Refreshing Authentication Workflow
In this tutorial, we will create a Passive Workflow that will automatically store and update either session cookies or tokens, as environment variables.
Then, by using placeholders in requests for the environment variables, you can achieve continuous, uninterrupted testing without manually updating expired sessions.
setVar()
The setVar() function sets an environment variable to a given value. It requires the following parameters:
name: The name of the environment variable.value: The value of the environment variable.secret: Determines if the environment variable is displayed as plaintext or masked.global: Determines if the envrionment variable is set globally or in the currently selected envrionment.
await sdk.env.setVar({
name: "session",
value: "123ABC321XYZ",
secret: true,
global: false
});INFO
If the name does not already exist, a new environment variable will be created. If the name matches an existing environment variable, its value will be overwritten.
TIP
To set the variable to a specific environment, use the env field and supply an existing environment name as its value:
env: "Demo Environment"This specification will take precedence over the global flag.
Creating a Passive Workflow
To begin, navigate to the Workflows interface, select the Passive tab, and click the + New workflow button.
Nodes and Connections
For both Workflows, the overall Node layout will be:
- The
On Intercept ResponseNode will output$on_intercept_response.requestwhich represents a response's associated request. - The request will be sent to the
In ScopeNode. This will check if the request is within your current scope. - If the request is within scope the request and response pair will be passed to the
JavaScriptNode. If it is not - the Workflow will end. Once the response has been processed by the script in theJavaScriptNode, the Workflow will come to an end.
Session Cookies
Consider a response to a successful credential submission that issues a session cookie via the Set-Cookie header:
Set-Cookie: session=757365723D636169646F3B726F6C653D75736572Extracting a Session Cookie
Click on the Javascript Node to access its detailed view. Then click within the coding environment, select all of the existing code, and replace it with the following script:
export async function run({ request, response }, sdk) {
if (response) {
let cookie = response.getHeader("Set-Cookie");
if (cookie && cookie.length > 0) {
await sdk.env.setVar({
name: "session",
value: cookie.join("; "),
secret: false,
global: true
});
}
}
}Script Breakdown
First, an asynchronous function is defined that takes a request and response object pair and the sdk object as parameters. The script will execute everytime an in-scope response passes through the proxy.
export async function run({ request, response }, sdk) {
if (response) {Then, using the .getHeader() method, we extract the Set-Cookie header and store it in a variable named cookie. If the header exists, we use the .setVar() method of the environment service to set an environment variable.
let cookie = response.getHeader("Set-Cookie");
if (cookie && cookie.length > 0) {
await sdk.env.setVar({
name: "session",
value: cookie.join("; "),
secret: false,
global: true
});The Result
To view the set environment variable, navigate to the Environment interface and refresh the Global environment.
Session Tokens
Consider a response to a successful credential submission that issues a session token via an access_token JSON parameter:
{"access_token":"BQA_QoGKzM2I7sqcQ5cKB0oM4F_1VjwYXyUBdFJZ63nMwbrAejF0hel0dA0Ox9IRH_IT-rbt7F7dBudUOGX-kQExt3ezVuL0OBOOXYPaTVjQ5ZpE_ybkkKNEsyIjzIwOtx_7_xhuXvdaVp0BM_Lq2empsCauwvMujhPNf0HcTG0D-zIfLx9wh465oeGk0qVPM0ypFRxRWjkzM0BVMcRzG07pNk9HT_t3cBhuXt3r57o8XqKUQXlhNhWfMNca9N2v","token_type":"Bearer","expires_in":3600,"scope":"email"}Extracting a Session Token
Click on the Javascript Node to access its detailed view. Then click within the coding environment, select all of the existing code, and replace it with the following script:
export async function run({ request, response }, sdk) {
const authFilter = `req.path.cont:"/auth" OR req.path.cont:"/login" OR req.path.cont:"/token" OR req.path.cont:"/oauth" OR req.path.cont:"/refresh"`;
if (sdk.requests.matches(authFilter, request, response)) {
let body = response.getBody();
if (body) {
let json = body.toJson();
let accessToken = json.access_token;
if (accessToken) {
await sdk.env.setVar({
name: "Bearer",
value: accessToken,
secret: false,
global: true,
});
}
}
}
}Script Breakdown
First an asynchronous function is defined that takes a request and response object pair and the sdk object as parameters. The script will execute everytime an in-scope response passes through the proxy.
export async function run({ request, response }, sdk) {Using sdk.requests.matches() we can scope the execution of the script to common authentication endpoints with HTTPQL statements.
const authFilter = `req.path.cont:"/auth" OR req.path.cont:"/login" OR req.path.cont:"/token" OR req.path.cont:"/oauth" OR req.path.cont:"/refresh"`;
if (sdk.requests.matches(authFilter, request, response)) {Then, using the .getBody() method, we extract the response body and if it exists we parse it as JSON using .toJson(). If an access_token parameter exists, we use the .setVar() method of the environment service to set an environment variable.
let body = response.getBody();
if (body) {
let json = body.toJson();
let accessToken = json.access_token;
if (accessToken) {
await sdk.env.setVar({
name: "Bearer",
value: accessToken,
secret: false,
global: true,
});
}
}
}
}The Result
To view the set environment variable, navigate to the Environment interface and refresh the Global environment.
Using the Environment Variables
Now, with these Workflows providing up-to-date session identifiers, navigate to the Replay interface. Within a request editing pane, click, hold, and drag the left mouse button over the value you want to be replaced and then click the + button to add it as a placeholder.
Next, click the edit button located to the right of the placeholder. Doing so will present the Placeholder Settings window. Select Environment Variable from the top dropdown menu. Then, select the desired environment variable by name from the other dropdown menu. Click on the Add button to save the configuration. The addition will be reflected in the list below.
Close the settings window and send the request. To verify the addition was successful, you can view the request by navigating to the Search interface.
