Forum Discussion

wontae0's avatar
wontae0
New Contributor
7 years ago

CSRF Token login

Hi all,

I am new to SOAPUI and API testing. I would like to try API testing. However, I have struggled with csrf token issues.

Basically, I want to test the web app which is frontend Angular web app with xsrf token. Whenever I try to Get XSRF token generate and the token generate dynamically(every time change.). I have researched and come up with the approach below.

 

1. Post request (log in)

2. Get access token and transfer to next step

3. Get response.

 

However, I have no ideas that how to input ID and Password then Get dynamic token and transfer to next steps.

Can you share some idea?

Thanks in advance.

8 Replies

Sort By
  • felixcao's avatar
    felixcao
    Occasional Visitor
    7 years ago

    I have a similar issue. I am trying to do some API testing too. Please let me know if you got this issue resolved. I am using ReadyAPI 2.2.0

  • wontae0's avatar
    wontae0
    New Contributor
    7 years ago

    Hi sorry for late reply.

    I tried to follow the link, but it was not quite good to me.

    our application using Gem "ng-rails-csrf". Any idea of a deal with it?

     

    Cheers

  • wontae0's avatar
    wontae0
    New Contributor
    7 years ago

    Yes Whenever I do request or something, the XSRF-Token value is dynamically changed in each time. 

    I am struggling with to transfer XSRF-Token value to next steps. 

     

    Anyways to catch the dynamic values? 

     

    • PaulMS's avatar
      PaulMS
      Super Contributor
      7 years ago

      On the Response Headers tab is there a header named "x-csrf-token" or similar?

       

       

      Step 2 from the example in the link above uses a groovy script step to transfer the header value to a test case property.

      Then in Step 3 use that value for the next request header.

       

      Is that the value you need to transfer?

  • coolmanAK47's avatar
    coolmanAK47
    New Contributor
    6 years ago

    This is an old thread, but I have a similar issue. So I want to know if anyone has a good answer to this question.

     

    I am working on a project using Collibra REST APIs. The POST /auth/sessions request will only return a csrfToken with random value. I am not sure how this token is used for other methods. I have enable the option "Maintain HTTP session". I am not sure if the cookie is going to help with anything. When I try to do something, for example, POST /domains to create a new domain object, it consumes the body but there is no header required. Any idea?

     

    I did ask the question in the Collibra community. No helpful answer is provided because the APIs are working fine with the Swagger UI that they offer. I just can't get it to work in the ReadyAPI.

     

    Thanks,

    Felix

    • coolmanAK47's avatar
      coolmanAK47
      New Contributor
      6 years ago

      I got it resolved. I am using 2.3.0 ReadyAPI with a licensed Soap UI.

       

      If I run the tests from the beginning to the end, it works fine. If I want to test each request independently, then it will have issue.