-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauthentication-patterns.hit
More file actions
115 lines (99 loc) · 2.91 KB
/
authentication-patterns.hit
File metadata and controls
115 lines (99 loc) · 2.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# Authentication Patterns Example
# Demonstrates various authentication methods supported by Hitman CLI
#
# This example shows:
# - Basic Authentication
# - Bearer Token Authentication
# - API Key Authentication (header-based)
# - Custom Authentication Headers
# - JWT Token patterns
#
# Usage:
# hitman examples/authentication-patterns.hit
# ===== CONFIGURATION =====
DEFINE baseUrl="https://httpbin.org"
DEFINE apiKey="your-api-key-here"
DEFINE bearerToken="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.example"
DEFINE basicAuthCredentials="dXNlcjpwYXNzd2Q="
# ===== BASIC AUTHENTICATION =====
# Basic Auth with encoded credentials
GET {{baseUrl}}/basic-auth/user/passwd
WITH HEADER {
"Authorization": "Basic {{basicAuthCredentials}}"
}
AS basicAuthTest
# ===== BEARER TOKEN AUTHENTICATION =====
# Bearer token authentication
GET {{baseUrl}}/bearer
WITH HEADER {
"Authorization": "Bearer {{bearerToken}}"
}
AS bearerTokenTest
# ===== API KEY AUTHENTICATION =====
# API Key in header
GET {{baseUrl}}/headers
WITH HEADER {
"X-API-Key": "{{apiKey}}"
}
AS apiKeyHeaderTest
# API Key in query parameter
GET {{baseUrl}}/get
WITH QUERY {
"api_key": "{{apiKey}}"
}
AS apiKeyQueryTest
# ===== CUSTOM AUTHENTICATION HEADERS =====
# Custom authentication header
GET {{baseUrl}}/headers
WITH HEADER {
"X-Auth-Token": "{{bearerToken}}",
"X-Client-ID": "hitman-cli"
}
AS customAuthTest
# Multiple authentication headers
GET {{baseUrl}}/headers
WITH HEADER {
"Authorization": "Bearer {{bearerToken}}",
"X-API-Key": "{{apiKey}}",
"X-Request-ID": "auth-test-001"
}
AS multiAuthTest
# ===== AUTHENTICATION WITH POST REQUESTS =====
# Login simulation with credentials
POST {{baseUrl}}/post
WITH HEADER {
"Content-Type": "application/json"
}
WITH DATA {
"username": "testuser",
"password": "testpass",
"grant_type": "password"
}
AS loginSimulation
# Authenticated POST request
POST {{baseUrl}}/post
WITH HEADER {
"Authorization": "Bearer {{bearerToken}}",
"Content-Type": "application/json"
}
WITH DATA {
"action": "create_resource",
"data": {
"name": "Test Resource",
"type": "example"
}
}
AS authenticatedPost
# ===== ASSERTIONS =====
ASSERT basicAuthTest.status == 200
ASSERT bearerTokenTest.status == 200
ASSERT apiKeyHeaderTest.status == 200
ASSERT apiKeyQueryTest.status == 200
ASSERT customAuthTest.status == 200
ASSERT multiAuthTest.status == 200
ASSERT loginSimulation.status == 200
ASSERT authenticatedPost.status == 200
# Verify authentication headers are echoed back
ASSERT apiKeyHeaderTest.json.headers.X-API-Key == "your-api-key-here"
ASSERT customAuthTest.json.headers.X-Auth-Token CONTAINS "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
ASSERT multiAuthTest.json.headers.Authorization CONTAINS "Bearer"