search

ptejada / artillery-engine-socketio-v3

Socket.IO v3 engine for Artillery
Mozilla Public License 2.0
22 stars 15 forks source link

The secret-token cannot be dynamic #10

Closed jeffwillden closed 1 year ago

jeffwillden commented 1 year ago 
config:
  payload:
    path: "credentials.csv"
    fields:
      - "secretToken"
  engines:
    socketio-v3:
      parser: msgpack
      query:
        token: {{ secretToken }}

This plugin does not support getting a secretToken from context.vars or from a credentials.csv file. It only supports a single hard-coded token for one user. If an app follows best practices and requires a token up front in order to establish the connection, then this plugin only supports a single user. You can have many different instances of that user, but they all must be the same user. For apps where this is considered a security violation, (one connection per user) then this design flaw is a showstopper. Anybody know a way around this limitation?

I tried using the reconnect:true option, but it still has to reconnect using the hard-coded secretToken instead of a dynamic value as implied in the (non-functional) code above.

ptejada commented 1 year ago

You are correct in that variables you defined in the config.* and config section cannot be used in the same config section. This is documented here https://www.artillery.io/docs/guides/guides/test-script-reference#variables---inline-variables image

There is a discussion in PR https://github.com/ptejada/artillery-engine-socketio-v3/pull/11 on how to support this type of workflow that requires a dynamic connection config.