PingAuthorize

Testing that the policy blocks Youngstown users from viewing age 13+ memes

You can test the newly created rule with cURL or Postman.

Steps

  1. Issue a GET request to https://localhost:7443/meme-game/api/v1/users/user.0/answers/2 as user.0. The following curl command makes such a request.

    curl --insecure -X GET \
      https://localhost:7443/meme-game/api/v1/users/user.0/answers/2 \
      -H 'Authorization: Bearer {"active": true, "sub": "user.0"}'

    Result:

    When requesting answer 2 as user.0, expect a 200 OK response with the following body.

    {
    	"data": {
        	"id": "2",
        	"type": "answers",
        	"attributes": {
            	"url": "https://i.imgflip.com/23ls.jpg",
            	"captions": [
                	"There was a spider",
                	"it's gone now"
            	],
            	"rating": 13,
            	"created_at": "2020-05-06T22:25:06+00:00"
        	}
    	},
    	"meta": {}
    }
  2. Issue a GET request to https://localhost:7443/meme-game/api/v1/users/user.0/answers/2 as user.660. The following curl command makes such a request.

    curl --insecure -X GET \
      https://localhost:7443/meme-game/api/v1/users/user.0/answers/2 \
      -H 'Authorization: Bearer {"active": true, "sub": "user.660"}'

    Result:

    When requesting answer 2, which is rated age 13, as user.660, who is from Youngstown, OH, expect a 403 Forbidden response with the following body.

    {
    	"errorMessage": "Access Denied",
    	"status": 403
    }
  3. Issue a GET request to https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 as user.0. The following curl command makes such a request.

    curl --insecure -X GET \
      https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \
      -H 'Authorization: Bearer {"active": true, "sub": "user.0"}'

    Result:

    When requesting answer 1 as user.0, expect a 200 OK response with the following body.

    {
    	"data": {
        	"id": "1",
        	"type": "answers",
        	"attributes": {
            	"url": "https://i.imgflip.com/2fm6x.jpg",
            	"captions": [
                	"Still waiting for the bus to Jennie’s"
            	],
            	"rating": null,
            	"created_at": "2020-05-06T22:25:06+00:00"
        	}
    	},
    	"meta": {}
    }
  4. Issue a GET request to https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 as user.660. The following curl command makes such a request.

    curl --insecure -X GET \
      https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \
      -H 'Authorization: Bearer {"active": true, "sub": "user.660"}'

    Result:

    When requesting answer 1, which is unrated, as user.660, who is from Youngstown, OH, expect a 403 Forbidden response with the following body. Be aware that this is not the correct behavior; however, to resolve it, we would need to change our attribute definitions.

    {
    	"errorMessage": "Access Denied",
    	"status": 403
    }