Postman data encryption and decryption to implement APP login interface simulation request

Mainly used Postman functions
Data encryption and decryption
Various parameter settings
The data actually sent:
Pro-request Script
Response processing script [Tests]
The result looks like

Mainly used Postman functions

Environment variables: Just create a new one, and all operations are handled in the code.
Log view: Menu location: View → show postman console, just display this window view
Script executed during request: Pre-request Script tag, using language javascript, usually as encryption.
Accepts the script to be executed when returning: Tests tab, as the processing of the return parameter, usually decryption.

Simple interface

Data encryption and decryption

The interface requires that the params data be encrypted and sent in JSON format.

Various parameter settings

Fill in the plain text parameters:

The parameters here are the basic data used by the script later, which can also be similar to the data that needs to be filled in the APP login interface.

Interface parameters

Fill in the request header parameters:

The request header data here are some established rule parameters agreed upon by the system interface.

Request header parameters

The data actually sent:

Yes, there is only one parameter. After the script processes and encrypts the parameter, it becomes a long string ╮(╯_╰)╭

body data.

Pro-request Script

To process the script, just look at the code.

Some commonly used encapsulation classes of scripts are encapsulated by postman, such as:

Environment variable: pm.environment
Data encryption toolkit: CryptoJS
Mathematical function toolkit: Math

[Next to the code writing box, there is a common operation code generation provided by Postman, which is very useful]

Specific code:

// Set environment variable parameters for other requests pm.environment.set("lkm-sys-id",pm.request.headers.get("lkm-sys-id"));
pm.environment.set("lkm-app-id",pm.request.headers.get("lkm-app-id"));
pm.environment.set("lkm-organ-id",pm.request.headers.get("lkm-organ-id"));
pm.environment.set("lkm-app-ver",pm.request.headers.get("lkm-app-ver"));

// JSON parameters for data signature const paramsString = request.url.split('?')[1]; 
const eachParamArray = paramsString.split('&'); 
let params = {}; 
eachParamArray.forEach((param) => { 
    const key = param.split('=')[0]; 
    const value = param.split('=')[1]; 
    Object.assign(params, {[key]: value}); 
}); 
console.log(params);

//Data processing var requestParams = params;
console.log(requestParams);

// Data signature processing defined by the interface var timestamp = Math.round(new Date());
pm.environment.set("timestamp",timestamp);
var shuijishu = "XO337hNxWyNsOlDw";
pm.environment.set("shuijishu",shuijishu);
// Data signature, agreed upon by the system interface var lkmSign = pm.request.headers.get("lkm-sys-id")
                + pm.request.headers.get("lkm-app-id")
                + "1122334455667788"
                + timestamp
                + shuijishu
                + ""
                ;
pm.environment.set("lkmSign",CryptoJS.MD5(lkmSign).toString().toUpperCase());
// ================== Data signature processing ends=====================================

// ===================== Encryption and decryption data============================================
/// aesdata processing var aesData = dealWithAesData(requestParams);
pm.environment.set("data", aesData); // This is the data needed to be sent in the screenshot above./// ↓↓↓↓↓↓↓↓↓↓↓↓↓ Commonly used AES encryption and decryption methods↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓ ///
// aesData data processing (content dictionary)
function dealWithAesData(content) {
    console.log('aesData plain text: ' + JSON.stringify(content));
    const key = CryptoJS.enc.Utf8.parse("****************");
    const iv = CryptoJS.enc.Utf8.parse("0000000000000000");
    const encrypted = CryptoJS.AES.encrypt(JSON.stringify(content), key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); //CBC
    return encrypted.toString();
}

Response processing script [Tests]

Response data, processing is decryption and display.
Note: Postman provides various assertion operations, which can display the test results well.

Specific code:

// Return data processing var jsonData = JSON.parse(responseBody);
var responseData = JSON.parse(decryptResponseData(jsonData.data)); // Data decryption let success = responseData['success'];
var responseResult = responseData["data"];

//Data token record, used by subsequent interfaces try {
    let token = responseResult["token"];
    pm.environment.set("token", "Bearer "+token);
    console.log("token: " + token);
} catch (err) {
    tests['Expect response data to be valid token'] = false;
    tests[`Response data: ${responseResult}`] = true;
    console.error(err);
}

//Data log printing console.log("jsonData: The following object is the response data")
console.log(jsonData);
console.log("responseData: The following object is the first layer of parsed data")
console.log(responseData);
console.log("responseResult: The following object is the second layer of parsed data")
console.log(responseResult);

// Environment variable settings, used by other interfaces after logging in.
console.log(responseResult.agentId);
pm.environment.set("agentId",responseResult.agentId);
pm.environment.set("agentCode",responseResult.agentCode);
pm.environment.set("agentName",responseResult.agentName);
// pm.environment.set("token",responseResult.token);

// Set assertion Postman provides a good general assertion generation, you can try tests["Business return code=200, success!"] = responseData.code === 200;

/// Decrypt the returned data function decryptResponseData(content) {
    const key = CryptoJS.enc.Utf8.parse("*****************");
    const iv = CryptoJS.enc.Utf8.parse("0000000000000000");
    const decrypt = CryptoJS.AES.decrypt(content, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 });
    const decryptedStr = decrypt.toString(CryptoJS.enc.Utf8);
    return decryptedStr.toString();
}

The result looks like

Final data

The request for simulating the encrypted interface is almost like this. As for other operations, you will have to learn them later. For more information about postman login APP interface requests, please pay attention to other related articles on 123WORDPRESS.COM!

You may also be interested in: