How to login to an email Address using jmeter? - jmeter

I am testing some api for our product using jmeter. To test the api to verify the user's email address I need to login to the mail account. I have the email and password of a test user. How can I login using an api or any other way in jmeter?
Is it possible at all?

Yes that is possible. You'll have to create a test plan with multiple steps but these depend on the concrete implementation of the login.
First you must identify the following two locations:
The GET request that gets the initial login form (if this is required).
The POST request that posts the login credentials.
If your service has a stateless login form you can even skip the first step.
Otherwise the response of the GET request will contain stuff which needs to be extracted (e.g. the JSESSIONID if you are using JSF) and sent as a parameters in the POST request. You can use the Regular Expression Extractor of JMeter to extract these values and provide them as variables for use in the subsequent requests.
Here is an example screenshot of a HTTP Request element configured to POST login data to the url /common/j_security_check

You might also need to intercept an authentication token from the server response and then pass that into following requests.
Here is a blog entry with a couple of video tutorials on logins with JMeter:
http://community.blazemeter.com/knowledgebase/articles/80479-how-to-use-jmeter-for-login-authentication

You can use jmeter to login,
two ways:
parameterization using csv file(for more users)/user defined variables(UDV)
Login config elements(for single user)

Now that I understand you want to automatically click on a confirmation link from an email using JMeter, here is a blog entry that explains exactly how to do that:
http://blazemeter.com/blog/how-create-jmeter-script-check-email-during-registration-and-grab-confirmation-url
Ophir

Related

How to login to liferay website using JMeter

I am facing one problem that i am unable to login to the liferay website using JMeter.
The problem i know already but don't know how to hanmdle it.
I get to know that "p_auth" token is requried to access the sub pages, but here i am facing an issue in which i don't even able to acccess the login page itself if run the script second time.
My concerns:
how to check "p_auth" token parameter for login page (i.e without login)
Please help me to solve the problem.
Note: i tried to extract the "p_auth" token , but i am unable to see any "p_auth" token for login page itself(i.e without login.. just a login page(get api))
Your test plan need to look like:
Open Login Page - HTTP GET request
Extract p_auth dynamic parameter value using a suitable JMeter Post-Processor
Perform the login - HTTP POST request where you need to provide your credentials and the p_auth token value from the previous request
You won't be able to "see" the token in the page, it's hidden in the page source so you will need to use browser developer tools or JMeter's View Results Tree listener in order to "see" the token value.
Also don't forget to add HTTP Cookie Manager to your test plan as missing CSRF token is not the only thing which can stop you from logging in.

Jmeter Keycloak Authorization_code

Im currently trying to load test a website with keycloak authorization.
The problem is that i cant find the authorization code anywhere in the previous https requests, so i cant use the regular expression extractor to grab it and turn it to a dynamic variable. So how do i configure it to be dynamic?
the auhorization code as it was recorded with blazemeter
i already turned to session_code, tab_id and executive into dynamic variables, but it still returns "{"error":"invalid_grant","error_description":"Code not valid"}"
As per Authorization Code Flow:
Browser visits application. The application notices the user is not logged in, so it redirects the browser to Keycloak to be authenticated. The application passes along a callback URL (a redirect URL) as a query parameter in this browser redirect that Keycloak will use when it finishes authentication.
Keycloak authenticates the user and creates a one-time, very short lived, temporary code. Keycloak redirects back to the application using the callback URL provided earlier and additionally adds the temporary code as a query parameter in the callback URL.
The application extracts the temporary code and makes a background out of band REST invocation to Keycloak to exchange the code for an identity, access and refresh token. Once this temporary code has been used once to obtain the tokens, it can never be used again. This prevents potential replay attacks.
My expectation is that you don't see the code anywhere because the code has been passed from keycloak to the application via the redirect URL.
So instead of asking keycloak to send the redirect back to application with the temporary code you need to ask it to send the request to JMeter and catch it via i.e. HTTP Mirror Server, once the request reaches JMeter you should be able to get the temporary code using Regular Expression Extractor or Boundary Extractor from the Location header.

JMETER + POST + anti-forgery token

When I try to run performance testing on ASP.net web application, always i am getting either "The anti-forgery cookie token and form field token do not match."
or
"The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster."
Could you please help me how to resolve this. I have tried multiple methods like adding regular expression extractor to extract "__RequestVerificationToken", but nothing worked out.
Note: this is happening only when i run from Jmeter. if I browse application directly on web, i dont see any issue.
Thanks,
Pani
Looking into XSRF/CSRF Prevention in ASP.NET MVC and Web Pages it appears that you're either sending an incorrect __RequestVerificationToken parameter value or completely miss the step.
If the current HTTP request already contains an anti-XSRF session token (the anti-XSRF cookie __RequestVerificationToken), the security token is extracted from it. If the HTTP request does not contain an anti-XSRF session token or if extraction of the security token fails, a new random anti-XSRF token will be generated.
So your test should look like:
Open Login Page (HTTP Get Request)
Extract __RequestVerificationToken dynamic parameter value using suitable JMeter PostProcessor, I would recommend going for CSS Selector Extractor, the configuration would be something like:
Once done you can refer the extracted value as ${token} in the next request
Check out ASP.NET Login Testing with JMeter article for more detailed information and step-by-step instructions if needed

How to Configure Jmeter for after Login process in an Application?

How to Configure Jmeter for after Login process in an Application?
I am able to configure the login request for 100 users from the CSV file with the help of Jmeter's "CSV Data set Config", but after the successful login of all I want to know how to configure the jmeter to go to the "Offers" page of there(100 user) accounts.Means 1 User can login & View his/her "Offer" page.Please Help.
There are two ways to achieve this scenario:
add another HTTP sampler & fill the details like Server IP, Path of Offers URL (you will have already done the same for Login), HTTP Header data etc. and pass correlation parameters from the response of Login if required to view the offers specific to 1 user.
make sure you use right method (GET/POST) in HTTP Sampler.
record the whole scenario (ref: http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf).
You will still have to do the correlation of parameters (using regular expression extractor or Xpath extractor) wherever required. This entirely depends on the parameters required for the offer page HTTP request.
hope this will help.
You'll need a cookie manager to store the session and cookie for all logged in users.
http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager

JMeter login and authentication sampler

Could anyone please help to test the login / authentication with the following scenario?
User access the site "sitaA.com" home page. In that page, there is a button "login with oauth".
Upon clicking the "login with oauth" button, "siteA.com" redirects to "siteB.com" in which the user is able to key in username and passowrd and sign in. It authenticates (oauth) the user and returns back to "siteA.com".
siteA.com will send the client id and call back url when redirects to siteB.com.
How to achieve this using JMeter?
Thanks in advance
OAuth is a basically a way of getting a token. If you're load-testing OAuth-enabled application you need to do the following:
Request temporary access token
Authorize access token
Change temporary access token to something permanent
You can do steps above manually, capture permanent access token via sniffer and add it to your requests as a separate HTTP Request parameter. If you have limited number of user logins to reuse in test it may do the trick for you.
However if you need to test end-to-end flow which assumes obtaining token process via JMeter you need to consider OAuth Sampler Plugin
So basically you need to do one of the following:
Manual 3-stepped OAuth login and capture token process followed by adding token as a parameter of HTTP Requests for each virtual user
Automated OAuth login process by means of JMeter OAuth sampler
If you have limited number of logins/users option 1 may be better
P.S. There is also an option for advanced JMeter users and/or Java developers to add OAuth java client libraries to JMeter lib/ext folder and use Beanshell Samplers to authenticate with OAuth. It's also likely that you'll have to use Selenium with JMeterto navigate to OAuth callback page and confirm authorized login from there.

Resources