Register
SmartBear Support Resources
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extract CSRF/XSRF from response cookie to pass as header

SOLVED
Solved
Start a topic
Highlighted
klaypigeon
Occasional Contributor
‎12-13-2018 07:45 AM
‎12-13-2018 07:45 AM

Extract CSRF/XSRF from response cookie to pass as header

Hi, I am having a hard time locating an answer to this. I keep getting info about passing cookies around. Essentially my authentication response contains a cookie:

Set-Cookie: [XSRF-TOKEN="WtY3ztIhTFdF8VXbKDi8iw==\012"

I need to pass this to subsequent requests as a header to maintain my authenticated status:

Header: X-XSRF-TOKEN = "WtY3ztIhTFdF8VXbKDi8iw==\012"

 

This must be pretty common and I am guessing there is GUI functionality to do this, but I cannot figure it out. Can someone point me in the right direction?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
klaypigeon
Occasional Contributor
‎12-14-2018 08:50 AM
‎12-14-2018 08:50 AM

Re: Extract CSRF/XSRF from response cookie to pass as header

I have a solution to the problem stated. This is the Groovy that allows me access to the CookieStore. I have it set up now so the X-XSRF-TOKEN header is getting created from the associated cookie value.

 

Unfortunately the subsequent request is still failing with a 401. I'm out of ideas and the vendor is unlikely to help me with SoapUI issues since it works fine using Python requests package. I will update if I get it working.

 

Make sure you have 'Maintain HTTP Session' checked.

Create a new Property in your TestCase and assign it an arbitrary value. (mine is XSRF)

Insert a Groovy script similar

// Thanks to user Kristoffer for his find
// https://community.smartbear.com/t5/SoapUI-Pro/preserving-cookies/td-p/41244

final httpStatePropertyName = com.eviware.soapui.model.testsuite.TestRunContext.HTTP_STATE_PROPERTY;
final httpContext = context.getProperty(httpStatePropertyName);
final cookieStore = httpContext.getAttribute("http.cookie-store");

// Get cookies from store
def cookies = cookieStore.getCookies();
def xsrfToken;
cookies.each {
 if (it.name == "XSRF-TOKEN"){
 s = it.value;
 //Strip quotes, tried with and without this
 xsrfToken = s.replace("\"", "");
 //Assign TestCase Property
 testRunner.testCase.setPropertyValue( "XSRF", xsrfToken );
 }
}

This value is assigned by creating a Header in my next request and assigning it the property value.

X-XSRF-TOKEN = ${#TestCase#XSRF}

View solution in original post

Reply
3 REPLIES 3
Highlighted
klaypigeon
Occasional Contributor
‎12-13-2018 11:19 AM
‎12-13-2018 11:19 AM

Re: Extract CSRF/XSRF from response cookie to pass as header

I set up a  Groovy script to extract the cookie values after the login and set a test case property, xsrfToken to store the value.

myCookies is coming up null, even though I can see the cookies being set in the Login Response. I do have Maintain HTTP session, checked. Am I doing this right? Seems like everyone does it a little different.

 

import com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport;
import org.apache.http.impl.cookie.BasicClientCookie

def myClient = HttpClientSupport.getHttpClient()
def myCookieStore = myClient.getCookieStore()
def myCookies = myCookieStore.getCookies();
def xsrfToken;

log.info ( myCookies );

myCookies.each {
	if(it.name == "XSRF-TOKEN")
		xsrfToken = it.value;
};

log.info ( xsrfToken );
testRunner.testCase.setPropertyValue( "XSRF", xsrfToken );

Help?

 

 

Reply
Highlighted
klaypigeon
Occasional Contributor
‎12-14-2018 08:50 AM
‎12-14-2018 08:50 AM

Re: Extract CSRF/XSRF from response cookie to pass as header

I have a solution to the problem stated. This is the Groovy that allows me access to the CookieStore. I have it set up now so the X-XSRF-TOKEN header is getting created from the associated cookie value.

 

Unfortunately the subsequent request is still failing with a 401. I'm out of ideas and the vendor is unlikely to help me with SoapUI issues since it works fine using Python requests package. I will update if I get it working.

 

Make sure you have 'Maintain HTTP Session' checked.

Create a new Property in your TestCase and assign it an arbitrary value. (mine is XSRF)

Insert a Groovy script similar

// Thanks to user Kristoffer for his find
// https://community.smartbear.com/t5/SoapUI-Pro/preserving-cookies/td-p/41244

final httpStatePropertyName = com.eviware.soapui.model.testsuite.TestRunContext.HTTP_STATE_PROPERTY;
final httpContext = context.getProperty(httpStatePropertyName);
final cookieStore = httpContext.getAttribute("http.cookie-store");

// Get cookies from store
def cookies = cookieStore.getCookies();
def xsrfToken;
cookies.each {
 if (it.name == "XSRF-TOKEN"){
 s = it.value;
 //Strip quotes, tried with and without this
 xsrfToken = s.replace("\"", "");
 //Assign TestCase Property
 testRunner.testCase.setPropertyValue( "XSRF", xsrfToken );
 }
}

This value is assigned by creating a Header in my next request and assigning it the property value.

X-XSRF-TOKEN = ${#TestCase#XSRF}

View solution in original post

Reply
Highlighted
klaypigeon
Occasional Contributor
‎12-20-2018 05:08 AM
‎12-20-2018 05:08 AM

Re: Extract CSRF/XSRF from response cookie to pass as header

Follow up:

It is undetermined why this was occuring, but SoapUI was unable to follow the redirect in the URI even though 'follow redirect' was enabled. Once I changed the URI from /api/latest/ to /api/v4/ the subsequent requests worked fine with the Token authentication. 

0 Kudos
Reply
New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors
View All
Interests
Getting Started
Community Lounge
Community News
Hall of Fame
Industry Interviews
Product News