How to handle the MFA authentication in JMeter - jmeter

I am testing an application which is configured with Microsoft AD MFA. Whenever i login into application with my user id and pwd, i receive a push notification in my mobile from microsoft authenticator application which states "Approve" or "Deny" request.
Here we need to find out solutions for these two below mentioned problems :-
how can we handle the push notification that we receive in mobile while login using JMeterenter image description here.
how to perform the load test execution with these 2MFA enabled by handling the push notification and token expiry.

Your test should focus on your application only any external dependencies must be excluded. You are not load testing Microsoft servers, are you?
So if your test is making requests to one of the "forbidden websites" most probably these requests need to be removed.
If for some reason it's not possible - ask around if it's possible to turn off Azure authentication.
If it's not possible - ask whether it's possible to turn off the 2nd factor.
If it's not possible - ask whether it's possible to switch it to something you can handle easily like OATH Software token
As the last resort you can use a browser automation framework like Appium for automating the approval process on your mobile device/simulator

Related

load slack message history by an external web app

I'm developing a web application which must load slack messages and work on it afterwards.
My question: what is the best way to develop an intermediary between slack and this web application to loads the messages directly after the user gives permission without creating a "slack app".
I saw this useful if we want to load only our own messages, but in my case I have to load the history messages inside my web application for each user who gives permission.
It's not possible to retrieve data from Slack without creating a Slack app. You need to create an app that requests the types of permissions/scopes you require for [conversations.history][1] and/or the Events API.The only way to access that information is with an app token and the only way to get a token is via app installation/authentication.

Get refresh tokens of Microsoft Graph API with OAuthPrompt

I'm creating a MS Teams bot which periodically checks the users' Outlook calendar by background threads spawned after the user logs in via OAuthPrompt.
To implement the feature, it seems that I have to configure an OAuth connection setting and an app registration supporting offline_access. Then, get a refresh token when getting an access token, according to Get access on behalf of a user.
But as long as I tried the example bot, the result of OAuthPrompt doesn't contain a refresh token. And I couldn't find the documented way to get it.
How can I achieve the goal? Do I need some hack on OAuthPrompt or some related classes? Do I have to build cards from scratch?
I concluded that we can't get refresh_token with OAuthPrompt from investigation. So I made up with a different way to achieve the goal.
The key idea is creating a tiny web app just for the "Sign in with Microsoft account" feature, which can easily get refresh_token as ordinary web apps.
Here is the example app: https://github.com/igrep/example-teams-bot-with-ms-account-refresh-token
The sample which you are using is for most of the channels, but Teams behaves differently. An Invoke Activity is sent to the bot rather than the Event Activity used by other channels. This Invoke Activity must be forwarded to the dialog if the OAuthPrompt is being used.
Refer to this documentation for adding authentication to your MS Teams bot, which makes use of Teams-auth sample.
For a better understanding of how OAuth works in MS Teams, you can refer to this documentation which explains the authentication flow.
Hope this helps!!
alwaysPrompt flag should be false. Then OAuth prompt will get refresh tokens silently without prompting login card.
Please refer the answer on github about this isse.
Bot composer OAuth refresh token
Another idea has flashed into my mind while writing this comment: running a dialog including OAuthPrompt in a TurnContext made with a ConversationRefrence, which is saved and passed to the background thread, may work. (But I have no time and no motive to try!)
In my case, I needed the refresh_token to get access tokens for other Microsoft resources like Exchange,
the solution was to use
const tokenResponses = await context.adapter.getAadTokens(context, this.connectionName, [
"https://outlook.office365.com",
"https://graph.microsoft.com",
]);

How to force the gmail inbox to reload/refresh?

I have built an application that uses the import endpoint in the Gmail API Gmail.Users.Messages.import() to clone an email message but allow for subject changing.
It then deletes the original/old message using the remove endpoint Gmail.Users.Messages.remove()
I would like a way to refresh the Gmail inbox UI or even to just reload the web page from Google Apps Script - however, I'm not aware of how to do this - and a look around the internet hasn't proven especially helpful.
Unfortunately it's not possible to control the user's Gmail interface via an API (or add-on). The best your application could do is instruct the user to do it themselves.

How to perform Graph auth without hosting my bot in Azure?

From my understanding, the OAuthPrompt requires a connection name. To create this, I need to make use of the Bot Channels Registration (as per the documentation). However, this seems to require me to create an Azure account and enter my payment card details. I would like to avoid entering my details if possible as I would not like to be charged for using any Azure services. Is there any way to avoid this?
If I must manually handle the OAuth process, I would like my sign-in to pop up in a small window like the "Allow" button triggers within the Who bot. I have tried SignIn cards which I have read just don't work in teams, and I have also tried OpenUrl type actions in a card which, when pressed, open the URL in my browser as opposed to a pop-up. How can I achieve this?
You can create a Bot Framework bot (only for Microsoft Teams) using the guidance here: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/bots/bots-create. To summarize that article, you can use this endpoint to create a non-Azure bot: https://dev.botframework.com/bots/new
If you chose to use the Azure Bot Framework, you will not be charged for the Bot Framework if Microsoft Teams is your only channel (this does NOT include your web service if you chose to host your bot code on Azure, although you can chose a free tier to avoid any charges).
For authentication, see this section of the MS Teams documentation: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/authentication/authentication. Depending on how you chose to implement your authentication, there are a few articles in that section that may apply. The OAuth card does work in Teams (not the free version, does not work with guest accounts, and only works for Azure bots).
For authentication, if you're redirecting to a different domain make sure you add it to the validDomains in your app manifest.

Accessing Voice Mail Services in Windows Phone 7

I am creating a module for my project which is location based profile change in Windows Phone 7.
I am giving an extra feature in my app. When a user recieves a call, when in a certain profile (i.e silent or driving), the incoming call will recieve a service like voice mail where he/she can record a message.
Which API can I use to achieve that?
It's not entirely clear what you're after but I'm certain you can't do it:
There is no API for accessing profile information.
There is no API for accessgin call history details.
There is no way to determine if your application is being obscured for an incoming call or another reason.
Access to voicemail is operator dependent. There is no universal way to access this. Some oeprators provide their own APIs for accessing things like voicemail but these vary in implementation, availability and capabilites.

Resources