Insomnia is a decent REST client with a good free version. The best practice is, of course, to include code tests and implement proper error reporting in the project, but third-party REST clients are great for testing and implementing third-party solutions when error reporting and debugging the service is not available. We’ll be using it here to play the role of an application and get some insight into what is going on with our API.
To create a user, we just need to POST the required fields to the appropriate endpoint and store the generated ID for subsequent use.
The API will respond with the user ID:
We can now generate the JWT using the /auth/
endpoint:
We should get a token as our response:
Grab the accessToken
, prefix it with Bearer
and add it to the request headers under Authorization
:
If we don’t do this now that we have implemented the permissions middleware, every request other than registration would be returning HTTP code 401. With the valid token in place, though, we get the following response from /users/:userId
:
Also, as was mentioned before, we are displaying all fields, for educational purposes and for sake of simplicity. The password (hashed or otherwise) should never be visible in the response.
Let’s try to get a list of users:
Surprise! We get a 403 response.
Our user does not have the permissions to access this endpoint. We will need to change the permissionLevel
of our user from 1 to 7 manually in MongoDB and then generate a new JWT.
After that is done, we get the proper response:
Next let’s test the update functionality by sending a PATCH
request with some fields to our /users/:userId
endpoint:
We expect a 204 response as confirmation of a successful operation, but we can request the user once again to verify.
Finally, we need to delete the user. We’ll need to create a new user as described above (don’t forget to note the user ID) and make sure that we have the appropriate JWT for an admin user.
Sending a DELETE
request to /users/:userId
we should get a 204 response as confirmation. We can, again, verify by requesting /users/
to list all existing users.
Comments are closed.