Skip to content

Commit 720c046

Browse files
committed
Merge #759: User context autorization tests
6b055e9 test: duplicated test removed (Mario) b691eca test: authorization tests for admin users (Mario) ae276ed test: registered users authorization tests (Mario) ab2164e test: authorization tests for guest users (Mario) Pull request description: Part of #615 ACKs for top commit: josecelano: ACK 6b055e9 Tree-SHA512: 5a4d9af5c0d434e6c9818ddf060e2f5cec9be6977f607f470a64c8b93f876c275333a3bd7c10e7653f11e63aebe69b31abe79784cc5a117de24de095c7b08d4a
2 parents 5c38420 + 6b055e9 commit 720c046

File tree

1 file changed

+194
-18
lines changed

1 file changed

+194
-18
lines changed

tests/e2e/web/api/v1/contexts/user/contract.rs

Lines changed: 194 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -186,7 +186,7 @@ mod banned_user_list {
186186
use crate::common::contexts::user::asserts::assert_banned_user_response;
187187
use crate::common::contexts::user::forms::Username;
188188
use crate::e2e::environment::TestEnv;
189-
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_logged_in_user, new_registered_user};
189+
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_registered_user};
190190

191191
#[tokio::test]
192192
async fn it_should_allow_an_admin_to_ban_a_user() {
@@ -203,34 +203,210 @@ mod banned_user_list {
203203

204204
assert_banned_user_response(&response, &registered_user);
205205
}
206+
}
206207

207-
#[tokio::test]
208-
async fn it_should_not_allow_a_non_admin_to_ban_a_user() {
209-
let mut env = TestEnv::new();
210-
env.start(api::Version::V1).await;
208+
mod authorization {
209+
mod for_guest_users {
210+
use torrust_index::web::api;
211211

212-
let logged_non_admin = new_logged_in_user(&env).await;
212+
use crate::common::client::Client;
213+
use crate::common::contexts::user::fixtures::{random_user_registration_form, DEFAULT_PASSWORD, VALID_PASSWORD};
214+
use crate::common::contexts::user::forms::{ChangePasswordForm, Username};
215+
use crate::e2e::environment::TestEnv;
216+
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user};
213217

214-
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_non_admin.token);
218+
#[tokio::test]
219+
async fn it_should_allow_a_guest_user_to_register() {
220+
let mut env = TestEnv::new();
221+
env.start(api::Version::V1).await;
215222

216-
let registered_user = new_registered_user(&env).await;
223+
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
217224

218-
let response = client.ban_user(Username::new(registered_user.username.clone())).await;
225+
let form = random_user_registration_form();
219226

220-
assert_eq!(response.status, 403);
227+
let response = client.register_user(form).await;
228+
229+
assert_eq!(response.status, 200);
230+
}
231+
232+
#[tokio::test]
233+
async fn it_should_not_allow_guest_users_to_change_passwords() {
234+
let mut env = TestEnv::new();
235+
env.start(api::Version::V1).await;
236+
237+
let logged_in_user = new_logged_in_user(&env).await;
238+
239+
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
240+
241+
let new_password = VALID_PASSWORD.to_string();
242+
243+
let response = client
244+
.change_password(
245+
Username::new(logged_in_user.username.clone()),
246+
ChangePasswordForm {
247+
current_password: DEFAULT_PASSWORD.to_string(),
248+
password: new_password.clone(),
249+
confirm_password: new_password.clone(),
250+
},
251+
)
252+
.await;
253+
254+
assert_eq!(response.status, 401);
255+
}
256+
#[tokio::test]
257+
async fn it_should_not_allow_a_guest_to_ban_a_user() {
258+
let mut env = TestEnv::new();
259+
env.start(api::Version::V1).await;
260+
261+
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
262+
263+
let registered_user = new_registered_user(&env).await;
264+
265+
let response = client.ban_user(Username::new(registered_user.username.clone())).await;
266+
267+
assert_eq!(response.status, 401);
268+
}
221269
}
222270

223-
#[tokio::test]
224-
async fn it_should_not_allow_a_guest_to_ban_a_user() {
225-
let mut env = TestEnv::new();
226-
env.start(api::Version::V1).await;
271+
mod for_registered_users {
272+
use torrust_index::web::api;
227273

228-
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
274+
use crate::common::client::Client;
275+
use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD};
276+
use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username};
277+
use crate::e2e::environment::TestEnv;
278+
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user};
229279

230-
let registered_user = new_registered_user(&env).await;
280+
#[tokio::test]
281+
async fn it_should_not_allow_a_registered_user_to_register() {
282+
let mut env = TestEnv::new();
283+
env.start(api::Version::V1).await;
231284

232-
let response = client.ban_user(Username::new(registered_user.username.clone())).await;
285+
let logged_in_user = new_logged_in_user(&env).await;
286+
287+
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);
288+
289+
let response = client
290+
.register_user(RegistrationForm {
291+
username: logged_in_user.username,
292+
email: Some("test@email.com".to_string()),
293+
password: VALID_PASSWORD.to_string(),
294+
confirm_password: VALID_PASSWORD.to_string(),
295+
})
296+
.await;
297+
298+
assert_eq!(response.status, 400);
299+
}
300+
301+
#[tokio::test]
302+
async fn it_should_allow_registered_users_to_change_their_passwords() {
303+
let mut env = TestEnv::new();
304+
env.start(api::Version::V1).await;
305+
306+
let logged_in_user = new_logged_in_user(&env).await;
307+
308+
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);
309+
310+
let new_password = VALID_PASSWORD.to_string();
311+
312+
let response = client
313+
.change_password(
314+
Username::new(logged_in_user.username.clone()),
315+
ChangePasswordForm {
316+
current_password: DEFAULT_PASSWORD.to_string(),
317+
password: new_password.clone(),
318+
confirm_password: new_password.clone(),
319+
},
320+
)
321+
.await;
322+
323+
assert_eq!(response.status, 200);
324+
}
325+
#[tokio::test]
326+
async fn it_should_not_allow_a_registered_user_to_ban_a_user() {
327+
let mut env = TestEnv::new();
328+
env.start(api::Version::V1).await;
329+
330+
let logged_in_user = new_logged_in_user(&env).await;
331+
332+
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);
333+
334+
let registered_user = new_registered_user(&env).await;
335+
336+
let response = client.ban_user(Username::new(registered_user.username.clone())).await;
337+
338+
assert_eq!(response.status, 403);
339+
}
340+
}
341+
mod for_admin_users {
342+
use torrust_index::web::api;
343+
344+
use crate::common::client::Client;
345+
use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD};
346+
use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username};
347+
use crate::e2e::environment::TestEnv;
348+
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_registered_user};
349+
350+
#[tokio::test]
351+
async fn it_should_not_allow_an_admin_user_to_register() {
352+
let mut env = TestEnv::new();
353+
env.start(api::Version::V1).await;
354+
355+
let logged_in_admin = new_logged_in_admin(&env).await;
356+
357+
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
358+
359+
let response = client
360+
.register_user(RegistrationForm {
361+
username: logged_in_admin.username,
362+
email: Some("test@email.com".to_string()),
363+
password: VALID_PASSWORD.to_string(),
364+
confirm_password: VALID_PASSWORD.to_string(),
365+
})
366+
.await;
367+
368+
assert_eq!(response.status, 400);
369+
}
370+
371+
#[tokio::test]
372+
async fn it_should_allow_admin_users_to_change_their_passwords() {
373+
let mut env = TestEnv::new();
374+
env.start(api::Version::V1).await;
375+
376+
let logged_in_admin = new_logged_in_admin(&env).await;
377+
378+
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
379+
380+
let new_password = VALID_PASSWORD.to_string();
381+
382+
let response = client
383+
.change_password(
384+
Username::new(logged_in_admin.username.clone()),
385+
ChangePasswordForm {
386+
current_password: DEFAULT_PASSWORD.to_string(),
387+
password: new_password.clone(),
388+
confirm_password: new_password.clone(),
389+
},
390+
)
391+
.await;
392+
393+
assert_eq!(response.status, 200);
394+
}
395+
396+
#[tokio::test]
397+
async fn it_should_allow_an_admin_to_ban_a_user() {
398+
let mut env = TestEnv::new();
399+
env.start(api::Version::V1).await;
400+
401+
let logged_in_admin = new_logged_in_admin(&env).await;
402+
403+
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
404+
405+
let registered_user = new_registered_user(&env).await;
406+
407+
let response = client.ban_user(Username::new(registered_user.username.clone())).await;
233408

234-
assert_eq!(response.status, 401);
409+
assert_eq!(response.status, 200);
410+
}
235411
}
236412
}

0 commit comments

Comments
 (0)