Login/Register
How to depict sessions in api blueprint format?
Asked Answered
sails.jsapiblueprintapiary.ioapiarydredd
L

2

6

I am currently trying to depict a existing API with apiary.io. The system implements authentication via a login request that returns a http-cookie containing a session-id.

As far as I know it is standard that a browser sends all http-cookies he previously received from a host back to him when making another request.

It seems, this isn’t done by Dredd when running a test generated by my blueprint file. And because of this any requests that needs the user to be logged in do not work correctly for the test.

Is there a possibility to mark a request as “needs to be before running this request” respectively to force Dredd to manage these http-cookies?

BTW, the REST service is implemented in Sails.js, a mvc-framework for node.js.

Lesslie answered 6/5, 2014 at 21:12 Comment(0)
A
1

This is old but I just ran into the same issue and the dredd docs are quite out of date (isn't that ironical?!), so since I figured it out this may help someone :)

You can read and overwrite response and request body and headers using hooks (this is the most up to date page I found on the topic but still has issues and typos). One caveat is that dredd doesn't seem to have helpers for cookies so you have to parse and build cookie headers yourself.

In my case the sessionId comes back in the json body as well as as a cookie: I parsed the body since that's easier but you could very well retrieve the session from the response cookie if needed. Here is roughly the hooks I wrote to make auth work:

hooks = require('hooks');
stash = {}

// hook to retrieve session on a login
hooks.after('Auth > /remoteauth/userpass > POST', function(transaction){
  stash['token'] = JSON.parse(transaction.real.body)['sessionId'];
});

// hook to set the session cookie in all following requests
hooks.beforeEach(function(transaction){
  if(stash['token'] != undefined){
    transaction.request['headers']['Cookie'] = "id=" + stash['token']
  };
});

The docs explain how to set up the hooks, although one thing that tripped me is that the dredd --names command doesn't work if you have a dredd.yml file in the same directory (seems like the presence of the file makes dredd ignore all command line arguments).

Affix answered 9/5, 2015 at 1:46 Comment(0)
S
0

The Dredd is meant to be run and against a test environment setup e.g. in a CI tool with test fixtures. It shouldn't be run in a production environment.

With that being said it might be occasionally needed to do perform a setup or teardown actions while testing an endpoint. It is planned to eventually offer test scenarios.

Should you need the setup / teardown functionality you can use the Dredd "hooks" as discussed here.

Swarts answered 12/5, 2014 at 20:38 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.