test: authorization tests for guest users

torrust · Nov 2, 2024 · ab2164e · ab2164e
1 parent 5c38420
commit ab2164e
Showing 1 changed file with 58 additions and 8 deletions.
diff --git a/tests/e2e/web/api/v1/contexts/user/contract.rs b/tests/e2e/web/api/v1/contexts/user/contract.rs
@@ -219,18 +219,68 @@ mod banned_user_list {
 
         assert_eq!(response.status, 403);
     }
+}
 
-    #[tokio::test]
-    async fn it_should_not_allow_a_guest_to_ban_a_user() {
-        let mut env = TestEnv::new();
-        env.start(api::Version::V1).await;
+mod authorization {
+    mod for_guest_users {
+        use torrust_index::web::api;
 
-        let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
+        use crate::common::client::Client;
+        use crate::common::contexts::user::fixtures::{random_user_registration_form, DEFAULT_PASSWORD, VALID_PASSWORD};
+        use crate::common::contexts::user::forms::{ChangePasswordForm, Username};
+        use crate::e2e::environment::TestEnv;
+        use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_user, new_registered_user};
 
-        let registered_user = new_registered_user(&env).await;
+        #[tokio::test]
+        async fn it_should_allow_a_guest_user_to_register() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
 
-        let response = client.ban_user(Username::new(registered_user.username.clone())).await;
+            let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
+
+            let form = random_user_registration_form();
+
+            let response = client.register_user(form).await;
+
+            assert_eq!(response.status, 200);
+        }
+
+        #[tokio::test]
+        async fn it_should_not_allow_guest_users_to_change_passwords() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let logged_in_user = new_logged_in_user(&env).await;
+
+            let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
+
+            let new_password = VALID_PASSWORD.to_string();
+
+            let response = client
+                .change_password(
+                    Username::new(logged_in_user.username.clone()),
+                    ChangePasswordForm {
+                        current_password: DEFAULT_PASSWORD.to_string(),
+                        password: new_password.clone(),
+                        confirm_password: new_password.clone(),
+                    },
+                )
+                .await;
+
+            assert_eq!(response.status, 401);
+        }
+        #[tokio::test]
+        async fn it_should_not_allow_a_guest_to_ban_a_user() {
+            let mut env = TestEnv::new();
+            env.start(api::Version::V1).await;
+
+            let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
+
+            let registered_user = new_registered_user(&env).await;
+
+            let response = client.ban_user(Username::new(registered_user.username.clone())).await;
 
-        assert_eq!(response.status, 401);
+            assert_eq!(response.status, 401);
+        }
     }
 }