Support inclusion of user/password in request without using --user

[humphd]

It's possible this can already be done, and I'm missing it; but I want to be able to specify basic HTTP auth with user and password in a test, but not set it globally for all tests. That is, in some tests I want to use userA and in others, userB.

[fabricereix]

There isn't something specific for the basic auth for one test.
It has to be encoded explictly in a header.

For example, for the user bob with password 'secret'

$ echo -n 'bob:secret' | base64
Ym9iOnNlY3JldA==

The Hurl file is defined as follows:

GET http://example.com/protected
Authorization: Basic Ym9iOnNlY3JldA==

[jcamiel]

@fabricereix It's true that there is no facility appart HTTP headers within Hurl format, maybe we can add an Authorization request section:

# Public path:
GET https://example.org/welcome
HTTP/1.1 200

# Login paths with user A
# user is aladdin, password is opensesame, header can be computed with
# echo 'aladdin:opensesame' | base64

GET https://example.org/home
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
HTTP/1.1 200

GET https://example.org/account
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
HTTP/1.1 200

# Using another account, we just
# change Authorization header
# computed with login userb and password 1234

GET https://example.org/home
Authorization: Basic dXNlcmI6MTIzNA==
HTTP/1.1 200

GET https://example.org/account
Authorization: Basic dXNlcmI6MTIzNA==
HTTP/1.1 200

We could add something like:

# Public path:
GET https://example.org/welcome
HTTP/1.1 200

# Login paths with user A
GET https://example.org/home
[Authorization]
basic: aladdin:sesame
HTTP/1.1 200

GET https://example.org/account
[Authorization]
basic: aladdin:sesame
HTTP/1.1 200

# Using another account

GET https://example.org/home
[Authorization]
basic: bob:secret
HTTP/1.1 200

GET https://example.org/account
[Authorization]
basic: bob:secret
HTTP/1.1 200

This way, we could also support more authentification methods.

In anyway, we should update the docs with basic authentification sample,

[fabricereix]

For sure, BasicAuth makes a good sample for the doc.

The section could also be specific for BasicAuth

GET https://example.org/account
[BasicAuth]
bob:secret
HTTP/1.1 200

or maybe, within the templating

GET https://example.org/account
Authorization: Basic {{'bob:secret' | base64}}
HTTP/1.1 200

[lepapareil]

[BasicAuth]
bob:secret

👍

[humphd]

Adding a [BasicAuth] section with bob:secret, where you can easily include the username and password without encoding (i.e., greater clarity in test cases), would be perfect. +1

[jcamiel]

Updated README.md and hurl.dev documentation with basic authentification sample.

[humphd]

Thanks for the details and doc update with example. It allowed me to do what I needed.

[fabricereix]

We forgot that we can also use the user:password in the url.

There willl be therefore 3 possible ways to add basicAuth at the request level

GET http://bob:secret@example.com/protected
HTTP/1.0 200

GET http://example.com/protected
Authorization: Basic Ym9iOnNlY3JldA==
HTTP/1.0 200

GET http://example.com/protected
[BasicAuth]
bob:secret
HTTP/1.0 200