Hello!
I am trying to record on Katalon registering for an account using MFA. I followed the youtube video (Automating Multi-factor auth (MFA) based application with Katalon Studio - YouTube) linked to record logging into an account using MFA and got it to work great! However, now that I want to record registering an account with MFA, the secret key that is in the readMFA.groovy keyword will be different everytime a new account is created. Is there a way to make the secret key in the groovy file variable, and that is it taken from the register page and put into the file.
Thanks!
Hi @swinston ,
I might have mistake in understanding your question but you can clarify it later. Based on my understanding, when you follow the tutorial video you found, I see these lines of code:
def GetMFAToken(){
Totp totp = new Totp("your_secret_key")
return totp.now()
}
If you mean the your_secret_key
always change when new account is created, you can try:
public class readMFA {
private final String secret_key = "your_secret_key"
def GetMFAToken(){
Totp totp = new Totp(secret_key)
return totp.now()
}
}
If you mean the token generated differently, it dues to return totp.now()
.
Thank you!
Hi Elly,
Thank you so much.
What i mean is , instead of wanting to automate logging into an account associated with a specific Secrey Key, I want to automate registering for an account.
In the registration process I have recorded creating a username, password, etc and then hitting register. Once I do that, a QR code pops up to set up an OTP as well as a button that says “Can’t Scan?” which leads to the secret key. What i would like to automatically do it copy/paste the Secret Key and paste that into the “your_secret_key” section of the code. Then, when I log back into that account the secret key is already there.
Obviously, the key will be different every time a new account is registered, which is why i need to pull it individually for each account.
Does that clarify anything? Happy to explain more… hoping there is a solution for this.
Thank you!
@Elly_Tran do you have any idea how to do this! I am struggling with it
Oh hi,
Now I get your point. There is one thing we should clarify that CAPTCHA (or OTP /. 2-step verification) is a security solution that helps prevent hack, spam and brute force attacks, it should not be by-passed by the automation tools, some of the workarounds:
- Solution 1: Request the developer to make the “always true CAPTCHA/OTP” like “123456" and apply it to the test environments. It works in the Jenkins environment.
- Solution 2: Request the developer to show CAPTCHA/OTP on the UI screen, so you can get text value and input to the field, apply it to the test environments, and this solution work on Jenkins as well.
- Solution 3: Whitelist company test IP. Add your company or test machine’s IP to the trusted list and allow these IPs to access the feature without CAPTCHA/OTP required.
- Solution 4: Turn off the CAPTCHA/OTP on the test environment if you have alpha, staging, and production separately. Ignore or manually test the OTP feature(s)
I will recommend you consider solution 3 and 4. Thank you!