REST Assured 5.2.0 is released

43 views
Skip to first unread message

Johan Haleby

unread,
Sep 9, 2022, 12:58:44 PM9/9/22
to rest-a...@googlegroups.com
REST Assured 5.2.0 has just been released with much improved CSRF support. Changes are:

* Improved FilterContext used in Filters by adding the method FilterContext#hasValue(name, object). This makes it easier to check if a value exists _and_ is equal to the expect object.
* Introducing a much improved CSRF (cross-site request forgery) support. For example:
    given().
           csrf("/users").
           formParm("firstName", "John").
           formParm("lastName", "Doe").
    when().
           post("/users").
    then().
           statusCode(200);

    This will first make a GET request to /users (due to csrf("/users")) to get an HTML page that contains the CSRF token.
    Rest Assured will then automatically try to find the input field that contains the CSRF token and include in the POST to /users.

    Here's an example of what Rest Assured expects as a response for the GET request to /users:

    <html>
    <head>
      <title>Add User</title>
    </head>
    <body>
    <form action="/users" method="POST">
      <table>
          <tr>
              <td>First Name:</td>
              <td><input type="text" name="firstName"></td>
          </tr>
          <tr>
              <td>Last Name:</td>
              <td><input type="text" name="lastName"></td>
          </tr>
          <tr>
              <td colspan="2"><input name="submit" type="submit"/></td>
          </tr>
      </table>
      <input type="hidden" name="_csrf" value="8adf2ea1-b246-40aa-8e13-a85fb7914341"/>
    </form>
    </body>
    </html>
    The csrf input field name is called "_csrf", and it'll be automatically detected by REST Assured.
* Fixed so that form authentication takes CSRF into account. The previous form authentication CSRF implementation didn't really work (sorry!).
  Now you can combine csrf with form authentication and it actually works as expected! Note that for requests other than GET or HEAD,
  you need to specify _both_ form authentication _and_ csrf, e.g.

    given().
           csrf("/users").
           formParm("firstName", "John").
           formParm("lastName", "Doe").
           auth().form("j_spring_security_check", "j_username", "j_password").
    when().
           post("/users").
    then().
           statusCode(200);

   The reason for this is that the server returns a new CSRF token per request. So after the login request (with will use the CSRF token from the login page),
   REST Assured needs to make an additional GET request to /users to get a new CSRF token. This token will then finally be supplied with the "POST" request
   to "/users".
* Adds support for Multipart upload via http PATCH method (thanks to Madis Liias for pull request)
* Upgraded kotlin module to using Kotlin 1.7.10 (previously 1.6.21 was used)

Enjoy!


ilovepeace andplaying
unread,
Nov 6, 2022, 8:20:49 AM11/6/22
to REST assured
Hi Johan Haleby can you please add build instructions and how to setup the IDE to develop Rest-Assured?
Michael Pinnegar
unread,
Nov 6, 2022, 9:59:54 AM11/6/22
to rest-a...@googlegroups.com
Rest-assured is a project built using the maven build system. You should be able to fork rest-assured, open the project in an editor like Intellij community edition, and import the maven project itself. Once you've got the project open in an IDE working on the project should be straightforward. I find running Maven from the command line to be the simplest way to use it. Generally you'll want to do three activities. mvn install which will build the project and "install" it into your local maven cache, mvn test which will run the unit tests, and mvn verify which will run unit tests and integration tests. Once you've got the code working the way you want it to, then you'd open a pull request.

If you want to test your new shiny improved version of rest-assured locally you need a secondary project that uses the SNAPSHOT version you install locally with mvn install. So your secondary project would have a dependency that looks like this. Note this won't work until you build your local SNAPSHOT copy.
<dependency>
      <groupId>io.rest-assured</groupId>
      <artifactId>rest-assured</artifactId>
      <version>5.2.0-SNAPSHOT</version>
      <scope>test</scope>
</dependency>
That should be enough to get you started. Good luck!



-- 

You received this message because you are subscribed to the Google Groups "REST assured" group.

To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/rest-assured/63d2eabe-6a83-458e-b663-a7563adba33bn%40googlegroups.com.




Reply all
Reply to author
Forward
0 new messages