Background description
There is a project that uses postman for interface testing. The parameters required for the interface are:
- appid: application identification;
- sign: Request a signature, which needs to be calculated using the H MACSHA1 encryption algorithm. The signature string is: {appid}${url}${stamp};
- stamp: This is the timestamp;
- option: business parameters;
The question is how to dynamically construct a signature (sign) based on parameters when Postman initiates a request?
CryptoJS in postman's script library supports encryption with various algorithms, including HMACSHA1, and signature algorithms.
The difficulty is to obtain the path parameter in the URL. When a request is initiated, a path value can be fixed. When automated testing needs to be executed, the path value is obtained. How to obtain it?
Create a GET request
I won’t introduce the basic usage of postman. First, create a GET request. Various dynamic parameters are configured in the URL.
{ {Variable name}}: Postman’s syntax for referencing environment variables;
{ {$guid}}: The environment variable predefined by postman is used to obtain a GUID value;
Build signatures in pre-request scripts
Pre-request scripts is a JavaScript execution environment, which is executed before the request is sent; just use it as js, but some js libraries do not support it.
The next step is to obtain the signature dynamically
1. The fixed value configured in the appid environment variable;
2. Obtain stamp timestamp:
//获取unix时间
getUnixTime:function(){
return Math.round(new Date().getTime()/1000);
}
3. The url value can be request.url
obtained and then parsed out of the path:
//获取url的path部分
getUrlRelativePath:function(url){
var arrUrl = url.split("//");
var start = arrUrl[1].indexOf("/");
var end=arrUrl[1].indexOf("?");
var relUrl = arrUrl[1].substring(start,end);//stop省略,截取从start开始到结尾的所有字符
console.log(relUrl);
return relUrl;
}
4. Construct a signature string and encrypt it using the secret key.
Not all encryption algorithm libraries provided by postman are supported, and sometimes it is necessary to exchange signatures from the background;
var host=pm.environment.get("host");
var text=encodeURIComponent(plain);
pm.sendRequest(host+"/FaceIn/ToHmacsha1?plain="+text+"&secret="+sercret, function (err, response) {
var json=response.json();
//签名含有+等特殊字符需要url编码
pm.environment.set("sign",encodeURIComponent(json.result));
});
The signature string is preferably URL encoded.
Remaining problem: When exchanging signatures with the background, the returned string responsejson() cannot be parsed at first!
5. Use eval to inject the defined variable postmanUtil into the global variable and then call
eval(environment.postmanUtil);
postmanUtil.setLsdzSign();
The result is as shown below:
code show as below:
var postmanUtil={
//获取unix时间
getUnixTime:function(){
return Math.round(new Date().getTime()/1000);
},
//获取url的path部分
getUrlRelativePath:function(url){
var arrUrl = url.split("//");
var start = arrUrl[1].indexOf("/");
var end=arrUrl[1].indexOf("?");
var relUrl = arrUrl[1].substring(start,end);//stop省略,截取从start开始到结尾的所有字符
console.log(relUrl);
return relUrl;
},
//签名
setLsdzSign:function(){
var appid=pm.environment.get("appid");
var sercret=pm.environment.get("appsercret");
//时间戳
var time=postmanUtil.getUnixTime();
pm.environment.set("stamp", time);
//地址 获取当前地址的path部分
var path= postmanUtil.getUrlRelativePath(request.url);
console.log(path);
var url=path;
var plain=appid+"$"+url.toLowerCase()+"$"+time;
var hmac = CryptoJS.HmacSHA1(plain, sercret).toString(CryptoJS.enc.Base64);
//获取签名,CryptoJS.HmacSHA1 无法满足签名算法只能从后台
var host=pm.environment.get("host");
var text=encodeURIComponent(plain);
pm.sendRequest(host+"/FaceIn/ToHmacsha1?plain="+text+"&secret="+sercret, function (err, response) {
var json=response.json();
//签名含有+等特殊字符需要url编码
pm.environment.set("sign",encodeURIComponent(json.result));
});
}
}
eval(environment.postmanUtil);
postmanUtil.setLsdzSign();
The script is written in environment variables
Write the above code in Pre-request Script. If it is a single interface, it is still possible. Even if there are many interfaces, you only need to copy one copy.
Trouble will arise if the script needs to be modified. You need to go to the Pre-request Script window of each request to modify it. How to solve it?
It can be solved by setting postmanUtil in ENVIRONMENT. The method is as follows:
In fact, it is just to postmanUtil
put it into the environment variable, and nothing else has changed. As long as the value in the environment variable is maintained, it will be OK. There is no need to change it one by one.
Looking at pre-request script
the code again, this is much simpler:
Usage of postman console
If you don’t know whether you have successfully obtained the environment variables, or if you want to check the value of a certain variable, postman also provides a very convenient console for viewing. You can open the following console View
under the menu:Show Postman Console
The figure shows the result of the console.log(sercret)
sum sendRequest()
Collection Runner automated API testing
Create test cases for the interface
For results that return HTML, as long as the test body contains a certain value, it will pass.
For returning Json results, as long as the Code is 0, it is passed.
There are commonly used script shortcut operations on the right side of the window. You can generate them by selecting them, which is very convenient.
Select and run automated interface tests
Click on the upper left corner of the home page Runner
to enter, select the previously built interface, select the environment, and click on Run xxx
the interface to run the script test
Test Results
You can see that both the result 2 interfaces successfully returned the scheduled results.
Thank you to everyone who reads my article carefully. There is always a courtesy. Although it is not a very valuable thing, if you can use it, you can take it directly:
These materials should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey. I hope it can also help you! Anyone in need Partners can click on the small card below to receive it