRAffinity=08de20d64c245f8af5775d6657a76ccfd5v4d42f70f6ba8f981ce3670547e89f;

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@WimmerAlex