Cleaned up hurl test files.

This commit is contained in:
2026-05-01 07:49:22 +02:00
parent 8c0614d32b
commit 6b095e54f8
6 changed files with 91 additions and 48 deletions
+56
View File
@@ -0,0 +1,56 @@
# 1. Register a new unique user
POST http://localhost:3333/register
[FormParams]
email: test_user@debian.org
password: supersecretpassword
HTTP 200
[Captures]
access_token: jsonpath "$.access_token"
refresh_token: jsonpath "$.refresh_token"
# 2. Access a protected route with the first token
GET http://localhost:3333/home
Authorization: Bearer {{access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# 3. Refresh the tokens
POST http://localhost:3333/refresh
Content-Type: application/json
{
"refresh_token": "{{refresh_token}}"
}
HTTP 200
[Captures]
# Overwrite with the fresh tokens
next_access_token: jsonpath "$.access_token"
next_refresh_token: jsonpath "$.refresh_token"
[Asserts]
# Now compare the two distinct variable names
variable "next_refresh_token" != "{{refresh_token}}"
# 4. Access the protected route again with the NEW access token
GET http://localhost:3333/home
Authorization: Bearer {{next_access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# Log out user to clean table of tokens etc
POST http://localhost:3333/logout
Content-Type: application/json
{
"refresh_token": "{{next_refresh_token}}"
}
HTTP 200
[Asserts]
jsonpath "$.message" == "logout success"
+7
View File
@@ -0,0 +1,7 @@
# Check accessing protected route with an invalid token gives a 401
GET http://localhost:3333/home
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
HTTP 401
[Asserts]
jsonpath "$.error" == "unauthorized"
+28
View File
@@ -0,0 +1,28 @@
POST http://localhost:3333/login
[FormParams]
email: test_user@debian.org
password: supersecretpassword
HTTP 200
[Captures]
access_token: jsonpath "$.access_token"
refresh_token: jsonpath "$.refresh_token"
# Check the logged in use can access the protected route
GET http://localhost:3333/home
Authorization: Bearer {{access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# Log out user to clean table of tokens etc
POST http://localhost:3333/logout
Content-Type: application/json
{
"refresh_token": "{{refresh_token}}"
}
HTTP 200
[Asserts]
jsonpath "$.message" == "logout success"