From ab2164e193978bae22f3fd66a89cc0bfaaf779c6 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 2 Nov 2024 16:34:14 +0100 Subject: [PATCH 1/4] test: authorization tests for guest users --- .../e2e/web/api/v1/contexts/user/contract.rs | 66 ++++++++++++++++--- 1 file changed, 58 insertions(+), 8 deletions(-) diff --git a/tests/e2e/web/api/v1/contexts/user/contract.rs b/tests/e2e/web/api/v1/contexts/user/contract.rs index 3124fc28..a88538dd 100644 --- a/tests/e2e/web/api/v1/contexts/user/contract.rs +++ b/tests/e2e/web/api/v1/contexts/user/contract.rs @@ -219,18 +219,68 @@ mod banned_user_list { assert_eq!(response.status, 403); } +} - #[tokio::test] - async fn it_should_not_allow_a_guest_to_ban_a_user() { - let mut env = TestEnv::new(); - env.start(api::Version::V1).await; +mod authorization { + mod for_guest_users { + use torrust_index::web::api; - let client = Client::unauthenticated(&env.server_socket_addr().unwrap()); + use crate::common::client::Client; + use crate::common::contexts::user::fixtures::{random_user_registration_form, DEFAULT_PASSWORD, VALID_PASSWORD}; + use crate::common::contexts::user::forms::{ChangePasswordForm, Username}; + use crate::e2e::environment::TestEnv; + use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user}; - let registered_user = new_registered_user(&env).await; + #[tokio::test] + async fn it_should_allow_a_guest_user_to_register() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; - let response = client.ban_user(Username::new(registered_user.username.clone())).await; + let client = Client::unauthenticated(&env.server_socket_addr().unwrap()); + + let form = random_user_registration_form(); + + let response = client.register_user(form).await; + + assert_eq!(response.status, 200); + } + + #[tokio::test] + async fn it_should_not_allow_guest_users_to_change_passwords() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let logged_in_user = new_logged_in_user(&env).await; + + let client = Client::unauthenticated(&env.server_socket_addr().unwrap()); + + let new_password = VALID_PASSWORD.to_string(); + + let response = client + .change_password( + Username::new(logged_in_user.username.clone()), + ChangePasswordForm { + current_password: DEFAULT_PASSWORD.to_string(), + password: new_password.clone(), + confirm_password: new_password.clone(), + }, + ) + .await; + + assert_eq!(response.status, 401); + } + #[tokio::test] + async fn it_should_not_allow_a_guest_to_ban_a_user() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let client = Client::unauthenticated(&env.server_socket_addr().unwrap()); + + let registered_user = new_registered_user(&env).await; + + let response = client.ban_user(Username::new(registered_user.username.clone())).await; - assert_eq!(response.status, 401); + assert_eq!(response.status, 401); + } } } From ae276ed1937124a0590ed2ef3199734aef279f33 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 2 Nov 2024 18:37:54 +0100 Subject: [PATCH 2/4] test: registered users authorization tests --- .../e2e/web/api/v1/contexts/user/contract.rs | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/tests/e2e/web/api/v1/contexts/user/contract.rs b/tests/e2e/web/api/v1/contexts/user/contract.rs index a88538dd..98984e42 100644 --- a/tests/e2e/web/api/v1/contexts/user/contract.rs +++ b/tests/e2e/web/api/v1/contexts/user/contract.rs @@ -283,4 +283,75 @@ mod authorization { assert_eq!(response.status, 401); } } + + mod for_registered_users { + use torrust_index::web::api; + + use crate::common::client::Client; + use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD}; + use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username}; + use crate::e2e::environment::TestEnv; + use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user}; + + #[tokio::test] + async fn it_should_not_allow_a_registered_user_to_register() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let logged_in_user = new_logged_in_user(&env).await; + + let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token); + + let response = client + .register_user(RegistrationForm { + username: logged_in_user.username, + email: Some("test@email.com".to_string()), + password: VALID_PASSWORD.to_string(), + confirm_password: VALID_PASSWORD.to_string(), + }) + .await; + + assert_eq!(response.status, 400); + } + + #[tokio::test] + async fn it_should_allow_registered_users_to_change_their_passwords() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let logged_in_user = new_logged_in_user(&env).await; + + let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token); + + let new_password = VALID_PASSWORD.to_string(); + + let response = client + .change_password( + Username::new(logged_in_user.username.clone()), + ChangePasswordForm { + current_password: DEFAULT_PASSWORD.to_string(), + password: new_password.clone(), + confirm_password: new_password.clone(), + }, + ) + .await; + + assert_eq!(response.status, 200); + } + #[tokio::test] + async fn it_should_not_allow_a_registered_to_ban_a_user() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let logged_in_user = new_logged_in_user(&env).await; + + let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token); + + let registered_user = new_registered_user(&env).await; + + let response = client.ban_user(Username::new(registered_user.username.clone())).await; + + assert_eq!(response.status, 403); + } + } } From b691eca203ec49709a52a61479901854a82f45f2 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 4 Nov 2024 13:10:48 +0100 Subject: [PATCH 3/4] test: authorization tests for admin users --- .../e2e/web/api/v1/contexts/user/contract.rs | 73 ++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/tests/e2e/web/api/v1/contexts/user/contract.rs b/tests/e2e/web/api/v1/contexts/user/contract.rs index 98984e42..9d406d0c 100644 --- a/tests/e2e/web/api/v1/contexts/user/contract.rs +++ b/tests/e2e/web/api/v1/contexts/user/contract.rs @@ -339,7 +339,7 @@ mod authorization { assert_eq!(response.status, 200); } #[tokio::test] - async fn it_should_not_allow_a_registered_to_ban_a_user() { + async fn it_should_not_allow_a_registered_user_to_ban_a_user() { let mut env = TestEnv::new(); env.start(api::Version::V1).await; @@ -354,4 +354,75 @@ mod authorization { assert_eq!(response.status, 403); } } + mod for_admin_users { + use torrust_index::web::api; + + use crate::common::client::Client; + use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD}; + use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username}; + use crate::e2e::environment::TestEnv; + use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_registered_user}; + + #[tokio::test] + async fn it_should_not_allow_an_admin_user_to_register() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let logged_in_admin = new_logged_in_admin(&env).await; + + let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token); + + let response = client + .register_user(RegistrationForm { + username: logged_in_admin.username, + email: Some("test@email.com".to_string()), + password: VALID_PASSWORD.to_string(), + confirm_password: VALID_PASSWORD.to_string(), + }) + .await; + + assert_eq!(response.status, 400); + } + + #[tokio::test] + async fn it_should_allow_admin_users_to_change_their_passwords() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let logged_in_admin = new_logged_in_admin(&env).await; + + let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token); + + let new_password = VALID_PASSWORD.to_string(); + + let response = client + .change_password( + Username::new(logged_in_admin.username.clone()), + ChangePasswordForm { + current_password: DEFAULT_PASSWORD.to_string(), + password: new_password.clone(), + confirm_password: new_password.clone(), + }, + ) + .await; + + assert_eq!(response.status, 200); + } + + #[tokio::test] + async fn it_should_allow_an_admin_to_ban_a_user() { + let mut env = TestEnv::new(); + env.start(api::Version::V1).await; + + let logged_in_admin = new_logged_in_admin(&env).await; + + let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token); + + let registered_user = new_registered_user(&env).await; + + let response = client.ban_user(Username::new(registered_user.username.clone())).await; + + assert_eq!(response.status, 200); + } + } } From 6b055e911188312cc232297eeced2e24e9e3a793 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 4 Nov 2024 17:58:07 +0100 Subject: [PATCH 4/4] test: duplicated test removed --- tests/e2e/web/api/v1/contexts/user/contract.rs | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/tests/e2e/web/api/v1/contexts/user/contract.rs b/tests/e2e/web/api/v1/contexts/user/contract.rs index 9d406d0c..a93faa03 100644 --- a/tests/e2e/web/api/v1/contexts/user/contract.rs +++ b/tests/e2e/web/api/v1/contexts/user/contract.rs @@ -186,7 +186,7 @@ mod banned_user_list { use crate::common::contexts::user::asserts::assert_banned_user_response; use crate::common::contexts::user::forms::Username; use crate::e2e::environment::TestEnv; - use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_logged_in_user, new_registered_user}; + use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_registered_user}; #[tokio::test] async fn it_should_allow_an_admin_to_ban_a_user() { @@ -203,22 +203,6 @@ mod banned_user_list { assert_banned_user_response(&response, ®istered_user); } - - #[tokio::test] - async fn it_should_not_allow_a_non_admin_to_ban_a_user() { - let mut env = TestEnv::new(); - env.start(api::Version::V1).await; - - let logged_non_admin = new_logged_in_user(&env).await; - - let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_non_admin.token); - - let registered_user = new_registered_user(&env).await; - - let response = client.ban_user(Username::new(registered_user.username.clone())).await; - - assert_eq!(response.status, 403); - } } mod authorization {