From b691eca203ec49709a52a61479901854a82f45f2 Mon Sep 17 00:00:00 2001
From: Mario <mariomnt945@gmail.com>
Date: Mon, 4 Nov 2024 13:10:48 +0100
Subject: [PATCH] test: authorization tests for admin users

---
 .../e2e/web/api/v1/contexts/user/contract.rs  | 73 ++++++++++++++++++-
 1 file changed, 72 insertions(+), 1 deletion(-)

diff --git a/tests/e2e/web/api/v1/contexts/user/contract.rs b/tests/e2e/web/api/v1/contexts/user/contract.rs
index 98984e42..9d406d0c 100644
--- a/tests/e2e/web/api/v1/contexts/user/contract.rs
+++ b/tests/e2e/web/api/v1/contexts/user/contract.rs
@@ -339,7 +339,7 @@ mod authorization {
             assert_eq!(response.status, 200);
         }
         #[tokio::test]
-        async fn it_should_not_allow_a_registered_to_ban_a_user() {
+        async fn it_should_not_allow_a_registered_user_to_ban_a_user() {
             let mut env = TestEnv::new();
             env.start(api::Version::V1).await;
 
@@ -354,4 +354,75 @@ mod authorization {
             assert_eq!(response.status, 403);
         }
     }
+    mod for_admin_users {
+        use torrust_index::web::api;
+
+        use crate::common::client::Client;
+        use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD};
+        use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username};
+        use crate::e2e::environment::TestEnv;
+        use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_registered_user};
+
+        #[tokio::test]
+        async fn it_should_not_allow_an_admin_user_to_register() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let logged_in_admin = new_logged_in_admin(&env).await;
+
+            let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
+
+            let response = client
+                .register_user(RegistrationForm {
+                    username: logged_in_admin.username,
+                    email: Some("test@email.com".to_string()),
+                    password: VALID_PASSWORD.to_string(),
+                    confirm_password: VALID_PASSWORD.to_string(),
+                })
+                .await;
+
+            assert_eq!(response.status, 400);
+        }
+
+        #[tokio::test]
+        async fn it_should_allow_admin_users_to_change_their_passwords() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let logged_in_admin = new_logged_in_admin(&env).await;
+
+            let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
+
+            let new_password = VALID_PASSWORD.to_string();
+
+            let response = client
+                .change_password(
+                    Username::new(logged_in_admin.username.clone()),
+                    ChangePasswordForm {
+                        current_password: DEFAULT_PASSWORD.to_string(),
+                        password: new_password.clone(),
+                        confirm_password: new_password.clone(),
+                    },
+                )
+                .await;
+
+            assert_eq!(response.status, 200);
+        }
+
+        #[tokio::test]
+        async fn it_should_allow_an_admin_to_ban_a_user() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let logged_in_admin = new_logged_in_admin(&env).await;
+
+            let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
+
+            let registered_user = new_registered_user(&env).await;
+
+            let response = client.ban_user(Username::new(registered_user.username.clone())).await;
+
+            assert_eq!(response.status, 200);
+        }
+    }
 }