[ES-2778] remove usage of csrf token form cookies

[sacrana0]

Summary by CodeRabbit

• Bug Fixes

  • Switched CSRF token sourcing in the eSignet signup flow to use the response JSON token instead of cookies.

• Tests / Chores

  • Updated the API testing collection with added script placeholders, removed an unused test hook, and cleaned up script formatting and metadata.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Postman collection scripts changed: CSRF token extraction now reads the token field from JSON responses instead of the XSRF-TOKEN cookie across multiple script blocks. Several script metadata entries (requests / packages) were added and one test block in "Authenticate User (Id token)" was removed. No public API changes.

Changes

Cohort / File(s)	Summary
eSignet Signup Postman Collection postman-collection/eSignet Signup.postman_collection.json	Replaced cookie-based CSRF extraction (XSRF-TOKEN) with parsing token from response JSON in multiple prerequest/test scripts. Added empty requests and packages metadata entries in several script blocks. Removed one test block within "Authenticate User (Id token)". Minor whitespace/line edits around token extraction.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through JSON, found a token bright,
No more crumbs from cookies in the night,
I left small gaps where scripts can grow,
I nudged one test to softly go,
Tiny hops, tidy trails — off I go! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: removing CSRF token extraction from cookies in the Postman collection, which aligns with the functional changes summarized in the diff.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@postman-collection/eSignet` Signup.postman_collection.json:
- Around line 133-141: The test script under the "generate CSRF token" step
currently reads the token from cookies via pm.cookies.get("XSRF-TOKEN") and sets
it with pm.environment.set("csrf_token", token); change this to read the token
from the JSON response body (use pm.response.json() and the same JSON property
used elsewhere, e.g. "csrf_token" or "csrfToken") and set the environment
variable with pm.environment.set("csrf_token", <json-token>), and apply the same
change to the other occurrence noted (lines 350-358) so downstream requests use
the JSON-token approach instead of cookies.

[coderabbitai]

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

CodeRabbit commands

These commands are invoked using PR/Issue comments.

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai evaluate custom pre-merge check --instructions <custom-checks-instructions> --name <custom-checks-title> [--mode <error|warning>] to validate the custom pre-merge checks instructions. Defaults to error when --mode is omitted.
  • @coderabbitai ignore pre-merge checks to override pre-merge checks and get an approval on PR.
  • @coderabbitai run pre-merge checks to run pre-merge checks on the pull request.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve to resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai generate configuration to create a PR that adds the current resolved configuration as .coderabbit.yaml (or show it if already present).
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit configuration file (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, support, documentation and community

• Visit our status page to check the current availability of CodeRabbit.
• Create a ticket on our support page for assistance with any issues or questions.
• Visit our documentation site for detailed information on how to use CodeRabbit.
• Join our Discord community to connect with other users and get help from the community.
• Follow us on X/Twitter for updates and announcements.

[sacrana0]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.