Background description
There is a project to use postman for interface testing. The required parameters for the interface are:
appid: application identification;
sign: Request signature, which needs to be calculated using HMACSHA1 encryption algorithm. The signature string is: {appid} url {url}url{stamp};
stamp: This is a timestamp;
option: business parameters;
The question is how to dynamically construct a sign based on parameters when Postman initiates a request?
CryptoJS in postman's script library supports encryption of various algorithms, including HMACSHA1, with signature algorithms.
The difficulty is to obtain the path parameter in the URL. When a request is initiated, a path value can be fixed. How to obtain the path value when the automated test needs to be executed?
Create a GET request
The basic usage of postman will not be introduced. First create a GET request with various dynamic parameters configured in the URL
{ {Variable name}}: postman's syntax for quoting environment variables;
{ {$guid}}: The environment variable predefined by postman is used to obtain a GUID value;
Build signatures in pre-request scripts
pre-request scripts is a javascript execution environment, which is executed before the request is sent; just use it as js, but some js libraries do not support it.
The next step is to dynamically obtain the signature
1. The fixed value configured in the appid environment variable;
2. Get stamp timestamp:
//获取unix时间
getUnixTime:function(){
return Math.round(new Date().getTime()/1000);
}
3. The url value can be obtained through request.url and then the path is parsed:
//获取url的path部分
getUrlRelativePath:function(url){
var arrUrl = url.split("//");
var start = arrUrl[1].indexOf("/");
var end=arrUrl[1].indexOf("?");
var relUrl = arrUrl[1].substring(start,end);//stop省略,截取从start开始到结尾的所有字符
console.log(relUrl);
return relUrl;
}
作者:A丶咔咔
链接:https://www.jianshu.com/p/ac04616b164f
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
4. Construct the signature string and encrypt it with the secret key.
The encryption algorithm library provided by postman may not be supported by all, sometimes it is necessary to exchange the signature to the background;
var host=pm.environment.get("host");
var text=encodeURIComponent(plain);
pm.sendRequest(host+"/FaceIn/ToHmacsha1?plain="+text+"&secret="+sercret, function (err, response) {
var json=response.json();
//签名含有+等特殊字符需要url编码
pm.environment.set("sign",encodeURIComponent(json.result));
});
作者:A丶咔咔
链接:https://www.jianshu.com/p/ac04616b164f
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
The signature string is preferably URL-encoded.
Remaining problem: When exchanging the signature to the background, the responsejson() string returned at first cannot be parsed!
5. Use eval to inject the defined variable postmanUtil into the global variable and then call
eval(environment.postmanUtil);
postmanUtil.setLsdzSign();
The results are shown in the figure:
code show as below:
var postmanUtil={
//获取unix时间
getUnixTime:function(){
return Math.round(new Date().getTime()/1000);
},
//获取url的path部分
getUrlRelativePath:function(url){
var arrUrl = url.split("//");
var start = arrUrl[1].indexOf("/");
var end=arrUrl[1].indexOf("?");
var relUrl = arrUrl[1].substring(start,end);//stop省略,截取从start开始到结尾的所有字符
console.log(relUrl);
return relUrl;
},
//签名
setLsdzSign:function(){
var appid=pm.environment.get("appid");
var sercret=pm.environment.get("appsercret");
//时间戳
var time=postmanUtil.getUnixTime();
pm.environment.set("stamp", time);
//地址 获取当前地址的path部分
var path= postmanUtil.getUrlRelativePath(request.url);
console.log(path);
var url=path;
var plain=appid+"$"+url.toLowerCase()+"$"+time;
var hmac = CryptoJS.HmacSHA1(plain, sercret).toString(CryptoJS.enc.Base64);
//获取签名,CryptoJS.HmacSHA1 无法满足签名算法只能从后台
var host=pm.environment.get("host");
var text=encodeURIComponent(plain);
pm.sendRequest(host+"/FaceIn/ToHmacsha1?plain="+text+"&secret="+sercret, function (err, response) {
var json=response.json();
//签名含有+等特殊字符需要url编码
pm.environment.set("sign",encodeURIComponent(json.result));
});
}
}
eval(environment.postmanUtil);
postmanUtil.setLsdzSign();
The script is written in environment variables
Write the above code in Pre-request Script, if a single interface is still possible, even if many interfaces only need to be copied.
In case the script needs to be modified, trouble will come. You need to go to the Pre-request Script window of each request to modify, how to solve it?
It can be solved. Just set postmanUtil in ENVIRONMENT. The method is as follows:
In fact, postmanUtil is put into the environment variable, and the others have not changed. As long as the value in the environment variable is maintained, it is OK, and there is no need to change one by one.
Looking at the pre-request script code again, it is much simpler:
Usage of postman console
I don’t know if I have successfully obtained the environment variable, or want to view the value of a variable. Postman also provides a convenient console view. Under the menu View, Show Postman Console can open the following console
The figure is the result of console.log(sercret) and sendRequest()
Collection Runner automated API testing
Create test cases for the interface
For the returned html result, as long as the test body contains a certain value, it will pass
For returning Json results, as long as the Code is 0, it is passed
There are commonly used script shortcuts on the right side of the window, which can be generated by selecting it, which is very convenient
Select and run automated interface tests
Click Runner in the upper left corner of the homepage to enter, select the interface built before, and select the environment, click the Run xxx interface to run the script test
Test Results
You can see that the result 2 interface successfully returns the predetermined result
Finally: The
above are some video resources I collected, which helped me a lot in this process. If you don't want to experience the feeling that you can't find the information during self-study, no one answers your questions, and insists on giving up after a few days, you can join our deduction group [313782132], which has various software testing resources and technical discussions.
Of course, there are interviews. Interviews are generally divided into technical and hr interviews. In terms of format, there are few group faces. A small number of companies may have an intersection, but in general, the technical aspect is basically an inspection of your professional and technical level. , then hr surface mainly to see the person's overall quality and family situation character does not meet company requirements, in general, technology, then as long as through the technical hr surface is basically no problem (there are a few companies hr face will brush a lot of people)
we Mainly speaking on the technical side, the technical side is mainly to examine the professional technical knowledge and level. The above are also selected interview questions I have compiled.
How does your testing team improve their testing skills?
We rely more on technical discussions and learning exchanges. In addition to our internal group, we will also have related technical exchange groups. We can learn with many colleagues and improve our skill tree. IT industry technology update iterations are already fast, so it is more necessary to maintain a learning mentality. You can follow me if you are interested. Free material links are issued from time to time, and there are technical exchanges with colleagues.
Come on, test man! If you need to improve your plan, do it. It's better to be on the road than to wait and see at the beginning. There must be a law, and then there will be success.
If the resources are good, give a recommendation~