403 response, You are not allowed to perform this action when trying to populate via api

default discord avatar
last year
1 1

Using a Mocha/Chai env, I am trying to setup a TDD/BDD environment.

When i send this curl from anywhere but the app, it works

curl --location --request POST 'http://localhost:8081/api/players' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Imlhc2lzYWxvbW9uQGdtYWlsLmNvbSIsImlkIjoiNjJjNjBkMzU4ZjlkN2MxYTZlYjAwZTUzIiwiY29sbGVjdGlvbiI6InVzZXJzIiwiaWF0IjoxNjU3MTY3NjUzLCJleHAiOjE2NTcxNzQ4NTN9.cXB5QSTGxrm92aD505nFzElsFlQDrbZ4U2lSZMS9dd0' \
--header 'Cookie: payload-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Imlhc2lzYWxvbW9uQGdtYWlsLmNvbSIsImlkIjoiNjJjNjBkMzU4ZjlkN2MxYTZlYjAwZTUzIiwiY29sbGVjdGlvbiI6InVzZXJzIiwiaWF0IjoxNjU3MTY3NjUzLCJleHAiOjE2NTcxNzQ4NTN9.cXB5QSTGxrm92aD505nFzElsFlQDrbZ4U2lSZMS9dd0' \
--form 'nickname="pixel"' \
--form 'team="monitor"' \
--form 'ronin="bandwidth"' \
--form 'nationality="firewall"'

below code does not seem to save the data on the mongodb besides being the same.

const chai = require('chai');
const expect = chai.expect;
const chaiHttp = require('chai-http');
const faker = require('@faker-js/faker');
//server data
const uri = process.env.API_URI || 'http://localhost:8081';
let bearer, message;

suite('Populate', () => {
	suiteSetup('Login to the api', async () => {
		const res = await chai.request(uri).post('/api/users/login').send({
			email: 'asd@asd.com',
			password: 'a',
		message = res.body.message;
		bearer = 'Bearer ' + res.body.token;
	suite('Check Auth', () => {
		test('Login successful', () => {
			expect(message).to.eql('Auth Passed');
	suite('Populate Players', () => {
		test('First Player', async () => {
			const res = await chai.request(uri).post('/api/players').set('Authorization', bearer).send({
				nickname: 'pixel',
				team: 'pixel',
				address: 'asd',
				nationality: 'asdasfasfas',
			// {
			// 	errors: [{ message: 'You are not allowed to perform this action.' }];
			// }
  • default discord avatar
    last year

    Found the error i was adding bearer to the token to store it, but needed it pure for token and Cookie.

    bearer = 'Bearer ' + res.body.token;

    Code that actually works:

    		test('First Player', async () => {
    			const res = await chai
    				.set('Cookie', 'payload-token=' + bearer)
    				.set('Authorization', bearer)
    					nickname: 'pixel',
    					team: 'pixel',
    					ronin: 'asd',
    					nationality: 'asdasfasfas',
Open the post
Continue the discussion in GitHub
Like what we're doing?
Star us on GitHub!


Connect with the Payload Community on Discord



Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.