I have a test in JMETER which has to go through duo 2fa authentication. However the account i'm using is set up to bypass the 2fa, so if I use to log in it just moves me right on through to the app.
我在JMETER中有一个测试,它必须通过duo2fa身份验证。然而,我使用的帐户被设置为绕过2fa,所以如果我使用它登录,它只会让我直接进入应用程序。
But when i'm running my tests in JMETER all the calls to my app after that step fail and show 304: forbidden. Of course i'm using the HTTP Cookie Manager and HTTP Cache Manager. I even pulled the cookies with the regular expression extractor and passed them myself and every single cookie I can see in devtools when I login through a browser is being properly passed- yet i'm still getting 304's.
但当我在JMETER中运行测试时,在该步骤之后对我的应用程序的所有调用都会失败,并显示304:禁止。当然,我使用的是HTTP Cookie管理器和HTTP缓存管理器。我甚至用正则表达式提取器提取了cookie,并亲自传递,当我通过浏览器登录时,我在devtools中看到的每一个cookie都被正确传递了——但我仍然得到了304。
I can also tell that duo is showing the login as accepted. So I feel like i'm not passing something between duo and the app. But if that's the case it doesn't seem to show up anywhere I can see.
我还可以看出,二人组显示登录为已接受。所以我觉得我没有在二人组和应用程序之间传递什么。但如果是这样的话,它似乎不会出现在我能看到的任何地方。
I'm usually doing UI testing so i'm pretty new to JMETER and don't know a ton about how 2FA works behind the scenes. Is there some call i'm missing?
我通常在做UI测试,所以我对JMETER还很陌生,对2FA在幕后的工作方式一无所知。有没有我不见的电话?
I know this is a bit in the show in the dark, but i'm getting desperate. I just don't see anything missing. The log in is good. Duo accepts it. What could I possibly be missing?
我知道这是一个有点黑暗的节目,但我越来越绝望。我只是没看到什么遗漏。登录良好。Duo接受了。我可能错过了什么?
My only guess is I found this request in the network tab:
我唯一的猜测是我在“网络”选项卡中找到了此请求:
I do not see any requests for this information in the dashboard call, but I thought maybe the tx parameter needed to be passed down? Truly a guess on my part though.
我在仪表板调用中没有看到任何对此信息的请求,但我认为可能需要传递tx参数?不过这确实是我的猜测。
I'm flailing here.
我在这里挣扎。
更多回答
优秀答案推荐
Most probably your login fails due to missing or improperly working correlation.
很可能您的登录失败是由于缺少关联或关联工作不正常。
Record the login twice using HTTP(S) Test Script Recorder or JMeter Chrome Extension and compare resulting test scripts. All the values which differ are a subject to correlation: you need to
使用HTTP(S)测试脚本记录器或JMeter Chrome扩展记录登录两次,并比较结果测试脚本。所有不同的值都存在相关性:您需要
- extract the dynamic value from the previous response using a suitable JMeter PostProcessor and save it into a JMeter Variable
- replace recorded hard-coded value with the JMeter Variable from the previous step
Most probably you need to handle this _xsrf
guy:
很可能你需要处理这个_xsrf家伙:
See What is CSRF & How to Load Test CSRF-Protected Websites for example challenge and solution.
请参阅什么是CSRF如何加载测试受CSRF保护的网站,例如挑战和解决方案。
更多回答
我是一名优秀的程序员,十分优秀!