cannot read auth token from response header

Hello,

I am using Gatling for first time.

In my application, I have a login page protected with CSRF protection as shown below:

Login

For each display of this login the token will be different and it is generated dynamically.

To extract this token I tried following ways:

1. regex:

val scn = scenario("Login")
.exec(http("My website")
.get("/login")
.headers(headers_1)
.check(regex("""<meta content="(.*?)" name="csrf-token">""").saveAs("auth_token"))
.exec(http("Login")
.post("/login")
.headers(headers_5)
.param("csrf-token", "${auth_token}")
.param("username", "xxxx"))

2. header:

.check(header(“tokenName”).saveAs(“token”)

3. xpath:

.check(xpath(“//head//meta[@name=‘csrf-token’]”))

4. css:

.check(css(“head meta[name=“csrf-token”]”))

None of the above can find the token and it gives error as “19:36:23.567 [WARN ] c.e.e.g.h.a.GatlingAsyncHandlerActor - Request ‘My website’ failed : Check ‘exists’ failed, found None”

Am I missing something. Any thoughts?

Thanks,
Anjali

1. *regex: *

val scn = scenario("Login")

     .exec(http("My website")
          .get("/login")
          .headers(headers_1)
          .check(regex("""<meta content="(.*?)"
name="csrf-token">""").saveAs("auth_token"))
     .exec(http("Login")
          .post("/login")
          .headers(headers_5)
          .param("csrf-token", "${auth_token}")
          .param("username", "xxxx"))

This should work, at least it does on my machine with latest snapshot.
You'd better debug, there's a good chance the server doesn't send the page
you expect.

2.* header:*

Won't work, this is for HTTP headers, you want to search in the body!

3. *xpath:*

I doubt your page is valid XHTML.

4. *css:*

I don't think css selectors can select meta tags.

Hello,

Thanks for your reply.

I confirmed that my server returns me the page that I am expecting by applying some checks on page.

I see that check is failed only for tags and works fine for other tags.

I tried this on v1.5.4 and v2.0.0M3.

Thoughts?

Thanks,
Anjali

Are you sure it doesn’t get populated with Ajax?

I also found this problem in my env, the csrf tag is rendered by rails, but seems that any ‘meta’ tag can not be caught by gatling actually.

In fact I tried JMeter and it looks fine, but they(with Gatling) are quite similar to each other in this part, that really confuses me.

Thanks for your help.

Could I get an export of this page, please?

Also, could you try latest snapshot, please?
https://github.com/excilys/gatling/wiki/Continuous-Integration

Thanks for your help! I tried to print the export of the login page recieved by gatling, that line shows:

But what I got from browser(chrome) is Actually I also tried to use regex like this: """<meta content="(.*?)" name=""" Since there is already another line similar to this one, so may be it matches more than one results, but gatling reports 'non found' in this case, and that's what confused me a lot... Anyway it's resolved, Thanks for your help and I would like to find a better way to do debug, but before I think I have to learn scala firstly:p

Thanks a lot!

Gatling is not a browser, so it doesn't build the DOM nor execute
Javascript.
Gatling works on the HTTP protocol level, so what matters is what is on the
wire, not in the browser memory.

As a consequence, you mustn't use the "page source" when designing your
tests.
The page source is your DOM, so it's how your browser parsed and
interpreted the received HTML and how javascript modified the DOM.

You have to use tools such as Google Chrome Developer Tools or Firebox, and
use what you get from the Network panel. Or use the Gatling logs.

Here, your problem is that the page your server sends is not valid HTML, so
Chrome fixed it automatically.
In HTML, self-closing is only valid for tags that can have content.
<meta>foo</meta> is impossible, so neither are <meta></meta> and <meta />
(those are valid XHTML, but not HTML).

Cheers,

Stéphane

Thanks for your explain:p
I also found this problem because such csrf meta tag is built-in generated in rails like <%= csrf_meta_tags %> automatically, and other meta tags written manually never conclude ‘/’. Does it mean rails use wrong html syntax for tag generating?
That taught me a lot, thanks again:p

Have a look at the Content-Type HTTP header of the HTTP response that returns your page (from Dev Tool/Network).

If it says text/html, then you’re supposed to generate valid HTML, rails or your rails set up (I guess the rendering style can be configured somewhere) is wrong and your manual tags are right.

If it says application/xhtml+xml, then you’re supposed to generate valid XHTML and it’s the opposite.

Hi,
I am facing the same issue, is there any way to retrieve the token from DOM content?

Thanks,
Jothimani

Looks like some of us are in the same boat — trying to get over the initial hump.

I like am new to Gatling, but trying to use it for my Play/Scala/Java environment. It will really help to put an example in the documentation (or may be in Quick Start guide) section.