Reports

Check out a userscript which highlights deleted posts. GitHub

79497768

Date: 2025-03-10 11:00:42

Score: 0.5

Natty:

Report link

You can try below steps for your api testing using postman. it's worked of me.

Step 1: Check Session Status

GET Request: http://localhost:3000/api/auth/session
- Description: This API call checks if you are logged in. If not logged in, it returns an empty object.

Step 2: Obtain CSRF Token

POST Request: http://localhost:3000/api/auth/signin

Pre-request Script:

const jar = pm.cookies.jar();
console.log("Pre request called...");

pm.globals.set("csrfToken", "Hello World");
pm.globals.unset("sessionToken");

jar.clear(pm.request.url, function (error) {
  console.log(error);
});

Description: This script sets the csrfToken in the global environment variable and clears the sessionToken you can check that in your postman console.

Post-response Script:

console.log("Post response called...");
pm.cookies.each(cookie => console.log(cookie));
let csrfToken = pm.cookies.get("next-auth.csrf-token");
let csrfTokenValue = csrfToken.split('|')[0];

console.log('csrf token value: ', csrfTokenValue);
pm.globals.set("csrfToken", csrfTokenValue);

Description: This script retrieves the csrfToken from the cookies and sets it in the global environment variable.

Step 3: Log In with Credentials

POST Request: http://localhost:3000/api/auth/callback/credentials

Body Payload:

{
  "email":"{{userEmail}}" ,
  "password": "{{userPassword}}",
  "redirect": "false",
  "csrfToken": "{{csrfToken}}",
  "callbackUrl": "http://localhost:3000/",
  "json": "true"
}

take variable from global environment file from postman.

Pre-request Script:

const jar = pm.cookies.jar();

jar.unset(pm.request.url, 'next-auth.session-token', function (error) {
  // error - <Error>
});

Post-response Script:

pm.cookies.each(cookie => console.log(cookie));
let sessionTokenValue = pm.cookies.get("next-auth.session-token");

console.log('session token value: ', sessionTokenValue);
pm.globals.set("sessionToken", sessionTokenValue);

Description: This step logs in the user and sets the sessionToken in the global environment variable.

Step 4: Verify Session

GET Request: http://localhost:3000/api/auth/session
- Description: This API call retrieves the user session details, confirming that the user is logged in.

Step 5: Log Out

POST Request: http://localhost:3000/api/auth/signout
- Body Payload:
```
{
  "csrfToken": "{{csrfToken}}",
  "callbackUrl": "http://localhost:3000/dashboard",
  "json": "true"
}
```
- Description: This API call logs out the user from the current session.

Checkout this video for more clarify :

https://asset.cloudinary.com/dugkwrefy/6266f043c7092d1d3856bdad6448fa89

Reasons:

Blacklisted phrase (1): this video
Long answer (-1):
Has code block (-0.5):
Low reputation (1):

Posted by: Harshal Kahar