Testing Authentication with Postman

[00:00:00]
>> Maximiliano Firtman: Remember that every time we are saving, well, actually, we're not executing error, because we added this. But it's not giving me an error, it's saying Serving the files, which means that the compilation worked. And we don't know yet if this is working. Actually, to test this without doing the client, it's not so simple, why is that?

[00:00:27]
Because if you want to test this, this API account, remember we have register. So if I try from here, it's like, yeah, something is responding, it's saying Invalid request body. Because I'm not sending the body, right? How can I send the body from here? Actually, I cannot, from the browser, I'm saying.

[00:00:50]
I could open a console and try to use a fetch, that's one option. So actually, I've got the 400 from the server, which is pretty good, Bad Request. That means, I cannot answer you because you made a bad request. Okay, that's the right HTTP status code for this.

[00:01:07]
So I could try to do a fetch to that URL from here, so this is the URL. But then you need to pass our second argument with the body and the JSON and everything. It's complicated to do it here, so that's why to test this, typically, we use tools for HTTP testing.

[00:01:30]
There are plugins for Google Chrome to do that. And there is one that is probably the most used one for automation and testing. I'm not sure if you have heard about it, Postman. So, I mean, you don't need to use it for this, because we will create our client, but we can open Postman, this is a free tool.

[00:01:51]
Actually, there is a free tier, okay, it's not completely free, but in this case, let me increase the font size a little bit. I can, for example, create a new query. It says, well, what do you want to do, GET, POST? Actually, we are not checking that, so both will work, I can try a POST.

[00:02:12]
And say, I wanna go localhost:8080/, and I wanna try api/account/register, okay? If I hit Send, of course it will try that, and it's giving me a bad request, which is okay, because I'm not sending the data. Where the data goes? Well, actually, there is a body here. So I can go to the body and say, well, I want to send some data, in which format?

[00:02:40]
This tool will let you try this in different format, and we have raw. Raw means I will just paste data here, and in which format? Text, JavaScript, well, it's gonna be JSON. So I can try and pass my name, let's write value JSON, actually, my name is Test User.

[00:03:03]
Then I have an email, that is test@test.dev. And let's make a very secure password like 1234567, okay, that's ready. And then I can try this, okay? So if I send this, I can see what's going on. It took more time, and I got 200, green. And the answer from the server was success: true, User registered successfully.

[00:03:31]
So we can even go to our database here, go to users, to the data, refresh, and see if it's there. I'm there, with a hashed password. That's how 1234567 looks like when we hash it with that particular function, okay? So that worked. We can also try authentication, I think I already have one here, authentication, here, yeah.

[00:04:01]
And the body, yeah, I'm using the same email and password, great. So I can try to authenticate and see if it works.
>> Maximiliano Firtman: Authenticate, yeah, I think I need to update the message, maybe, so it says register. And if I change the password, it's false, it's failed because it's the wrong password.

[00:04:24]
So before creating your client, that's how you can test your backend services when it's not just getting JSON. Does that make sense, yeah?
>> Speaker 2: How does Go identify the method, whether it's GET or POST, because it doesn't look like we're-
>> Maximiliano Firtman: Right now, I think that the code that I have, I'm not actually verifying that, but you can.

[00:04:50]
I mean, from the header, it's part of the header. So remember that when you have a handler, you have the response writer and you have the request. The second argument is a request. Well, that request has the method that has been used. So then you can check if the method is actually the one that you want to accept or not, and then respond with an error or not.

[00:05:10]
So it's a manual thing, but it goes by URL. So maybe you are thinking that there are some frameworks out there where when you define your handle, you actually say here, I GET or POST, okay? Well, no, that's kind of a library or a framework sitting on top of the basics.

[00:05:29]
The basics is just the URL, and then internally, you see the headers, and check that thing. When you use frameworks like Gin, Gin Web framework for Go, you have a function for POST, a function for GET, a function for PUT. So then you can have different handlers for each verb or HTTP method.

[00:05:51]
But in this case, you have to do it manually, inside one handler. And in case you wanna do things differently on the same URL based on the method, you can have other handlers and call other handlers from that main one. So you create a handler for the URL, and then you have different handlers per method, and you call them, but manually, okay?

[00:06:14]
You need to do it manually.