The following request does not result in 3DAUTH response (3D secure is enabled):
POST https://test.sagepay.com/gateway/service/vspdirect-register.vsp
VPSProtocol=4.00&Vendor=adventureworks&Currency=GBP&TxType=AUTHENTICATE&VendorTxCode=689359&Amount=158.00&Description=1%20x%20Membership;%20&Basket=1:Membership:1:131.67:26.33:158.00:158.00&CardHolder=Test%20Visa&CardNumber=4929000000006&ExpiryDate=0834&CV2=123&CardType=VISA&BillingFirstnames=Test&BillingSurname=TEst&BillingAddress1=88&BillingCity=london&BillingPostCode=412&BillingCountry=GB&DeliveryFirstnames=Test&DeliverySurname=Test&DeliveryAddress1=88&DeliveryCity=london&DeliveryPostCode=412&DeliveryCountry=GB&ClientIPAddress=10.13.10.191&BrowserJavascriptEnabled=1&BrowserJavaEnabled=1&BrowserColorDepth=24&BrowserScreenHeight=600&BrowserScreenWidth=800&BrowserTZ=0&BrowserAcceptHeader=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3&BrowserLanguage=en-GB&BrowserUserAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/76.0.3809.132%20Safari/537.36&ThreeDSNotificationURL=https://someurl.co.uk/join/callback3DSecure.asp&ChallengeWindowSize=02&CustomerEmail=test#test.com&contains=function(n)%20%7B%0D%0Afor%20(var%20i%20=%200;%20i%20%3C%20this.length;%20i++)%20if%20(this%5Bi%5D%20==%20n)%20return(true);%0D%0Areturn(false);%0D%0A%7D
Tried with BrowserJavascriptEnabled='0', same response.
What am I doing wrong?
I get a successful transaction created is SagePay with 3D response OK
Use CHALLENGE as Cardholder Name and you get the challenge window.
Use STATUS201DS to test the fall back to 3DSv1.
EDIT:
Documentation: DIRECT_Integration_and_Protocol_4_Guidelines.pdf
Related
I'm doing Jmeter scripting for Login flow which is having SSO authentication.
I have correlated almost all the token values like SAML request, SAML response,Request verification token & client id request ,but I'm not getting proper response in the login call.The SSO calls is failing with 401 response code.
When we try to decode the SAML response(using online SAML decoder) which i'm getting it from the previous request call response in Jmeter, the Status is showing as Responder. but the same is showing as Success when we decode the SAML response which we are getting it from the LoadRunner or Developer Console
Note : The same script is working fine in Load Runner
Can Someone help me
enter image description here
If "the same script is working fine in Load Runner" and doesn't work in JMeter - this is not the same script. You need to figure out what are the differences and amend your JMeter configuration so JMeter will send the same requests as Load Runner (or even better a real browser)
I have correlated almost all the token values
"almost all" is not sufficient, you need to correlate all the dynamic parameters.
Use a 3rd-party sniffer tool like Fiddler or Wireshark to capture the requests originating from JMeter and Load Runner (or real browser).
The requests must be exactly the same (apart from dynamic values which need to be correlated). Once you send the same request you will get the same response. Pay attention to literally everything: not only request body matters, take a look at URL query strings, request headers and so on.
I have a SpringBoot API with a POST end-point.
Trying to make a call to end-point from Grafana AJAX panel
It seems to be hitting the end-point but error occurs complaining about missing body.
error: "Bad Request" message: "Required request body is missing: public org.springframework.http.ResponseEntity status: 400
But the request has indeed a body.
Have been looking for possible POST examples for hrs now but no joy, e.g.
https://community.grafana.com/t/using-ajax-plugin-to-make-rest-call/6674
Any tips or solutions would be much appreciated.
Asked this same question on Grafana support forum.
Turns out the plugin/panel in question does not support POST with body.
Indeed, it looks like POST JSON data to backend is not currently supported. There seem to be two related issues here:
https://github.com/ryantxu/ajax-panel/issues/48
https://github.com/ryantxu/ajax-panel/issues/13
You're welcome to share your thoughts there, it looks like this feature request has been added as a future enhancement but I am not sure when that work will be completed. In the meantime, you may need to forego using the AJAX Plugin.
So it's basically useless as my backend API end-point requires a body.
try the new JSON API plugin
https://grafana.com/grafana/plugins/marcusolsson-json-datasource/?tab=changelog
or AjaxPanel plugin for more control
I'm trying to send a TrustPilot invitation using the Create Invitations API but no matter what I try, I get a response code of 415 and with no data returned, so it's virtually impossible for me to debug.
The URL I'm using is correct: https://invitations-api.trustpilot.com/v1/private/business-units/{businessUnitId}/email-invitations (where {businessUnitId} is my business ID)
I am sending a valid (and current) oAuth token in my header.
I am sending a POST request.
I have tested my details with other "Business user OAuth Token" APIs and everything works, so my details are definitely correct. It's just this create invitation API that's not working.
I've tried everything. I've submitted minimal details, a full request, somewhere in between, the example request in the API, and so on. Always a response code of 415.
I've set my "Invitation Settings" in the TrustPilot Business portal, and have even tried submitting those details with the request (ie. sender e-mail "noreply.invitations#trustpilotmail.com" and a valid reply-to e-mail that's been configured).
I've tried contacting the "Integration Engineers" at TrustPilot who after a few back and forth e-mails, also have no idea, which is VERY unsettling. So time for Stack Overflow.
I need to get this figured out, so any help would be great! Perhaps someone can provide a sample request that works in their application that I can try to duplicate in mine?
Http status code 415 (Unsupported Media Type) is returned when Content-Type: application/json is not passed. You need to make sure that this header is added and that the content you are passing in the post body is valid json.
If you are already doing this then I would need an example of a request you are sending to help you further.
I am trying to do the load testing of salesforce.com. I am logging via test.salesforce.com which is redirecting me to the console url. Now, subsequent post request accepts following post parameters.
ViewStateCSRF
ViewStateMAC
visualforce.ViewState
But this post request is failing with "invalid session" error message.
I am guessing this is because of CSRF token. I am trying to extract(post processor in Jmeter) CSRF token, but I am unable to find this token anywhere in the response/cookie of previous requests. In one of the HTML response, I can find few CSRF tokens(e.g: runApexCsrfToken, consoleAjaxCsrfToken etc). I have tried all of them but no result.
To summarize my problem: I need to pass csrf token in post login request but I am unable to find this token in previous responses.
Could you please help me with this.
PS: I have tried get request on "https://c.salesforce.com/libs/granite/csrf/token.json" after login but did not find any token in response.
Make sure to add HTTP Cookie Manager to your Test Plan
Make sure to check all response fields as the token can be a part of URL or come as a HTTP Header
You need to correlate not only ViewStateCSRF but all other dynamic parameters as well
If you have problems with identifying the source for the dynamic parameters values you can try recording your scenario using cloud-based proxy service, it is capable of exporting recorded scripts in "SmartJMX" mode with automatic detection and correlation of dynamic parameters. See How to Cut Your JMeter Scripting Time by 80% article for more details
The rest of the script is working properly but on checkout getting 403 / 404 error. I am not getting why it is happening. Do i need to pass cookies or session Id to get successful checkout or what can I do. please suggest in brief.
Even if you get "green" result and HTTP Response code 200 it doesn't guarantee that your test is doing what it is supposed to do, add View Results Tree listener and inspect response details starting from login, I think your test even doesn't perform a successful login.
So a couple of general recommendations:
Always add HTTP Cookie Manager to your Test Plan
Magento uses some form of CSRF Protection so you will need to get form_key parameter form the previous response and add it to the next request. See the following reference material for more information:
Magento CSRF attack: A Simple Explanation
How to Load Test CSRF-Protected Web Sites