JMeter authenticity token with Rails App

5
votes

I am trying to do a JMeter post operation to a simle rails app but I am getting the following back:

Started POST "/flights/" for 127.0.0.1 at 2015-05-04 12:40:15 -0700 Processing by FlightsController#create as HTML Parameters: {"authenticity_token"=>"$(LOGIN_AUTH_TOKEN)"} Can't verify CSRF token authenticity Completed 422 Unprocessable Entity in 3ms (ActiveRecord: 0.0ms)

I have implemented the suggestion about creating a regular expression extractor for the authenticity login as shown here:

Regular Expression Extractor

and here is the http request:

http post request

Any help appreciated and thanks in advance, Slavko

3
ruby-on-railsjmeter
Why was this question downvoted??dbeachy1

3 Answers

1
votes
  • Move the Regular Expression Extractor as the child element of the first HTTP Request.
  • Regular expression could be name=authenticity_token type=hidden value=(.*?)"
  • In the next request, access authenticity_token by using ${LOGIN_AUTH_TOKEN} (Not by $(LOGIN_AUTH_TOKEN))
0
votes

I think Vinoth was right, but it looks like only the request headers were being checked. The form field is in the body, so the Regex Processor should look there.

0
votes

I was able to resolve this issue by inspecting the source of my rendered pages and modifying my regular expression accordingly.

I searched the source for "authenticity" and here's what it yielded:

<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="O4YJPTDTmHqxAtgVYLTyDnuo1gwNoDQFznnqwsUyvdMkJscVXx+YMteKkuMVG44E/H6NYCdi/RzbQ8oIly2euA==" />

I changed my regular expression inside jMeter's Regular Expression Extractor to: meta name="csrf-token" content="(.*?)" />

I then ran my jMeter test and it logged into my development application successfully.

I'm on Rails 4.2.1 and Ruby 2.2.1p85.