mirror of
https://github.com/zoriya/Kyoo.git
synced 2026-03-28 12:27:51 -04:00
62 lines
1.1 KiB
Plaintext
62 lines
1.1 KiB
Plaintext
# Setup first user
|
|
POST {{host}}/users
|
|
{
|
|
"username": "sessions-user-1",
|
|
"password": "password-sessions-user-1",
|
|
"email": "sessions-user-1@zoriya.dev"
|
|
}
|
|
HTTP 201
|
|
[Captures]
|
|
token1: jsonpath "$.token"
|
|
|
|
GET {{host}}/jwt
|
|
Authorization: Bearer {{token1}}
|
|
HTTP 200
|
|
[Captures]
|
|
jwt1: jsonpath "$.token"
|
|
|
|
GET {{host}}/users/me
|
|
Authorization: Bearer {{jwt1}}
|
|
HTTP 200
|
|
[Captures]
|
|
user1Id: jsonpath "$.id"
|
|
|
|
# Can list my own sessions
|
|
GET {{host}}/sessions
|
|
Authorization: Bearer {{jwt1}}
|
|
HTTP 200
|
|
[Captures]
|
|
session1Id: jsonpath "$[0].id"
|
|
|
|
# Setup second user
|
|
POST {{host}}/users
|
|
{
|
|
"username": "sessions-user-2",
|
|
"password": "password-sessions-user-2",
|
|
"email": "sessions-user-2@zoriya.dev"
|
|
}
|
|
HTTP 201
|
|
[Captures]
|
|
token2: jsonpath "$.token"
|
|
|
|
GET {{host}}/jwt
|
|
Authorization: Bearer {{token2}}
|
|
HTTP 200
|
|
[Captures]
|
|
jwt2: jsonpath "$.token"
|
|
|
|
# Cannot list another user's sessions without users.read
|
|
GET {{host}}/users/{{user1Id}}/sessions
|
|
Authorization: Bearer {{jwt2}}
|
|
HTTP 403
|
|
|
|
# Cleanup second user
|
|
DELETE {{host}}/users/me
|
|
Authorization: Bearer {{jwt2}}
|
|
HTTP 200
|
|
|
|
# Cleanup first user
|
|
DELETE {{host}}/users/me
|
|
Authorization: Bearer {{jwt1}}
|
|
HTTP 200
|