Search code examples
opentest

How do I provide the correct headers for Basic Auth on a GET in OpenTest?

I'm attempting to make a GET call to a test management system that exposes an API. I want to provide Basic Auth in the header of the HTTPRequest provided as an action in OT like so.

includes: login.js
actors:
  - actor: WEB
    segments:
      - segment: 1
        actions:
          - script: var xUsername = $env("X_USERNAME");
          - script: var xPassword = $env("X_PASSWORD");
          - script: $log("This is the username " + xUsername);
          - script: $log("This is the password " + xPassword);

          - description: Sample Reading testid
            action: org.getopentest.actions.HttpRequest
            args:
              $checkpoint: true
              $localData:
                testRailCaseInfo: $output.body
              url: https://sub.domain.io/api/v2/get_results/1234
              headers:
                Content-Type: application/json
                Authorization: Basic xUsername xPassword
              verb: GET

Is this correct?

Solution

  • Here are two ways to do it (please note I didn't test this code). You can either build the Authorization header value using a JavaScript expression,

    - description: Read test ID
  action: org.getopentest.actions.HttpRequest
  args:
      url: https://sub.domain.io/api/v2/get_results/1234
      verb: GET
      headers:
        Content-Type: application/json
        Authorization: |
            $script
            "Basic " + $base64($env("X_USERNAME") + ":" + $env("X_PASSWORD"))

    or build the header value in a script action, ahead of time:

    - script: |
    // Build the authentication header
    var authHeader =
        "Basic " + $base64($env("X_USERNAME") + ":" + $env("X_PASSWORD"));

- description: Read test ID
  action: org.getopentest.actions.HttpRequest
  args:
      url: https://sub.domain.io/api/v2/get_results/1234
      verb: GET
      headers:
        Content-Type: application/json
        Authorization: $script authHeader

    I should probably explain what is the role or $script prefix in the two examples. When the value of an action argument starts with a dollar-prefixed symbol (like $json, $data, $format, etc.), the test actor understands that the expression is JavaScript code, evaluates the expression and uses the result as the value for the argument. When a JS expression doesn't start with a dollar-prefixed symbol (e.g. our expressions start with "Basic" and authHeader, respectively) we must prefix the expression with $script followed by one or more whitespace characters, to let the test actor know that the string that follows is JavaScript code and not just an ordinary string literal.

    As for the format of the basic authentication scheme, you can find more information here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization.