diff --git a/test_requests/access.hurl b/test_requests/access.hurl new file mode 100644 index 0000000..6fa69e1 --- /dev/null +++ b/test_requests/access.hurl @@ -0,0 +1,20 @@ +# Step 1: Login +POST http://localhost:3333/login +[FormParams] +email: jason@debian.org +password: supersecretpassword + +HTTP 200 +[Captures] +# Capture the token into a variable named 'token' +token: jsonpath "$.access_token" + +# Step 2: Use the token to access a protected route +# Hurl automatically handles the variable injection with {{token}} +GET http://localhost:8080/api/protected-route +Authorization: Bearer {{token}} + +HTTP 200 +[Asserts] +# Check for something that only an auth'd user sees +jsonpath "$.status" == "success" diff --git a/test_requests/login.hurl b/test_requests/login.hurl new file mode 100644 index 0000000..3d62432 --- /dev/null +++ b/test_requests/login.hurl @@ -0,0 +1,13 @@ +POST http://localhost:3333/login +[FormParams] +email: jason@debian.org +password: supersecretpassword + +HTTP 200 +[Asserts] +jsonpath "$.access_token" exists +jsonpath "$.refresh_token" exists + +[Captures] +# We capture this so we can manually use it in curl/xh if we want +last_token: jsonpath "$.access_token" diff --git a/test_requests/register.hurl b/test_requests/register.hurl new file mode 100644 index 0000000..0199ecb --- /dev/null +++ b/test_requests/register.hurl @@ -0,0 +1,15 @@ +# POST to the register endpoint +POST http://localhost:3333/register +[FormParams] +email: jason@debian.org +password: supersecretpassword + +# We expect a 200 OK and JSON containing tokens +HTTP 200 +[Asserts] +header "Content-Type" contains "application/json" +jsonpath "$.access_token" exists +jsonpath "$.refresh_token" exists + +# Useful for debugging in tmux: +# hurl --verbose test_register.hurl