{ "info": { "_postman_id": "f87e5a2c-ddf8-4bb3-82e6-e9c5f6bb8de9", "name": "Person Management API", "description": "A collection to test the Person API with authentication", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { "name": "Authentication Tests", "item": [ { "name": "Admin Login", "event": [ { "listen": "test", "script": { "exec": [ "// Parse response", "var jsonData = pm.response.json();", "", "// Test response structure", "pm.test(\"Status code is 200\", function () {", " pm.response.to.have.status(200);", "});", "", "pm.test(\"Response has correct structure\", function () {", " pm.expect(jsonData.success).to.eql(true);", " pm.expect(jsonData.data).to.have.property('token');", " pm.expect(jsonData.data.user).to.have.property('is_admin');", " pm.expect(jsonData.data.user.is_admin).to.eql(true);", "});", "", "// Save token to environment variable", "if (jsonData.data && jsonData.data.token) {", " pm.environment.set(\"admin_token\", jsonData.data.token);", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"email\": \"admin@example.com\",\n \"password\": \"Admin123!\",\n \"device_name\": \"postman\"\n}" }, "url": { "raw": "{{base_url}}/login", "host": [ "{{base_url}}" ], "path": [ "login" ] }, "description": "Login as Admin user and store token in environment variable" }, "response": [] }, { "name": "Get Admin Profile", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 200\", function () {", " pm.response.to.have.status(200);", "});", "", "pm.test(\"User is admin\", function () {", " pm.expect(jsonData.data.user.is_admin).to.eql(true);", "});" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{admin_token}}" } ], "url": { "raw": "{{base_url}}/user", "host": [ "{{base_url}}" ], "path": [ "user" ] }, "description": "Get authenticated admin user profile" }, "response": [] }, { "name": "Register New User (Admin Only)", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 201\", function () {", " pm.response.to.have.status(201);", "});", "", "pm.test(\"User created successfully\", function () {", " pm.expect(jsonData.success).to.eql(true);", " pm.expect(jsonData.message).to.eql(\"User created successfully\");", "});" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{admin_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"name\": \"New Test User\",\n \"email\": \"newuser@example.com\",\n \"password\": \"Password123!\",\n \"is_admin\": false\n}" }, "url": { "raw": "{{base_url}}/register", "host": [ "{{base_url}}" ], "path": [ "register" ] }, "description": "Register a new user (admin only can do this)" }, "response": [] }, { "name": "Login as New User", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 200\", function () {", " pm.response.to.have.status(200);", "});", "", "// Save token to environment variable", "if (jsonData.data && jsonData.data.token) {", " pm.environment.set(\"user_token\", jsonData.data.token);", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"email\": \"newuser@example.com\",\n \"password\": \"Password123!\",\n \"device_name\": \"postman\"\n}" }, "url": { "raw": "{{base_url}}/login", "host": [ "{{base_url}}" ], "path": [ "login" ] }, "description": "Login as the newly created user" }, "response": [] }, { "name": "Regular User Cannot Register New Users", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 403 (Forbidden)\", function () {", " pm.response.to.have.status(403);", "});" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{user_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"name\": \"Another User\",\n \"email\": \"another@example.com\",\n \"password\": \"Password123!\",\n \"is_admin\": false\n}" }, "url": { "raw": "{{base_url}}/register", "host": [ "{{base_url}}" ], "path": [ "register" ] }, "description": "Test that a regular user cannot register new users" }, "response": [] }, { "name": "Logout Admin", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 200\", function () {", " pm.response.to.have.status(200);", "});", "", "pm.test(\"Logged out successfully\", function () {", " pm.expect(jsonData.success).to.eql(true);", " pm.expect(jsonData.message).to.eql(\"Logged out successfully\");", "});", "", "// Clear token from environment", "pm.environment.unset(\"admin_token\");" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{admin_token}}" } ], "url": { "raw": "{{base_url}}/logout", "host": [ "{{base_url}}" ], "path": [ "logout" ] }, "description": "Logout admin user (revoke token)" }, "response": [] } ], "description": "Tests for the authentication system" }, { "name": "Protected API Endpoints", "item": [ { "name": "Access Without Token (Unauthorized)", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 401 (Unauthorized)\", function () {", " pm.response.to.have.status(401);", "});" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{base_url}}/persons", "host": [ "{{base_url}}" ], "path": [ "persons" ] }, "description": "Try to access a protected endpoint without a token" }, "response": [] }, { "name": "List Persons (With Token)", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 200\", function () {", " pm.response.to.have.status(200);", "});", "", "pm.test(\"Response has correct structure\", function () {", " pm.expect(jsonData.success).to.eql(true);", " pm.expect(jsonData).to.have.property('data');", "});" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{user_token}}" } ], "url": { "raw": "{{base_url}}/persons", "host": [ "{{base_url}}" ], "path": [ "persons" ] }, "description": "List all persons (protected endpoint)" }, "response": [] }, { "name": "Create Person (With Token)", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 201\", function () {", " pm.response.to.have.status(201);", "});", "", "pm.test(\"Person created successfully\", function () {", " pm.expect(jsonData.success).to.eql(true);", " pm.expect(jsonData.message).to.eql(\"Person created successfully\");", "});", "", "// Save person ID for later tests", "if (jsonData.data && jsonData.data.person_id) {", " pm.environment.set(\"person_id\", jsonData.data.person_id);", "}" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{user_token}}" } ], "body": { "mode": "raw", "raw": "{\n \"surname\": \"Chen\",\n \"christian_name\": \"Michael\",\n \"full_name\": \"Michael Chen\",\n \"date_of_birth\": \"1965-04-18\",\n \"place_of_birth\": \"Hong Kong\",\n \"occupation\": \"Merchant\",\n \"id_card_no\": \"ID-583921\",\n \n \"migration\": {\n \"date_of_arrival_aus\": \"1982-03-17\",\n \"date_of_arrival_nt\": \"1982-04-01\",\n \"arrival_period\": \"1980-1990\"\n },\n \n \"residence\": {\n \"darwin\": true,\n \"katherine\": false,\n \"tennant_creek\": false,\n \"alice_springs\": false\n }\n}" }, "url": { "raw": "{{base_url}}/persons", "host": [ "{{base_url}}" ], "path": [ "persons" ] }, "description": "Create a new person (protected endpoint)" }, "response": [] }, { "name": "Get Person by ID (With Token)", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 200\", function () {", " pm.response.to.have.status(200);", "});", "", "pm.test(\"Person retrieved successfully\", function () {", " pm.expect(jsonData.success).to.eql(true);", " pm.expect(jsonData.message).to.eql(\"Person retrieved successfully\");", "});" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{user_token}}" } ], "url": { "raw": "{{base_url}}/persons/{{person_id}}", "host": [ "{{base_url}}" ], "path": [ "persons", "{{person_id}}" ] }, "description": "Get person by ID (protected endpoint)" }, "response": [] }, { "name": "Find Person by ID Card (With Token)", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "pm.test(\"Status code is 200\", function () {", " pm.response.to.have.status(200);", "});", "", "pm.test(\"Person found by ID card\", function () {", " pm.expect(jsonData.success).to.eql(true);", " pm.expect(jsonData.message).to.eql(\"Person found by ID card number\");", "});" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{user_token}}" } ], "url": { "raw": "{{base_url}}/persons/id-card/ID-583921", "host": [ "{{base_url}}" ], "path": [ "persons", "id-card", "ID-583921" ] }, "description": "Find person by ID card number (protected endpoint)" }, "response": [] } ], "description": "Tests for the protected API endpoints requiring authentication token" } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ], "variable": [ { "key": "base_url", "value": "http://localhost:8000/api", "type": "string" } ] }