Cleaned up hurl test files.
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
# 1. Register a new unique user
|
||||
POST http://localhost:3333/register
|
||||
[FormParams]
|
||||
email: test_user@debian.org
|
||||
password: supersecretpassword
|
||||
|
||||
HTTP 200
|
||||
[Captures]
|
||||
access_token: jsonpath "$.access_token"
|
||||
refresh_token: jsonpath "$.refresh_token"
|
||||
|
||||
|
||||
# 2. Access a protected route with the first token
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer {{access_token}}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.status" == "authenticated"
|
||||
|
||||
|
||||
# 3. Refresh the tokens
|
||||
POST http://localhost:3333/refresh
|
||||
Content-Type: application/json
|
||||
{
|
||||
"refresh_token": "{{refresh_token}}"
|
||||
}
|
||||
|
||||
HTTP 200
|
||||
[Captures]
|
||||
# Overwrite with the fresh tokens
|
||||
next_access_token: jsonpath "$.access_token"
|
||||
next_refresh_token: jsonpath "$.refresh_token"
|
||||
|
||||
[Asserts]
|
||||
# Now compare the two distinct variable names
|
||||
variable "next_refresh_token" != "{{refresh_token}}"
|
||||
|
||||
# 4. Access the protected route again with the NEW access token
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer {{next_access_token}}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.status" == "authenticated"
|
||||
|
||||
# Log out user to clean table of tokens etc
|
||||
POST http://localhost:3333/logout
|
||||
Content-Type: application/json
|
||||
{
|
||||
"refresh_token": "{{next_refresh_token}}"
|
||||
}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.message" == "logout success"
|
||||
@@ -0,0 +1,7 @@
|
||||
# Check accessing protected route with an invalid token gives a 401
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
|
||||
|
||||
HTTP 401
|
||||
[Asserts]
|
||||
jsonpath "$.error" == "unauthorized"
|
||||
@@ -0,0 +1,28 @@
|
||||
POST http://localhost:3333/login
|
||||
[FormParams]
|
||||
email: test_user@debian.org
|
||||
password: supersecretpassword
|
||||
|
||||
HTTP 200
|
||||
[Captures]
|
||||
access_token: jsonpath "$.access_token"
|
||||
refresh_token: jsonpath "$.refresh_token"
|
||||
|
||||
# Check the logged in use can access the protected route
|
||||
GET http://localhost:3333/home
|
||||
Authorization: Bearer {{access_token}}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.status" == "authenticated"
|
||||
|
||||
# Log out user to clean table of tokens etc
|
||||
POST http://localhost:3333/logout
|
||||
Content-Type: application/json
|
||||
{
|
||||
"refresh_token": "{{refresh_token}}"
|
||||
}
|
||||
|
||||
HTTP 200
|
||||
[Asserts]
|
||||
jsonpath "$.message" == "logout success"
|
||||
Reference in New Issue
Block a user