Pre-req script to set 'csrf-token' var for POST req in Flask

🌱 Just Getting Started
,
1

Hello. I’ve found related answers to this in my search, but this isn’t quite working. I’m trying to use Postman to 1) register test users in my Flask site, 2) test duplicate registration. The Flask app presents the csrf-token in a hidden field in the html. In order to test user registration, I think I need to create a Postman pre-request script to grab that csrf-token and set it in a variable which the registration test will use. Here’s what I have:

In this first screenshot you see the setup of the form-data being sent to register a user. Is this the correct way to set the csrf-token as a variable. Below in the screenshot I’m showing the html output generated by the GET pre-req script, noting the csrf-token in the hidden field.

ss-postman1
ss-postman12256×1044 212 KB

In this second screenshot I show the pre-req script and the request body that the POST is sending. You can see the csrf-token is blank.

ss-postman2
ss-postman22352×1410 360 KB

Last, here is a demonstration of running a proof of concept via node. This code should work in Postman, but I’m missing something…

(.venv) 09/05 14:21[wintermute  on alt_config]
$ cat scrape.js
const request = require('request');
const cheerio = require('cheerio');
request('http://localhost:8003/register', (error, response, html) => {
  if(!error && response.statusCode == 200) {
      const $ = cheerio.load(html);
      const contentSection = $('.content-section');
      //console.log(contentSection);
      //console.log(contentSection.html());
      console.log(contentSection.find('[name="csrf_token"]').attr('value'));
  }
});
(.venv) 09/05 14:21[wintermute  on alt_config]
$ node scrape.js
ImUwNTFjNDBkMmRkMjRmYmViZmQzMzIxMTAwYzgxNzNjZmY0ZGVmYzgi.ZPeb5g.Q3ooiVHWNPBmIpdI3WwbUNpuEMU

Where am I going wrong? How do I get this csrf-token variable set in the pre-req so that the POST req can use it?

Thanks!

2

Hey @kallenatgmail :wave:

Welcome to the Postman Community! :postman:

In your pm.sendRequest you using an arg called html and then using that in the cheerio.load().

If you’re using pm.sendRequest and are looking to use the response from that call, I would try and use cheerio.load(response.text()) to see if that give you what you need to extract the token.

Related post:

3

Thanks for the tip. However, it didn’t work for me. I now have this script:

pm.sendRequest({
    url: "localhost:8003/register",
    method: "GET"
}, function(error, response){
      //console.log(response.text())
      const $ = cheerio.load(response.text());
      const contentSection = $('content-section');
      console.log(contentSection);
      let csrfToken = $(contentSection.find('[name="csrf_token"]').attr('value'));
      pm.globals.set("csrfToken", csrfToken);
      console.log(csrfToken);
});

The client sent something in request body, but it’s wrong:

Screenshot 2023-09-08 at 11.16.09 PM
Screenshot 2023-09-08 at 11.16.09 PM1040×698 47.5 KB

Here’s what console.log of csrfToken looks like:

Screenshot 2023-09-08 at 11.14.55 PM
Screenshot 2023-09-08 at 11.14.55 PM912×694 45.1 KB

4

What does the response body of the request, send via the pre-request look like? You should be able to get that from the console output.

Ensure that /register call in the async sendRequest is returning the correct information before trying the parse the HTML with cheerio.

5

The response body looks as I expect. This is a portion of it:

Screenshot 2023-09-09 at 4.24.09 PM
Screenshot 2023-09-09 at 4.24.09 PM2116×1258 209 KB

FWIW, the proof of concept I show in my original post, using node, worked wherein I loaded cheerio with the html and I was able to ‘find’ the token in the ‘contentSection’. I know that node and pm aren’t the same, but I’m puzzled.

6

Hey @kallenatgmail

I used a Mock Server and a slimmed down version of your response body.

My script is not using the .find and is picking up that token value from an async call.

    const $ = cheerio.load(response.text());

    let csrfToken = $('[name=csrf_token]').attr('value');

    console.log(csrfToken);

image
image2360×2274 492 KB

7

That worked! thank you!! I wonder why the different attempts failed. Some other time.

Screenshot 2023-09-11 at 11.55.17 PM
Screenshot 2023-09-11 at 11.55.17 PM1784×1130 229 KB

8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.