Files
nfeeder/tests/hurl/auth_lifecycle.hurl
T

57 lines
1.2 KiB
Plaintext

# 1. Register a new unique user
POST http://localhost:3333/register
[FormParams]
email: test_user@debian.org
password: supersecretpassword
HTTP 200
[Captures]
access_token: jsonpath "$.access_token"
refresh_token: jsonpath "$.refresh_token"
# 2. Access a protected route with the first token
GET http://localhost:3333/home
Authorization: Bearer {{access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# 3. Refresh the tokens
POST http://localhost:3333/refresh
Content-Type: application/json
{
"refresh_token": "{{refresh_token}}"
}
HTTP 200
[Captures]
# Overwrite with the fresh tokens
next_access_token: jsonpath "$.access_token"
next_refresh_token: jsonpath "$.refresh_token"
[Asserts]
# Now compare the two distinct variable names
variable "next_refresh_token" != "{{refresh_token}}"
# 4. Access the protected route again with the NEW access token
GET http://localhost:3333/home
Authorization: Bearer {{next_access_token}}
HTTP 200
[Asserts]
jsonpath "$.status" == "authenticated"
# Log out user to clean table of tokens etc
POST http://localhost:3333/logout
Content-Type: application/json
{
"refresh_token": "{{next_refresh_token}}"
}
HTTP 200
[Asserts]
jsonpath "$.message" == "logout success"