57 lines
1.2 KiB
Plaintext
57 lines
1.2 KiB
Plaintext
# 1. Register a new unique user
|
|
POST http://localhost:3333/register
|
|
[FormParams]
|
|
email: test_user@debian.org
|
|
password: supersecretpassword
|
|
|
|
HTTP 200
|
|
[Captures]
|
|
access_token: jsonpath "$.access_token"
|
|
refresh_token: jsonpath "$.refresh_token"
|
|
|
|
|
|
# 2. Access a protected route with the first token
|
|
GET http://localhost:3333/home
|
|
Authorization: Bearer {{access_token}}
|
|
|
|
HTTP 200
|
|
[Asserts]
|
|
jsonpath "$.status" == "authenticated"
|
|
|
|
|
|
# 3. Refresh the tokens
|
|
POST http://localhost:3333/refresh
|
|
Content-Type: application/json
|
|
{
|
|
"refresh_token": "{{refresh_token}}"
|
|
}
|
|
|
|
HTTP 200
|
|
[Captures]
|
|
# Overwrite with the fresh tokens
|
|
next_access_token: jsonpath "$.access_token"
|
|
next_refresh_token: jsonpath "$.refresh_token"
|
|
|
|
[Asserts]
|
|
# Now compare the two distinct variable names
|
|
variable "next_refresh_token" != "{{refresh_token}}"
|
|
|
|
# 4. Access the protected route again with the NEW access token
|
|
GET http://localhost:3333/home
|
|
Authorization: Bearer {{next_access_token}}
|
|
|
|
HTTP 200
|
|
[Asserts]
|
|
jsonpath "$.status" == "authenticated"
|
|
|
|
# Log out user to clean table of tokens etc
|
|
POST http://localhost:3333/logout
|
|
Content-Type: application/json
|
|
{
|
|
"refresh_token": "{{next_refresh_token}}"
|
|
}
|
|
|
|
HTTP 200
|
|
[Asserts]
|
|
jsonpath "$.message" == "logout success"
|