@@ -186,7 +186,7 @@ mod banned_user_list {
186
186
use crate :: common:: contexts:: user:: asserts:: assert_banned_user_response;
187
187
use crate :: common:: contexts:: user:: forms:: Username ;
188
188
use crate :: e2e:: environment:: TestEnv ;
189
- use crate :: e2e:: web:: api:: v1:: contexts:: user:: steps:: { new_logged_in_admin, new_logged_in_user , new_registered_user} ;
189
+ use crate :: e2e:: web:: api:: v1:: contexts:: user:: steps:: { new_logged_in_admin, new_registered_user} ;
190
190
191
191
#[ tokio:: test]
192
192
async fn it_should_allow_an_admin_to_ban_a_user ( ) {
@@ -203,34 +203,210 @@ mod banned_user_list {
203
203
204
204
assert_banned_user_response ( & response, & registered_user) ;
205
205
}
206
+ }
206
207
207
- #[ tokio:: test]
208
- async fn it_should_not_allow_a_non_admin_to_ban_a_user ( ) {
209
- let mut env = TestEnv :: new ( ) ;
210
- env. start ( api:: Version :: V1 ) . await ;
208
+ mod authorization {
209
+ mod for_guest_users {
210
+ use torrust_index:: web:: api;
211
211
212
- let logged_non_admin = new_logged_in_user ( & env) . await ;
212
+ use crate :: common:: client:: Client ;
213
+ use crate :: common:: contexts:: user:: fixtures:: { random_user_registration_form, DEFAULT_PASSWORD , VALID_PASSWORD } ;
214
+ use crate :: common:: contexts:: user:: forms:: { ChangePasswordForm , Username } ;
215
+ use crate :: e2e:: environment:: TestEnv ;
216
+ use crate :: e2e:: web:: api:: v1:: contexts:: user:: steps:: { new_logged_in_user, new_registered_user} ;
213
217
214
- let client = Client :: authenticated ( & env. server_socket_addr ( ) . unwrap ( ) , & logged_non_admin. token ) ;
218
+ #[ tokio:: test]
219
+ async fn it_should_allow_a_guest_user_to_register ( ) {
220
+ let mut env = TestEnv :: new ( ) ;
221
+ env. start ( api:: Version :: V1 ) . await ;
215
222
216
- let registered_user = new_registered_user ( & env) . await ;
223
+ let client = Client :: unauthenticated ( & env. server_socket_addr ( ) . unwrap ( ) ) ;
217
224
218
- let response = client . ban_user ( Username :: new ( registered_user . username . clone ( ) ) ) . await ;
225
+ let form = random_user_registration_form ( ) ;
219
226
220
- assert_eq ! ( response. status, 403 ) ;
227
+ let response = client. register_user ( form) . await ;
228
+
229
+ assert_eq ! ( response. status, 200 ) ;
230
+ }
231
+
232
+ #[ tokio:: test]
233
+ async fn it_should_not_allow_guest_users_to_change_passwords ( ) {
234
+ let mut env = TestEnv :: new ( ) ;
235
+ env. start ( api:: Version :: V1 ) . await ;
236
+
237
+ let logged_in_user = new_logged_in_user ( & env) . await ;
238
+
239
+ let client = Client :: unauthenticated ( & env. server_socket_addr ( ) . unwrap ( ) ) ;
240
+
241
+ let new_password = VALID_PASSWORD . to_string ( ) ;
242
+
243
+ let response = client
244
+ . change_password (
245
+ Username :: new ( logged_in_user. username . clone ( ) ) ,
246
+ ChangePasswordForm {
247
+ current_password : DEFAULT_PASSWORD . to_string ( ) ,
248
+ password : new_password. clone ( ) ,
249
+ confirm_password : new_password. clone ( ) ,
250
+ } ,
251
+ )
252
+ . await ;
253
+
254
+ assert_eq ! ( response. status, 401 ) ;
255
+ }
256
+ #[ tokio:: test]
257
+ async fn it_should_not_allow_a_guest_to_ban_a_user ( ) {
258
+ let mut env = TestEnv :: new ( ) ;
259
+ env. start ( api:: Version :: V1 ) . await ;
260
+
261
+ let client = Client :: unauthenticated ( & env. server_socket_addr ( ) . unwrap ( ) ) ;
262
+
263
+ let registered_user = new_registered_user ( & env) . await ;
264
+
265
+ let response = client. ban_user ( Username :: new ( registered_user. username . clone ( ) ) ) . await ;
266
+
267
+ assert_eq ! ( response. status, 401 ) ;
268
+ }
221
269
}
222
270
223
- #[ tokio:: test]
224
- async fn it_should_not_allow_a_guest_to_ban_a_user ( ) {
225
- let mut env = TestEnv :: new ( ) ;
226
- env. start ( api:: Version :: V1 ) . await ;
271
+ mod for_registered_users {
272
+ use torrust_index:: web:: api;
227
273
228
- let client = Client :: unauthenticated ( & env. server_socket_addr ( ) . unwrap ( ) ) ;
274
+ use crate :: common:: client:: Client ;
275
+ use crate :: common:: contexts:: user:: fixtures:: { DEFAULT_PASSWORD , VALID_PASSWORD } ;
276
+ use crate :: common:: contexts:: user:: forms:: { ChangePasswordForm , RegistrationForm , Username } ;
277
+ use crate :: e2e:: environment:: TestEnv ;
278
+ use crate :: e2e:: web:: api:: v1:: contexts:: user:: steps:: { new_logged_in_user, new_registered_user} ;
229
279
230
- let registered_user = new_registered_user ( & env) . await ;
280
+ #[ tokio:: test]
281
+ async fn it_should_not_allow_a_registered_user_to_register ( ) {
282
+ let mut env = TestEnv :: new ( ) ;
283
+ env. start ( api:: Version :: V1 ) . await ;
231
284
232
- let response = client. ban_user ( Username :: new ( registered_user. username . clone ( ) ) ) . await ;
285
+ let logged_in_user = new_logged_in_user ( & env) . await ;
286
+
287
+ let client = Client :: authenticated ( & env. server_socket_addr ( ) . unwrap ( ) , & logged_in_user. token ) ;
288
+
289
+ let response = client
290
+ . register_user ( RegistrationForm {
291
+ username : logged_in_user. username ,
292
+ email : Some ( "test@email.com" . to_string ( ) ) ,
293
+ password : VALID_PASSWORD . to_string ( ) ,
294
+ confirm_password : VALID_PASSWORD . to_string ( ) ,
295
+ } )
296
+ . await ;
297
+
298
+ assert_eq ! ( response. status, 400 ) ;
299
+ }
300
+
301
+ #[ tokio:: test]
302
+ async fn it_should_allow_registered_users_to_change_their_passwords ( ) {
303
+ let mut env = TestEnv :: new ( ) ;
304
+ env. start ( api:: Version :: V1 ) . await ;
305
+
306
+ let logged_in_user = new_logged_in_user ( & env) . await ;
307
+
308
+ let client = Client :: authenticated ( & env. server_socket_addr ( ) . unwrap ( ) , & logged_in_user. token ) ;
309
+
310
+ let new_password = VALID_PASSWORD . to_string ( ) ;
311
+
312
+ let response = client
313
+ . change_password (
314
+ Username :: new ( logged_in_user. username . clone ( ) ) ,
315
+ ChangePasswordForm {
316
+ current_password : DEFAULT_PASSWORD . to_string ( ) ,
317
+ password : new_password. clone ( ) ,
318
+ confirm_password : new_password. clone ( ) ,
319
+ } ,
320
+ )
321
+ . await ;
322
+
323
+ assert_eq ! ( response. status, 200 ) ;
324
+ }
325
+ #[ tokio:: test]
326
+ async fn it_should_not_allow_a_registered_user_to_ban_a_user ( ) {
327
+ let mut env = TestEnv :: new ( ) ;
328
+ env. start ( api:: Version :: V1 ) . await ;
329
+
330
+ let logged_in_user = new_logged_in_user ( & env) . await ;
331
+
332
+ let client = Client :: authenticated ( & env. server_socket_addr ( ) . unwrap ( ) , & logged_in_user. token ) ;
333
+
334
+ let registered_user = new_registered_user ( & env) . await ;
335
+
336
+ let response = client. ban_user ( Username :: new ( registered_user. username . clone ( ) ) ) . await ;
337
+
338
+ assert_eq ! ( response. status, 403 ) ;
339
+ }
340
+ }
341
+ mod for_admin_users {
342
+ use torrust_index:: web:: api;
343
+
344
+ use crate :: common:: client:: Client ;
345
+ use crate :: common:: contexts:: user:: fixtures:: { DEFAULT_PASSWORD , VALID_PASSWORD } ;
346
+ use crate :: common:: contexts:: user:: forms:: { ChangePasswordForm , RegistrationForm , Username } ;
347
+ use crate :: e2e:: environment:: TestEnv ;
348
+ use crate :: e2e:: web:: api:: v1:: contexts:: user:: steps:: { new_logged_in_admin, new_registered_user} ;
349
+
350
+ #[ tokio:: test]
351
+ async fn it_should_not_allow_an_admin_user_to_register ( ) {
352
+ let mut env = TestEnv :: new ( ) ;
353
+ env. start ( api:: Version :: V1 ) . await ;
354
+
355
+ let logged_in_admin = new_logged_in_admin ( & env) . await ;
356
+
357
+ let client = Client :: authenticated ( & env. server_socket_addr ( ) . unwrap ( ) , & logged_in_admin. token ) ;
358
+
359
+ let response = client
360
+ . register_user ( RegistrationForm {
361
+ username : logged_in_admin. username ,
362
+ email : Some ( "test@email.com" . to_string ( ) ) ,
363
+ password : VALID_PASSWORD . to_string ( ) ,
364
+ confirm_password : VALID_PASSWORD . to_string ( ) ,
365
+ } )
366
+ . await ;
367
+
368
+ assert_eq ! ( response. status, 400 ) ;
369
+ }
370
+
371
+ #[ tokio:: test]
372
+ async fn it_should_allow_admin_users_to_change_their_passwords ( ) {
373
+ let mut env = TestEnv :: new ( ) ;
374
+ env. start ( api:: Version :: V1 ) . await ;
375
+
376
+ let logged_in_admin = new_logged_in_admin ( & env) . await ;
377
+
378
+ let client = Client :: authenticated ( & env. server_socket_addr ( ) . unwrap ( ) , & logged_in_admin. token ) ;
379
+
380
+ let new_password = VALID_PASSWORD . to_string ( ) ;
381
+
382
+ let response = client
383
+ . change_password (
384
+ Username :: new ( logged_in_admin. username . clone ( ) ) ,
385
+ ChangePasswordForm {
386
+ current_password : DEFAULT_PASSWORD . to_string ( ) ,
387
+ password : new_password. clone ( ) ,
388
+ confirm_password : new_password. clone ( ) ,
389
+ } ,
390
+ )
391
+ . await ;
392
+
393
+ assert_eq ! ( response. status, 200 ) ;
394
+ }
395
+
396
+ #[ tokio:: test]
397
+ async fn it_should_allow_an_admin_to_ban_a_user ( ) {
398
+ let mut env = TestEnv :: new ( ) ;
399
+ env. start ( api:: Version :: V1 ) . await ;
400
+
401
+ let logged_in_admin = new_logged_in_admin ( & env) . await ;
402
+
403
+ let client = Client :: authenticated ( & env. server_socket_addr ( ) . unwrap ( ) , & logged_in_admin. token ) ;
404
+
405
+ let registered_user = new_registered_user ( & env) . await ;
406
+
407
+ let response = client. ban_user ( Username :: new ( registered_user. username . clone ( ) ) ) . await ;
233
408
234
- assert_eq ! ( response. status, 401 ) ;
409
+ assert_eq ! ( response. status, 200 ) ;
410
+ }
235
411
}
236
412
}
0 commit comments