@@ -4,22 +4,21 @@ Feature: User Login and Token Refresh
44 So that I can access protected endpoints
55
66 Scenario : POST /login with valid credentials returns tokens and user info
7- When I send a POST request to "/login" with body:
7+ When I send a POST request to "/v1/auth/ login" with body:
88 """
99 {
1010 "email": "${START_USER_EMAIL}",
1111 "password": "${START_USER_PW}"
1212 }
1313 """
1414 Then the response code should be 200
15- And the JSON response should contain key "accessToken"
16- And the JSON response should contain key "refreshToken"
17- And the JSON response should contain "email" : "${START_USER_EMAIL}"
18- And I save the JSON response key "accessToken" as "accessToken"
19- And I save the JSON response key "refreshToken" as "refreshToken"
15+ And the JSON response should contain key "security"
16+ And the JSON response should contain "data.email" with value "${START_USER_EMAIL}"
17+ And I save the JSON response key "security.jwtAccessToken" as "accessToken"
18+ And I save the JSON response key "security.jwtRefreshToken" as "refreshToken"
2019
2120 Scenario : POST /login with invalid credentials returns 401
22- When I send a POST request to "/login" with body:
21+ When I send a POST request to "/v1/auth/ login" with body:
2322 """
2423 {
2524 "email": "${START_USER_EMAIL}",
@@ -30,20 +29,19 @@ Feature: User Login and Token Refresh
3029 And the JSON response should contain error "error" : "Invalid credentials"
3130
3231 Scenario : POST /access-token/refresh with valid refresh token returns new access token
33- When I send a POST request to "/access-token/refresh " with body:
32+ When I send a POST request to "/v1/auth/ access-token" with body:
3433 """
3534 {
3635 "refreshToken": "${refreshToken}"
3736 }
3837 """
3938 Then the response code should be 200
40- And the JSON response should contain key "accessToken"
41- And the JSON response should contain key "id"
42- And the JSON response should contain key "email"
43- And I save the JSON response key "accessToken" as "accessToken"
39+ And the JSON response should contain key "security"
40+ And the JSON response should contain key "data"
41+ And I save the JSON response key "security.jwtAccessToken" as "accessToken"
4442
4543 Scenario : POST /access-token/refresh with invalid refresh token returns 401
46- When I send a POST request to "/access-token/refresh " with body:
44+ When I send a POST request to "/v1/auth/ access-token" with body:
4745 """
4846 {
4947 "refreshToken": "someInvalidToken"
@@ -54,22 +52,21 @@ Feature: User Login and Token Refresh
5452
5553 Scenario : Access protected endpoint without token
5654 Given I clear the authentication token
57- When I send a GET request to "/api/medicines /1"
55+ When I send a GET request to "/v1/medicine /1"
5856 Then the response code should be 401
59- And the JSON response should contain error "error" : "Authorization header not provided"
57+ And the JSON response should contain error "error" : "Token not provided"
6058
6159 # Re-authenticate so subsequent scenarios have a valid token
6260 Scenario : Re-authenticate after clearing the token
63- When I send a POST request to "/login" with body:
61+ When I send a POST request to "/v1/auth/ login" with body:
6462 """
6563 {
6664 "email": "${START_USER_EMAIL}",
6765 "password": "${START_USER_PW}"
6866 }
6967 """
7068 Then the response code should be 200
71- And the JSON response should contain key "accessToken"
72- And the JSON response should contain key "refreshToken"
73- And the JSON response should contain "email" : "${START_USER_EMAIL}"
74- And I save the JSON response key "accessToken" as "accessToken"
75- And I save the JSON response key "refreshToken" as "refreshToken"
69+ And the JSON response should contain key "security"
70+ And the JSON response should contain "data.email" with value "${START_USER_EMAIL}"
71+ And I save the JSON response key "security.jwtAccessToken" as "accessToken"
72+ And I save the JSON response key "security.jwtRefreshToken" as "refreshToken"
0 commit comments