空手道测试中如何处理带有签名的请求? [英] How to handle requests with signatures on karate tests?

问题描述

首先，感谢您构建空手道，这对于测试API和UI而言非常有用.我们正在使用它来测试许多端点，但是我们想知道是否有一种方法或哪种方法是处理请求的最佳方法，而签名是请求的一部分.

First of all, thanks for build karate it's a very useful for test API's and UI's. We are using it to test a lot of our endpoints but we would like to know if there is a way or which is the best approach to handle requests with signature as part of the request in the header.

在我们的例子中，我们有两个标题:

In our case we have two headers:

• ApiKey :此值始终相同
• 签名:此值取决于请求正文的内容

• ApiKey: this value is always the same
• Signature: this value depends on the request body content

是否有任何方法可以根据请求正文内容在执行请求之前注入签名值?

Is there any way to inject the signature value just before the request is executed based on the request body content?

在这里您可以看到两个请求示例

Here you can see two samples of the requests

示例1:

   * url 'https://dev.sample.com'
   * path '/api/user/getAll' 
   * header Content-Type = 'application/json'
   * header ApiKey = 'XXX' 
   * header Signature = 'YYY'
    And request {  }
    When method POST
    Then status 200    

示例2:

   * url 'https://dev.sample.com'
   * path '/api/user/getAll' 
   * header Content-Type = 'application/json'
   * header ApiKey = 'XXX' 
   * header Signature = 'ZZZ'
    And request { name: 'John' }
    When method POST
    Then status 200    

谢谢

推荐答案

空手道有一个钩子"，用于生成报头，但是到目前为止，它不是知道"的.当前构建的请求正文+标头: https://github.com/intuit/karate#configure -标题

Karate has a "hook" for generating headers, but as of now it is not "aware" of the currently built request body + headers: https://github.com/intuit/karate#configure-headers

我们在这里收到了类似的请求，并且正在考虑添加此功能:如何在进行REST调用之前如何检索原始请求内容空手道DSL?

We got a similar request here, and are thinking of adding this capability: How to retrieve raw request contents before making a REST call in Karate DSL?

也许OAuth示例现在可以为您提供前进的道路: https://stackoverflow.com/a/55055111 /143475

Maybe the OAuth examples will give you the way forward for your case for now: https://stackoverflow.com/a/55055111/143475

随时提出增强要求，我们可以将其引入下一个版本(在您的帮助下进行测试).我在想-如果您能够从标头JS函数中调用karate.get('request')，该怎么办.

Feel free to raise an enhancement request, and we can get this in to the next version (with your help to test it). I'm thinking - what if you are able to call karate.get('request') from within the header JS function.

但是现在您只需要做这样的事情:

But for now all you need to do is do something like this:

* def body = { some: 'json' }
* karate.set('requestBody', body)
* url someUrl
* request body
* method post

并在header.js函数中

function fn() {
  var body = karate.get('requestBody');
  var sign = Utils.sign(body);
  return { Signature: sign };  
}

这篇关于空手道测试中如何处理带有签名的请求?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！