Postman pre-request script executing AFTER the request

Question

I Have an Authenticate post call to the server that looks like this :

http://localhost/ServiceName/AuthenticateUser

with a body sent like this:

{
    "userCredentials":"{{securityToken}}"
}

I always have to execute this Authenticate call twice in Postman to get my global var 'securityToken' populated properly and used thereafter for the next calls to Authenticate, so it seems the pre-request script is actually running AFTER the script, or is it that Global vars set in pre-request scripts are not readily available to the current request?

The first time I run this the server returns a login error and the next time it logs in fine.

What am I doing wrong?

Here's the pre-request sript:

// Import the CryptoJS library with jQuery
$.when(
    $.getScript( "http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/md5.js" ),
    $.getScript( "http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js" ),

    $.Deferred(function( deferred ){
        $( deferred.resolve );
    })
).done(function(){

    //The scripts are all loaded
    var api = {

        connection: {

            aesIV: 'blabla',
            aesKey: 'secretNoTellingYou'
        }
    }

    var aesIV = CryptoJS.enc.Hex.parse(api.connection.aesIV);
    var aesKey = CryptoJS.enc.Utf8.parse(api.connection.aesKey);

    if (!CryptoJS || !CryptoJS.AES || !CryptoJS.MD5) {
        alert('CryptoJS AES and MD5 Library Must Be Loaded');
    }

    var encrypt = function (text) {
        var encrypted = CryptoJS.AES.encrypt(text, aesKey, { iv: aesIV });
        return encrypted;
    };

    var encryptedUserCode = encrypt(globals["userCode"]).toString();
    var md5Password = CryptoJS.MD5(globals["password"]).toString().toUpperCase();
    var encryptedPassword = encrypt(md5Password.toString());
    var token = SomeFunctionToCreateToken(encryptedUserCode , encryptedPassword);

    postman.setGlobalVariable('securityToken', token);    

});

Answer 1

Actually for me the problem disappeared once I replaced the script imports with the now integrated libraries:

//The scripts are all loaded
    var api = {

        connection: {

            aesIV: 'blabla',
            aesKey: 'secretNoTellingYou'
        }
    }

    var aesIV = CryptoJS.enc.Hex.parse(api.connection.aesIV);
    var aesKey = CryptoJS.enc.Utf8.parse(api.connection.aesKey);

    if (!CryptoJS || !CryptoJS.AES || !CryptoJS.MD5) {
        alert('CryptoJS AES and MD5 Library Must Be Loaded');
    }

    var encrypt = function (text) {
        var encrypted = CryptoJS.AES.encrypt(text, aesKey, { iv: aesIV });
        return encrypted;
    };

    var encryptedUserCode = encrypt(globals["userCode"]).toString();
    var md5Password = CryptoJS.MD5(globals["password"]).toString().toUpperCase();
    var encryptedPassword = encrypt(md5Password.toString());
    var token = encryptedUserCode + "|" + encryptedPassword;

    postman.setGlobalVariable('securityToken', token);    

Answer 2

I can confirm this behaviour, proved by fiddler. The request is fired regardless of the execution of the pre request script.

Apparently this is due to Postman's support of ajax calls in pre request scripts.

https://github.com/postmanlabs/postman-app-support/issues/644

They recommend creating two requests, an initial POST to create the token, and then chaining that with subsequent requests and setting environment variables to sign those requests.