Cleaned up hurl test files.
This commit is contained in:
@@ -1,20 +0,0 @@
|
||||
# Step 1: Login
|
||||
POST http://localhost:3333/login
|
||||
[FormParams]
|
||||
email: jason@debian.org
|
||||
password: supersecretpassword
|
||||
|
||||
HTTP 200
|
||||
[Captures]
|
||||
# Capture the token into a variable named 'token'
|
||||
token: jsonpath "$.access_token"
|
||||
|
||||
# Step 2: Use the token to access a protected route
|
||||
# Hurl automatically handles the variable injection with {{token}}
|
||||
GET http://localhost:3333/api/protected-route
|
||||
Authorization: Bearer {{token}}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
# Check for something that only an auth'd user sees
|
||||
jsonpath "$.status" == "success"
|
||||
@@ -1,13 +0,0 @@
|
||||
POST http://localhost:3333/login
|
||||
[FormParams]
|
||||
email: jason@debian.org
|
||||
password: supersecretpassword
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.access_token" exists
|
||||
jsonpath "$.refresh_token" exists
|
||||
|
||||
[Captures]
|
||||
# We capture this so we can manually use it in curl/xh if we want
|
||||
last_token: jsonpath "$.access_token"
|
||||
@@ -1,15 +0,0 @@
|
||||
# POST to the register endpoint
|
||||
POST http://localhost:3333/register
|
||||
[FormParams]
|
||||
email: jason@debian.org
|
||||
password: supersecretpassword
|
||||
|
||||
# We expect a 200 OK and JSON containing tokens
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
header "Content-Type" contains "application/json"
|
||||
jsonpath "$.access_token" exists
|
||||
jsonpath "$.refresh_token" exists
|
||||
|
||||
# Useful for debugging in tmux:
|
||||
# hurl --verbose test_register.hurl
|
||||
@@ -0,0 +1,56 @@
|
||||
# 1. Register a new unique user
|
||||
POST http://localhost:3333/register
|
||||
[FormParams]
|
||||
email: test_user@debian.org
|
||||
password: supersecretpassword
|
||||
|
||||
HTTP 200
|
||||
[Captures]
|
||||
access_token: jsonpath "$.access_token"
|
||||
refresh_token: jsonpath "$.refresh_token"
|
||||
|
||||
|
||||
# 2. Access a protected route with the first token
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer {{access_token}}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.status" == "authenticated"
|
||||
|
||||
|
||||
# 3. Refresh the tokens
|
||||
POST http://localhost:3333/refresh
|
||||
Content-Type: application/json
|
||||
{
|
||||
"refresh_token": "{{refresh_token}}"
|
||||
}
|
||||
|
||||
HTTP 200
|
||||
[Captures]
|
||||
# Overwrite with the fresh tokens
|
||||
next_access_token: jsonpath "$.access_token"
|
||||
next_refresh_token: jsonpath "$.refresh_token"
|
||||
|
||||
[Asserts]
|
||||
# Now compare the two distinct variable names
|
||||
variable "next_refresh_token" != "{{refresh_token}}"
|
||||
|
||||
# 4. Access the protected route again with the NEW access token
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer {{next_access_token}}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.status" == "authenticated"
|
||||
|
||||
# Log out user to clean table of tokens etc
|
||||
POST http://localhost:3333/logout
|
||||
Content-Type: application/json
|
||||
{
|
||||
"refresh_token": "{{next_refresh_token}}"
|
||||
}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.message" == "logout success"
|
||||
@@ -0,0 +1,7 @@
|
||||
# Check accessing protected route with an invalid token gives a 401
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
|
||||
|
||||
HTTP 401
|
||||
[Asserts]
|
||||
jsonpath "$.error" == "unauthorized"
|
||||
@@ -0,0 +1,28 @@
|
||||
POST http://localhost:3333/login
|
||||
[FormParams]
|
||||
email: test_user@debian.org
|
||||
password: supersecretpassword
|
||||
|
||||
HTTP 200
|
||||
[Captures]
|
||||
access_token: jsonpath "$.access_token"
|
||||
refresh_token: jsonpath "$.refresh_token"
|
||||
|
||||
# Check the logged in use can access the protected route
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer {{access_token}}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.status" == "authenticated"
|
||||
|
||||
# Log out user to clean table of tokens etc
|
||||
POST http://localhost:3333/logout
|
||||
Content-Type: application/json
|
||||
{
|
||||
"refresh_token": "{{refresh_token}}"
|
||||
}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.message" == "logout success"
|
||||
Reference in New Issue
Block a user