test: registered users authorization tests

mario-nt · mario-nt · commit ae276ed19371 · 2024-11-02T18:58:42.000+01:00
diff --git a/tests/e2e/web/api/v1/contexts/user/contract.rs b/tests/e2e/web/api/v1/contexts/user/contract.rs
@@ -283,4 +283,75 @@ mod authorization {
             assert_eq!(response.status, 401);
         }
     }
+
+    mod for_registered_users {
+        use torrust_index::web::api;
+
+        use crate::common::client::Client;
+        use crate::common::contexts::user::fixtures::{DEFAULT_PASSWORD, VALID_PASSWORD};
+        use crate::common::contexts::user::forms::{ChangePasswordForm, RegistrationForm, Username};
+        use crate::e2e::environment::TestEnv;
+        use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user};
+
+        #[tokio::test]
+        async fn it_should_not_allow_a_registered_user_to_register() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let logged_in_user = new_logged_in_user(&env).await;
+
+            let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);
+
+            let response = client
+                .register_user(RegistrationForm {
+                    username: logged_in_user.username,
+                    email: Some("test@email.com".to_string()),
+                    password: VALID_PASSWORD.to_string(),
+                    confirm_password: VALID_PASSWORD.to_string(),
+                })
+                .await;
+
+            assert_eq!(response.status, 400);
+        }
+
+        #[tokio::test]
+        async fn it_should_allow_registered_users_to_change_their_passwords() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let logged_in_user = new_logged_in_user(&env).await;
+
+            let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);
+
+            let new_password = VALID_PASSWORD.to_string();
+
+            let response = client
+                .change_password(
+                    Username::new(logged_in_user.username.clone()),
+                    ChangePasswordForm {
+                        current_password: DEFAULT_PASSWORD.to_string(),
+                        password: new_password.clone(),
+                        confirm_password: new_password.clone(),
+                    },
+                )
+                .await;
+
+            assert_eq!(response.status, 200);
+        }
+        #[tokio::test]
+        async fn it_should_not_allow_a_registered_to_ban_a_user() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let logged_in_user = new_logged_in_user(&env).await;
+
+            let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_user.token);
+
+            let registered_user = new_registered_user(&env).await;
+
+            let response = client.ban_user(Username::new(registered_user.username.clone())).await;
+
+            assert_eq!(response.status, 403);
+        }
+    }
 }
