Testing Users controller#

Let's check if the Users controller we created in the last lesson is working fine. You can open postman and open module 10. We can go to the Login request; the endpoint is api/Users/Login and it's a post request. We are adding the login data inside body and the selected format is json. Email and password are same as we created. Let's click on send; we see the user data coming back as a response. It has all the fields provided by Identity, and of course, we don't want to return so much unnecessary data to the client. We will take care of it very soon. But we see that the login request is successful.

We also want to check the error cases, so we can open the second request which is called Login fail. Here, I have used an email which doesn't exist in our database. Let's test this one as well; we see the 401 "not authorized" error. If you remember, we are using the same error response for two cases. One is when the user does not exist. The second one is when the password is incorrect, so let's use the correct email and the incorrect password. You see we're getting the same error. You can show an error saying that the password is incorrect, but we don't want to give too much info, because it might be a hacker and you don't want to tell them that the email is correct and you need to work on the password.