Backend Test

[johntom]

Hi, I'd like to use Postman to test the backend because I want to eventually use api with something other than angular. 1) I changed blueprints\shortcuts: true, 2) I change policy BookController: { 'find': ['authenticated'], to
'find': [], 3) from Postman GET http://localhost:1337/book brings up all books 4) Change policy back to 'find': ['authenticated'], 5) I tried Basic Auth option and set user= demo password=demodemodemo but get back { "message": "Given authorization token is not valid" } If possible I'd like to know how can I pass the auth from postman or any other client app. Thanks, John

[tarlepp]

This project uses JWT for authentication, so basically you need to set some extra headers which contains JWT that's generated on login process. Also there is examples how to make tests that requires authentication. https://github.com/tarlepp/angular-sailsjs-boilerplate/blob/master/backend%2Ftest%2Ffunctional%2Fcontrollers%2FAuthController.test.js#L163

So if you want to use postman workflow is following:

1) Make login request to get JWT 2) Add 'Authorization' header with 'bearer _JWT_VALUEHERE' value 3) Make request => profit

And with clientside application, eg. with angular you can easily add that JWT to every request that client is going to make. Angular interceptor example: https://github.com/tarlepp/angular-sailsjs-boilerplate/blob/master/frontend%2Fsrc%2Fapp%2Fcore%2Finterceptors%2FAuthInterceptor.js

And really, do not activate shortcuts on blueprint, just use proper HTTP method to make things happen.

[johntom]

I was just reading about using JWT as you replied. I only test with shortcuts and will take your advice. Thanks so much for your prompt reply. I will test and post.

[tarlepp]

README.MD contains couple of links about JWT and frontend <--> backend authentication.

[johntom]

OK I got it! HTH others.

Lift the sails and fire up Postman. Send a post request http://localhost:1337/login?identifier=demo&password=demodemodemo

payload
{
  "user": {
    "username": "demo",
    "email": "demo@some.domain",
    "firstName": "John",
    "lastName": "Doe",
    "admin": false,
    "id": 2,
    "createdAt": "2015-05-30T18:47:38.404Z",
    "updatedAt": "2015-05-30T18:47:38.404Z"
  },
  "token": "eyJhbGciOiJIUzI1NiJ9.Mg._bgkwMqrKxFvVhupixHLIfvF5WpbihENyFpTQN5Eito"
}

Now that we have token lets use it! send get request http://localhost:1337/ Header Authorization value = Bearer eyJhbGciOiJIUzI1NiJ9.Mg._bgkwMqrKxFvVhupixHLIfvF5WpbihENyFpTQN5Eito or http://localhost:1337/user?token=eyJhbGciOiJIUzI1NiJ9.Mg._bgkwMqrKxFvVhupixHLIfvF5WpbihENyFpTQN5Eito

payload 
[
  {
    "username": "admin",
    "email": "admin@some.domain",
    "firstName": "Arnold",
    "lastName": "Administrator",
    "admin": true,
    "id": 1,
    "createdAt": "2015-05-30T18:47:38.401Z",
    "updatedAt": "2015-05-30T18:47:38.401Z"
  },
  {
    "username": "demo",
    "email": "demo@some.domain",
    "firstName": "John",
    "lastName": "Doe",
    "admin": false,
    "id": 2,
    "createdAt": "2015-05-30T18:47:38.404Z",
    "updatedAt": "2015-05-30T18:47:38.404Z"
  }
]

book get request http://localhost:1337/book?token=eyJhbGciOiJIUzI1NiJ9.Mg._bgkwMqrKxFvVhupixHLIfvF5WpbihENyFpTQN5Eito

payload
[
  {
    "author": 1,
    "title": "Songs for the Philologists",
    "description": "Songs for the Philologists is a collection of poems by E. V. Gordon and J. R. R. Tolkien as well as traditional songs. It is the rarest and most difficult to find Tolkien-related book. Originally a collection of typescripts compiled by Gordon in 1921–26 for the students of the University of Leeds, it was given by A. H. Smith of University College London, a former student at Leeds, to a group of students to be printed privately in 1935 or 1936, and printed in 1936 with the impressuum 'Printed by G. Tillotson, A. H. Smith, B. Pattison and other members of the English Department, University College, London.'",
    "releaseDate": "1936-01-01T00:00:00.000Z",
    "id": 1,
    "createdAt": "2015-05-30T18:47:38.183Z",
    "updatedAt": "2015-05-30T18:47:38.183Z"
  },
  {....

[tarlepp]

Basically you can always send that header and token parameter because actual authenticated policy removes both of them. See policy there: https://github.com/tarlepp/angular-sailsjs-boilerplate/blob/master/backend%2Fapi%2Fpolicies%2Fauthenticated.js

So did this solve this issue?

[johntom]

Yes! This is great and I can now test different verions of a front-ends with this stack. I've been recently playing with Aurelia and will eventually fork this as a Sails/Aurelia repo