-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathclient.http
More file actions
301 lines (242 loc) · 11 KB
/
client.http
File metadata and controls
301 lines (242 loc) · 11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
TESTED request
### Index method
GET http://localhost:4000/api/wine_listings
### Successfully creates a wine listing
### Response = 201 Created
POST http://localhost:4000/api/wine_listings
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMiIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY1OTQzNjcxMywiZXhwIjoxNjU5NTIzMTEzLCJqdGkiOiIxNWQ4Nzc5Ny04YTQ2LTQ5ZjYtODQ4OS00M2U5OTg2NjFlMDQifQ.YIAE8CHGohsYB_V4RQ5uScS9J8yfnEo5CfwlWH_Jf7k
{
"brand": "Testing Wine id 8",
"grape_variety": "Testing Wine id 8",
"year": "2020",
"category": "Red",
"country": "Australia",
"region": "Geelong",
"description": "Great deep colour, and sweet spice aromas, with a much firmer palate than we see in the Sangreal. These wines have a perfect fade from fruit to structure, a velvet like character, really complex texture. It’s darker, firmer edged and more upright. You can taste a fresher fruit note, black cherries and plums and a sense of fine oak. Really impressive."
}
### Testing for regular users trying to create wine listing when not allowed because regular user does not have same rights as admin users
### JWT below was given when a regular user logged in
POST http://localhost:4000/api/wine_listings
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMiIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY1OTM2NDcwNywiZXhwIjoxNjU5NDUxMTA3LCJqdGkiOiI3NjMwNDhjNC0yMTUxLTQwY2ItODFlZS1jZDgwNWIyOTAyYzIifQ.Jqs21IjodMTJXzpag--NOmF0x_Eq91nj1Kk7V4TCE8g
{
"brand": "Testing for regular using trying to create wine listing when not allowed because regular user does not have same rights as admin users. This should fail",
"grape_variety": "Pinot Noir",
"year": "2020",
"category": "Red",
"country": "Australia",
"region": "Geelong",
"description": "description for testing purposes only."
}
### Unsuccessfully posts a wine_listing.
### Not providing Authorization bearer
### Not providing all details required.
### Response = 422 Unprocessable Entity
POST http://localhost:4000/api/wine_listings
Content-Type: application/json
{
"brand": ""
}
### show wine_listing id: 2
GET http://localhost:4000/api/wine_listings/2
### unsuccessfully show wine_listings id: 1000
### Response = 404 Not Found
GET http://localhost:4000/api/wine_listings/1000
### The purpose of this test is to ensure that user must be logged in as Admin to be able to UPDATE wine listings
### Response = 401 Unauthorized
### Currently DOES NOT work without Authorization: Bearer
PUT http://localhost:4000/api/wine_listings/6
Content-Type: application/json
{
"brand": "test for successfully updating id: 6 without Authorization bearer secret key",
"grape_variety": "test for successfully updating id: 6",
"year": "2022",
"category": "test for successfully updating id: 6",
"country": "test for successfully updating id: 6",
"region": "test for successfully updating id: 6",
"description": "test for successfully updating id: 6"
}
### Testing UPDATE for Admin
### Test as Admin user with params performing updates to wine listing id:
### Test inlcudes jwt
PUT http://localhost:4000/api/wine_listings/3
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY1OTM1NDA2NiwiZXhwIjoxNjU5NDQwNDY2LCJqdGkiOiJjOGE0YTI0Mi1hZTY0LTQyZDMtYjI1YS04MjAzYzU1ODQxMjMifQ.BImjf2-sLtZTJvAVqHq0jk9tXDKrFxPjEMQfImJknLI
{
"brand": "test for successfully updating id:3 ONLY, as an admin with correct params & JWT",
"grape_variety": "test update id 2",
"year": "2022",
"category": "test update id 2",
"country": "test update id 2",
"region": "test update id 2",
"description": "test update id 2"
}
### Successful testing of
### a fail attempt for regular user, who is logged in, performing an update of wine listings
### response = 204 No Content
PUT http://localhost:4000/api/wine_listings/4
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY1OTM0MjU3MywiZXhwIjoxNjU5NDI4OTczLCJqdGkiOiIxMTI4ZTI5My02NDE0LTRhZTctYTY2NC1jNWUxOTJhODM1YjAifQ.R5JhlDBx35rDxjll7ZzAp-3BvKeBLBwpVY5WMLMghhg
{
"brand": "test for updating id: 4, with Auth bearer token as a regular user. This is expected to fail",
"grape_variety": "test",
"year": "2022",
"category": "test",
"country": "test",
"region": "test",
"description": "test"
}
### NEEDS testing
### As a regular user attempting to update wine_listing id 4
PUT http://localhost:4000/api/wine_listings/4
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY1OTM0MjU3MywiZXhwIjoxNjU5NDI4OTczLCJqdGkiOiIxMTI4ZTI5My02NDE0LTRhZTctYTY2NC1jNWUxOTJhODM1YjAifQ.R5JhlDBx35rDxjll7ZzAp-3BvKeBLBwpVY5WMLMghhg
{
"brand": "test for updating id: 4, with Auth bearer token as a regular user. expect to fail",
"grape_variety": "test",
"year": "2022",
"category": "test",
"country": "test",
"region": "test",
"description": "test"
}
### Currently Testing for Admin to delete wine listing id
### !!!Currently able to delete without Authorization Bearer of secret key!!!
### Response = 204 :no_content
DELETE http://localhost:4000/api/wine_listings/7
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY1OTM2MTY1NywiZXhwIjoxNjU5NDQ4MDU3LCJqdGkiOiIzYzM1MDg0YS0zMWU3LTRiMDItODMzNS0wYTkzOGYxODMxZDYifQ.vwQK9pe5hixTcL2MxrMGfmnCCQXgh4eghLY9VG14Jns
### Intentionally, Unsucessfully delete wine_listings id: 1000
### Response = 500 :internal_server_error
DELETE http://localhost:4000/api/wine_listings/1000
# --------------------------------------------------
### Access member data
### Pass
GET http://localhost:4000/member-data
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwic2NwIjoidXNlciIsImF1ZCI6bnVsbCwiaWF0IjoxNjU4NTYwMTU3LCJleHAiOjE2NTg1NjM3NTcsImp0aSI6IjkxNjRlNzY1LTAwMzktNDk2Ny1hZWI5LTJkYjc3OTgyOGI0NyJ9.MeM_CqfGUUuk8N1nKRowKbDEEcNBsMtfqWg_A4QBs9s
### THIS TEST IS NOT WORKING AS EXPECTED!!!
### Create user with only 2 params - email and password - Should FAIL
POST http://localhost:4000/api/sign_up
Content-Type: application/json
{
"user": {
"email": "jacqui2@test.com",
"password": "password10"
}
}
### Create user
### 4 Params given - username, email, password, password_confirmation
POST http://localhost:4000/api/sign_up
Content-Type: application/json
{
"user": {
"username": "testtime5",
"email": "mrtest5@test.com",
"password": "password",
"password_confirmation": "password"
}
}
### Login with correct details
### PASS with correct details
POST http://localhost:4000/api/login
Content-Type: application/json
{
"user": {
"email": "jacqui@test.com",
"password": "password"
}
}
### LogOUT while logged in with a jwt auth token
### PASS with token from the login session
DELETE http://localhost:4000/api/logout
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI1NCIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY2MDM2Njc2NCwiZXhwIjoxNjYwNDUzMTY0LCJqdGkiOiI4NTJmOWJiYi02MjFhLTQ2NDYtYTlmZS05OWQ1NzY4MWU1YmEifQ.8SvBOMykytf0TBW94FsUsElLLvxoORb3YzBg65S9Kdg
# --------------------------------------------
###Not yet tested --> WIP
### ADMIN section
# Tested and signs up user with 200 response
### Create Admin user
POST http://localhost:4000/api/sign_up
Content-Type: application/json
{
"user": {
"username": "admin4",
"email": "admin4@gmail.com",
"password": "password",
"password_confirmation": "password",
"admin": true
}
}
### ----------------------------------------------
### CATEGORY NOT YET TESTED
### Get categories
GET http://localhost:4000/api/categories
### ----------------------------------------------
### COMMENTS TESTS ALL PASSED
### Gets all comments
### Passes with 200 response
GET http://localhost:4000/comments
Content-Type: application/json
### Create comment
### Passes with 201 created response if user signed in with token
### Returns 401 if not signed in
POST http://localhost:4000/comments
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY2MDM2NjI5MSwiZXhwIjoxNjYwNDUyNjkxLCJqdGkiOiJhZjFjMmI2Zi1mMTBhLTQ0Y2QtYTI5NS1lMjVlNjViMjA0MmYifQ.KOEbmx-gauCCwRFLTsc5Bgug1WoAmboTQaakSpVgsfM
{
"comment": {
"user_comment": "Test comment 3",
"user_id": 21,
"wine_listing_id": 3
}
}
### Create comment
### Passes with 201 created response
POST http://localhost:4000/comments
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMiIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY1OTQwODczMSwiZXhwIjoxNjU5NDk1MTMxLCJqdGkiOiIxMmU1YjM0Zi0xYWRkLTQyMTItOTYzOC1lMjIxYmY0MWNjYTAifQ.V5WvayMyBnYgpKeIdTl_k81z6pgckN9khjDgfKj4OsA
{
"comment": {
"user_comment": "Test comment 2",
"user_id": 12,
"wine_listing_id": 1
}
}
### Create comment with no content in user_comment
### Passes with 422 unprocessable entity - user comment can't be blank
POST http://localhost:4000/comments
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY2MDM2NTIzNSwiZXhwIjoxNjYwNDUxNjM1LCJqdGkiOiIzNDAzMWE4My0xZWQyLTQyMGMtOTgzMS00ZDE4MmUzMThkMDEifQ.rIJ_FtKiBTazalOR_UEsEwcOT3yyIlAlNQJ_Lxh_Ky0
{
"comment": {
"user_comment": "Testing delete comment3",
"user_id": 21,
"wine_listing_id": 1
}
}
### Update comment
### Passes with 200 response, not possible if non-owner tries to update (200, unauthorised action)
# Admin can update other users comments
PATCH http://localhost:4000/comments/26
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMyIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY2MDM2NjkzMiwiZXhwIjoxNjYwNDUzMzMyLCJqdGkiOiIyODllY2U4MS1jZDc3LTQ1NzctOTYzOC05NmI4ZjU2OGE2NTMifQ.Ji6oC2LUx1rBGSuYX9nq-UnUIWErzLX6Qvez6oJNsac
{
"comment": {
"id": 26,
"user_comment": "Non-owner attempt Comment 26 has been updated",
"user_id": 13,
"wine_listing_id": 1
}
}
### Delete own comment
### Passes with 204 no content response
DELETE http://localhost:4000/comments/26
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY2MDM2NjI5MSwiZXhwIjoxNjYwNDUyNjkxLCJqdGkiOiJhZjFjMmI2Zi1mMTBhLTQ0Y2QtYTI5NS1lMjVlNjViMjA0MmYifQ.KOEbmx-gauCCwRFLTsc5Bgug1WoAmboTQaakSpVgsfM
### Delete another users comment
### Passes with 200 - error of unauthorised action
DELETE http://localhost:4000/comments/1
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyMSIsInNjcCI6InVzZXIiLCJhdWQiOm51bGwsImlhdCI6MTY2MDM2NjI5MSwiZXhwIjoxNjYwNDUyNjkxLCJqdGkiOiJhZjFjMmI2Zi1mMTBhLTQ0Y2QtYTI5NS1lMjVlNjViMjA0MmYifQ.KOEbmx-gauCCwRFLTsc5Bgug1WoAmboTQaakSpVgsfM