Skip to content

User context autorization tests #759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 5, 2024
Merged

User context autorization tests #759

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ab2164e
test: authorization tests for guest users
mario-nt Nov 2, 2024
ae276ed
test: registered users authorization tests
mario-nt Nov 2, 2024
b691eca
test: authorization tests for admin users
mario-nt Nov 4, 2024
6b055e9
test: duplicated test removed
mario-nt Nov 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
212 changes: 194 additions & 18 deletions tests/e2e/web/api/v1/contexts/user/contract.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ mod banned_user_list {
use crate::common::contexts::user::asserts::assert_banned_user_response;
use crate::common::contexts::user::forms::Username;
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_logged_in_user, new_registered_user};
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_registered_user};

#[tokio::test]
async fn it_should_allow_an_admin_to_ban_a_user() {
Expand All @@ -203,34 +203,210 @@ mod banned_user_list {

assert_banned_user_response(&response, &registered_user);
}
}

#[tokio::test]
async fn it_should_not_allow_a_non_admin_to_ban_a_user() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
mod authorization {
mod for_guest_users {
use torrust_index::web::api;

let logged_non_admin = new_logged_in_user(&env).await;
use crate::common::client::Client;
use crate::common::contexts::user::fixtures::{random_user_registration_form, DEFAULT_PASSWORD, VALID_PASSWORD};
use crate::common::contexts::user::forms::{ChangePasswordForm, Username};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user};

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_non_admin.token);
#[tokio::test]
async fn it_should_allow_a_guest_user_to_register() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let registered_user = new_registered_user(&env).await;
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

let response = client.ban_user(Username::new(registered_user.username.clone())).await;
let form = random_user_registration_form();

assert_eq!(response.status, 403);
let response = client.register_user(form).await;

assert_eq!(response.status, 200);
}

#[tokio::test]
async fn it_should_not_allow_guest_users_to_change_passwords() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_user = new_logged_in_user(&env).await;

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

let new_password = VALID_PASSWORD.to_string();

let response = client
.change_password(
Username::new(logged_in_user.username.clone()),
ChangePasswordForm {
current_password: DEFAULT_PASSWORD.to_string(),
password: new_password.clone(),
confirm_password: new_password.clone(),
},
)
.await;

assert_eq!(response.status, 401);
}
#[tokio::test]
async fn it_should_not_allow_a_guest_to_ban_a_user() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

let registered_user = new_registered_user(&env).await;

let response = client.ban_user(Username::new(registered_user.username.clone())).await;

assert_eq!(response.status, 401);
}
}

#[tokio::test]
async fn it_should_not_allow_a_guest_to_ban_a_user() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
mod for_registered_users {
use torrust_index::web::api;

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
use crate::common::client::Client;
use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD};
use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user};

let registered_user = new_registered_user(&env).await;
#[tokio::test]
async fn it_should_not_allow_a_registered_user_to_register() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let response = client.ban_user(Username::new(registered_user.username.clone())).await;
let logged_in_user = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);

let response = client
.register_user(RegistrationForm {
username: logged_in_user.username,
email: Some("[email protected]".to_string()),
password: VALID_PASSWORD.to_string(),
confirm_password: VALID_PASSWORD.to_string(),
})
.await;

assert_eq!(response.status, 400);
}

#[tokio::test]
async fn it_should_allow_registered_users_to_change_their_passwords() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_user = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);

let new_password = VALID_PASSWORD.to_string();

let response = client
.change_password(
Username::new(logged_in_user.username.clone()),
ChangePasswordForm {
current_password: DEFAULT_PASSWORD.to_string(),
password: new_password.clone(),
confirm_password: new_password.clone(),
},
)
.await;

assert_eq!(response.status, 200);
}
#[tokio::test]
async fn it_should_not_allow_a_registered_user_to_ban_a_user() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_user = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);

let registered_user = new_registered_user(&env).await;

let response = client.ban_user(Username::new(registered_user.username.clone())).await;

assert_eq!(response.status, 403);
}
}
mod for_admin_users {
use torrust_index::web::api;

use crate::common::client::Client;
use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD};
use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_registered_user};

#[tokio::test]
async fn it_should_not_allow_an_admin_user_to_register() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let response = client
.register_user(RegistrationForm {
username: logged_in_admin.username,
email: Some("[email protected]".to_string()),
password: VALID_PASSWORD.to_string(),
confirm_password: VALID_PASSWORD.to_string(),
})
.await;

assert_eq!(response.status, 400);
}

#[tokio::test]
async fn it_should_allow_admin_users_to_change_their_passwords() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let new_password = VALID_PASSWORD.to_string();

let response = client
.change_password(
Username::new(logged_in_admin.username.clone()),
ChangePasswordForm {
current_password: DEFAULT_PASSWORD.to_string(),
password: new_password.clone(),
confirm_password: new_password.clone(),
},
)
.await;

assert_eq!(response.status, 200);
}

#[tokio::test]
async fn it_should_allow_an_admin_to_ban_a_user() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let registered_user = new_registered_user(&env).await;

let response = client.ban_user(Username::new(registered_user.username.clone())).await;

assert_eq!(response.status, 401);
assert_eq!(response.status, 200);
}
}
}
Loading