cancel
Showing results for 
Search instead for 
Did you mean: 

CSRF Token login

Highlighted
New Contributor

CSRF Token login

Hi all,

I am new to SOAPUI and API testing. I would like to try API testing. However, I have struggled with csrf token issues.

Basically, I want to test the web app which is frontend Angular web app with xsrf token. Whenever I try to Get XSRF token generate and the token generate dynamically(every time change.). I have researched and come up with the approach below.

 

1. Post request (log in)

2. Get access token and transfer to next step

3. Get response.

 

However, I have no ideas that how to input ID and Password then Get dynamic token and transfer to next steps.

Can you share some idea?

Thanks in advance.

8 REPLIES 8
Highlighted
Occasional Visitor

Re: CSRF Token login

I have a similar issue. I am trying to do some API testing too. Please let me know if you got this issue resolved. I am using ReadyAPI 2.2.0

Highlighted
Super Contributor

Re: CSRF Token login

Can you show the response and the values that you want to transfer to a following request?

 

The documentation includes an example using property transfers

https://www.soapui.org/docs/functional-testing/properties/transferring-properties.html#3-An-example-...

Highlighted
New Contributor

Re: CSRF Token login

Hi sorry for late reply.

I tried to follow the link, but it was not quite good to me.

our application using Gem "ng-rails-csrf". Any idea of a deal with it?

 

Cheers

Highlighted
Super Contributor

Re: CSRF Token login

You probably need to add header/s.to your request.

Do you know the required header name and values that should be transferred?

 

Some similar examples here

https://blogs.sap.com/2015/01/11/test-post-request-to-gateway-with-soapui/

https://community.smartbear.com/t5/SoapUI-Pro/Maintain-HTTP-Session-Should-pass-cookies-to-following...

Highlighted
New Contributor

Re: CSRF Token login

Yes Whenever I do request or something, the XSRF-Token value is dynamically changed in each time. 

I am struggling with to transfer XSRF-Token value to next steps. 

 

Anyways to catch the dynamic values? 

 

Highlighted
Super Contributor

Re: CSRF Token login

On the Response Headers tab is there a header named "x-csrf-token" or similar?

 

 

Step 2 from the example in the link above uses a groovy script step to transfer the header value to a test case property.

Then in Step 3 use that value for the next request header.

 

Is that the value you need to transfer?

Highlighted
New Contributor

Re: CSRF Token login

This is an old thread, but I have a similar issue. So I want to know if anyone has a good answer to this question.

 

I am working on a project using Collibra REST APIs. The POST /auth/sessions request will only return a csrfToken with random value. I am not sure how this token is used for other methods. I have enable the option "Maintain HTTP session". I am not sure if the cookie is going to help with anything. When I try to do something, for example, POST /domains to create a new domain object, it consumes the body but there is no header required. Any idea?

 

I did ask the question in the Collibra community. No helpful answer is provided because the APIs are working fine with the Swagger UI that they offer. I just can't get it to work in the ReadyAPI.

 

Thanks,

Felix

Highlighted
New Contributor

Re: CSRF Token login

I got it resolved. I am using 2.3.0 ReadyAPI with a licensed Soap UI.

 

If I run the tests from the beginning to the end, it works fine. If I want to test each request independently, then it will have issue.

New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors