Thanks to a tweet from Stuart, a guru on performance testing, I checked out the blog by HP loadrunner that shows how to do authentication with client side javascript evalution. One key point in the blog is an interesting Loadrunner function called "web_js_run". This function can be used to evaluate a javascript code snippet. In this blog, we are going to show that our NetGend platform also supports javascript evaluation, only easier.
To paraphrase the test scenario (with a slight change) , a client needs to do the following 3 steps
- sends a request to an authentication server to get the challenge string, the server response is in the format of JSON
- Extracts the last element (the real challenge string) from the JSON string and concatenates it with a local passcode and do the encryption.
- sends the encrypted string to the server to get a token (assume authentication is successful).
/////file crypto.js
function encrypt(data) {
return data.toString().split("").reverse().join("");
}
//simplified encryption to illustrate the point of evaluating javascript on client side
// file calcPassword.js
function extractJson(stringData) {
var data = JSON.parse(stringData);
var index = data[data.length - 1];
return data[index];
}
function getPassword(stringData){
return encrypt(extractJson(value));
}
Here is the NetGend script. Note that we have two functions related to Javascript evaluation:
- evalJS(..) can evaluate a javascript, either from a file (specified by its file name) or just a string of javascript code snippet (default case).
- JE(..) will evaluate a javascript function, first parameter is the javascript function name.
function userInit() {
evalJS("crypto.js", "file");
evalJS("calcPassword.js", "file");
//now javascript engine will understand functions "encrypt" "extractJson"
}
function VUSER() {
action(http,"http://localhost:3000/challenge");
challenge = je(extractJson, http.replyBody);
localPasscode = "abc123"; //can also read from a csv file
password = je(encrypt, "${challenge}${localPasscode}");
password = toUrl(password); //encoding password to URL
action(http, "http://localhost:3000/token?password=${password}");
token = http.replyBody;
}
As a contrast, here is the original loadrunner script in the blog. Note that the script would have been much longer if it has to do the concatenation without javascript.
Action()
{
web_reg_save_param("challenge","LB=","RB=","Search=Body",LAST);
web_custom_request("challenge",
"URL=http://localhost:3000/challenge",
"Method=GET",
"RecContentType=application/json",
"Snapshot=t1.inf",
LAST);
web_js_run(
"Code=getPassword(LR.getParam('challenge'));",
"ResultParam=password",
SOURCES,
"File=crypto.js", ENDITEM,
"File=calcPassword.js", ENDITEM,
LAST);
web_js_run(
"Code='http:/'+'/localhost:3000/token?password=' + encodeURI(LR.getParam('password'));",
"ResultParam=uri",
LAST);
web_custom_request("get token",
"URL={uri}",
"Method=GET",
"RecContentType=application/json"
LAST);
return 0;
}
Being able to support javascript in performance testing is important, does your favorite test platform support it? Is it easy?
No comments:
Post a Comment