403 response, You are not allowed to perform this action when trying to populate via api

default discord avatar
iasisalomon
last year
1 1

Using a Mocha/Chai env, I am trying to setup a TDD/BDD environment.

When i send this curl from anywhere but the app, it works

curl --location --request POST 'http://localhost:8081/api/players' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Imlhc2lzYWxvbW9uQGdtYWlsLmNvbSIsImlkIjoiNjJjNjBkMzU4ZjlkN2MxYTZlYjAwZTUzIiwiY29sbGVjdGlvbiI6InVzZXJzIiwiaWF0IjoxNjU3MTY3NjUzLCJleHAiOjE2NTcxNzQ4NTN9.cXB5QSTGxrm92aD505nFzElsFlQDrbZ4U2lSZMS9dd0' \
--header 'Cookie: payload-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Imlhc2lzYWxvbW9uQGdtYWlsLmNvbSIsImlkIjoiNjJjNjBkMzU4ZjlkN2MxYTZlYjAwZTUzIiwiY29sbGVjdGlvbiI6InVzZXJzIiwiaWF0IjoxNjU3MTY3NjUzLCJleHAiOjE2NTcxNzQ4NTN9.cXB5QSTGxrm92aD505nFzElsFlQDrbZ4U2lSZMS9dd0' \
--form 'nickname="pixel"' \
--form 'team="monitor"' \
--form 'ronin="bandwidth"' \
--form 'nationality="firewall"'

below code does not seem to save the data on the mongodb besides being the same.

//chaijs
const chai = require('chai');
const expect = chai.expect;
const chaiHttp = require('chai-http');
chai.use(chaiHttp);
//faker
const faker = require('@faker-js/faker');
//server data
const uri = process.env.API_URI || 'http://localhost:8081';
//variables
let bearer, message;

suite('Populate', () => {
	suiteSetup('Login to the api', async () => {
		const res = await chai.request(uri).post('/api/users/login').send({
			email: 'asd@asd.com',
			password: 'a',
		});
		message = res.body.message;
		bearer = 'Bearer ' + res.body.token;
	});
	suite('Check Auth', () => {
		test('Login successful', () => {
			expect(message).to.eql('Auth Passed');
		});
	});
	suite('Populate Players', () => {
		test('First Player', async () => {
			const res = await chai.request(uri).post('/api/players').set('Authorization', bearer).send({
				nickname: 'pixel',
				team: 'pixel',
				address: 'asd',
				nationality: 'asdasfasfas',
			});
			console.log(res.body);
			// {
			// 	errors: [{ message: 'You are not allowed to perform this action.' }];
			// }
		});
	});
});
  • default discord avatar
    iasisalomon
    last year

    Found the error i was adding bearer to the token to store it, but needed it pure for token and Cookie.

    bearer = 'Bearer ' + res.body.token;

    Code that actually works:

    		test('First Player', async () => {
    			const res = await chai
    				.request(uri)
    				.post('/api/players')
    				.set('Cookie', 'payload-token=' + bearer)
    				.set('Authorization', bearer)
    				.send({
    					nickname: 'pixel',
    					team: 'pixel',
    					ronin: 'asd',
    					nationality: 'asdasfasfas',
    				});
    			console.log(res.body);
    
Open the post
Continue the discussion in GitHub
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.