Like what we’re doing? Star us on GitHub!

403 response, You are not allowed to perform this action when trying to populate via api

iasisalomon
8 months ago
1 1

Using a Mocha/Chai env, I am trying to setup a TDD/BDD environment.

When i send this curl from anywhere but the app, it works

curl --location --request POST 'http://localhost:8081/api/players' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Imlhc2lzYWxvbW9uQGdtYWlsLmNvbSIsImlkIjoiNjJjNjBkMzU4ZjlkN2MxYTZlYjAwZTUzIiwiY29sbGVjdGlvbiI6InVzZXJzIiwiaWF0IjoxNjU3MTY3NjUzLCJleHAiOjE2NTcxNzQ4NTN9.cXB5QSTGxrm92aD505nFzElsFlQDrbZ4U2lSZMS9dd0' \
--header 'Cookie: payload-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Imlhc2lzYWxvbW9uQGdtYWlsLmNvbSIsImlkIjoiNjJjNjBkMzU4ZjlkN2MxYTZlYjAwZTUzIiwiY29sbGVjdGlvbiI6InVzZXJzIiwiaWF0IjoxNjU3MTY3NjUzLCJleHAiOjE2NTcxNzQ4NTN9.cXB5QSTGxrm92aD505nFzElsFlQDrbZ4U2lSZMS9dd0' \
--form 'nickname="pixel"' \
--form 'team="monitor"' \
--form 'ronin="bandwidth"' \
--form 'nationality="firewall"'

below code does not seem to save the data on the mongodb besides being the same.

//chaijs
const chai = require('chai');
const expect = chai.expect;
const chaiHttp = require('chai-http');
chai.use(chaiHttp);
//faker
const faker = require('@faker-js/faker');
//server data
const uri = process.env.API_URI || 'http://localhost:8081';
//variables
let bearer, message;

suite('Populate', () => {
	suiteSetup('Login to the api', async () => {
		const res = await chai.request(uri).post('/api/users/login').send({
			email: 'asd@asd.com',
			password: 'a',
		});
		message = res.body.message;
		bearer = 'Bearer ' + res.body.token;
	});
	suite('Check Auth', () => {
		test('Login successful', () => {
			expect(message).to.eql('Auth Passed');
		});
	});
	suite('Populate Players', () => {
		test('First Player', async () => {
			const res = await chai.request(uri).post('/api/players').set('Authorization', bearer).send({
				nickname: 'pixel',
				team: 'pixel',
				address: 'asd',
				nationality: 'asdasfasfas',
			});
			console.log(res.body);
			// {
			// 	errors: [{ message: 'You are not allowed to perform this action.' }];
			// }
		});
	});
});
  • iasisalomon
    8 months ago

    Found the error i was adding bearer to the token to store it, but needed it pure for token and Cookie.

    bearer = 'Bearer ' + res.body.token;

    Code that actually works:

    		test('First Player', async () => {
    			const res = await chai
    				.request(uri)
    				.post('/api/players')
    				.set('Cookie', 'payload-token=' + bearer)
    				.set('Authorization', bearer)
    				.send({
    					nickname: 'pixel',
    					team: 'pixel',
    					ronin: 'asd',
    					nationality: 'asdasfasfas',
    				});
    			console.log(res.body);
    
Open the post
Continue the discussion in GitHub
Can't find what you're looking for?
Get help straight from the Payload team with an Enterprise License.Learn More