JMeter Authentication Toner with Rails Application
I am trying to perform a JMeter post operation in a simle rails application, but I am returning this:
Started POST "/ flights /" for 127.0.0.1 at 2015-05-04 12:40:15 -0700 Processing by FlightController # create as HTML Parameters: {"authenticity_token" => "$ (LOGIN_AUTH_TOKEN)"} Unable to validate CSRF -token Completed 422 Non-process entity in 3ms (ActiveRecord: 0.0ms)
I have implemented a suggestion to create a regex extractor for login authentication as shown below:
and here is the http request:
Any help is appreciated and thanks in advance, Slavko
- Move
Regular Expression Extractor
as a child of the first HTTP request. - The regex can be
name=authenticity_token type=hidden value=(.*?)"
- In the next request, login authenticity_token with
${LOGIN_AUTH_TOKEN}
(not via $ (LOGIN_AUTH_TOKEN))
I think Vinot was right, but it looks like only the request headers were checked. The form field is in the body, so the Regex processor should look there.
I was able to solve this problem by checking the source of my pages and changing my regex accordingly.
I was looking for a source for "authenticity" and this is what it gave:
<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="O4YJPTDTmHqxAtgVYLTyDnuo1gwNoDQFznnqwsUyvdMkJscVXx+YMteKkuMVG44E/H6NYCdi/RzbQ8oIly2euA==" />
I changed my regex inside jMeter Regular Expression Extractor to: meta name="csrf-token" content="(.*?)" />
Then I ran my jMeter test and logged into my development app successfully.
I am on Rails 4.2.1 and Ruby 2.2.1p85.