Cleaned up hurl test files.

This commit is contained in:
2026-05-01 07:49:22 +02:00
parent 8c0614d32b
commit 6b095e54f8
6 changed files with 91 additions and 48 deletions
-20
View File
@@ -1,20 +0,0 @@
# Step 1: Login
POST http://localhost:3333/login
[FormParams]
email: jason@debian.org
password: supersecretpassword
HTTP 200
[Captures]
# Capture the token into a variable named 'token'
token: jsonpath "$.access_token"
# Step 2: Use the token to access a protected route
# Hurl automatically handles the variable injection with {{token}}
GET http://localhost:3333/api/protected-route
Authorization: Bearer {{token}}
HTTP 200
[Asserts]
# Check for something that only an auth'd user sees
jsonpath "$.status" == "success"
-13
View File
@@ -1,13 +0,0 @@
POST http://localhost:3333/login
[FormParams]
email: jason@debian.org
password: supersecretpassword
HTTP 200
[Asserts]
jsonpath "$.access_token" exists
jsonpath "$.refresh_token" exists
[Captures]
# We capture this so we can manually use it in curl/xh if we want
last_token: jsonpath "$.access_token"
-15
View File
@@ -1,15 +0,0 @@
# POST to the register endpoint
POST http://localhost:3333/register
[FormParams]
email: jason@debian.org
password: supersecretpassword
# We expect a 200 OK and JSON containing tokens
HTTP 200
[Asserts]
header "Content-Type" contains "application/json"
jsonpath "$.access_token" exists
jsonpath "$.refresh_token" exists
# Useful for debugging in tmux:
# hurl --verbose test_register.hurl
+56
View File
@@ -0,0 +1,56 @@
# 1. Register a new unique user
POST http://localhost:3333/register
[FormParams]
email: test_user@debian.org
password: supersecretpassword
HTTP 200
[Captures]
access_token: jsonpath "$.access_token"
refresh_token: jsonpath "$.refresh_token"
# 2. Access a protected route with the first token
GET http://localhost:3333/home
Authorization: Bearer {{access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# 3. Refresh the tokens
POST http://localhost:3333/refresh
Content-Type: application/json
{
"refresh_token": "{{refresh_token}}"
}
HTTP 200
[Captures]
# Overwrite with the fresh tokens
next_access_token: jsonpath "$.access_token"
next_refresh_token: jsonpath "$.refresh_token"
[Asserts]
# Now compare the two distinct variable names
variable "next_refresh_token" != "{{refresh_token}}"
# 4. Access the protected route again with the NEW access token
GET http://localhost:3333/home
Authorization: Bearer {{next_access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# Log out user to clean table of tokens etc
POST http://localhost:3333/logout
Content-Type: application/json
{
"refresh_token": "{{next_refresh_token}}"
}
HTTP 200
[Asserts]
jsonpath "$.message" == "logout success"
+7
View File
@@ -0,0 +1,7 @@
# Check accessing protected route with an invalid token gives a 401
GET http://localhost:3333/home
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
HTTP 401
[Asserts]
jsonpath "$.error" == "unauthorized"
+28
View File
@@ -0,0 +1,28 @@
POST http://localhost:3333/login
[FormParams]
email: test_user@debian.org
password: supersecretpassword
HTTP 200
[Captures]
access_token: jsonpath "$.access_token"
refresh_token: jsonpath "$.refresh_token"
# Check the logged in use can access the protected route
GET http://localhost:3333/home
Authorization: Bearer {{access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# Log out user to clean table of tokens etc
POST http://localhost:3333/logout
Content-Type: application/json
{
"refresh_token": "{{refresh_token}}"
}
HTTP 200
[Asserts]
jsonpath "$.message" == "logout success"