Skip to content

Commit

Permalink
test: added authorization tests for the category context
Browse files Browse the repository at this point in the history
  • Loading branch information
mario-nt committed Aug 14, 2024
1 parent 2f35d64 commit f2f1c57
Showing 1 changed file with 173 additions and 100 deletions.
273 changes: 173 additions & 100 deletions tests/e2e/web/api/v1/contexts/category/contract.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,11 @@ use torrust_index::web::api;

use crate::common::asserts::assert_json_ok_response;
use crate::common::client::Client;
use crate::common::contexts::category::asserts::{assert_added_category_response, assert_deleted_category_response};
use crate::common::contexts::category::fixtures::random_category_name;
use crate::common::contexts::category::forms::{AddCategoryForm, DeleteCategoryForm};
use crate::common::contexts::category::forms::AddCategoryForm;
use crate::common::contexts::category::responses::ListResponse;
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::category::steps::{add_category, add_random_category};
use crate::e2e::web::api::v1::contexts::user::steps::{new_logged_in_admin, new_logged_in_user};
use crate::e2e::web::api::v1::contexts::user::steps::new_logged_in_admin;

#[tokio::test]
async fn it_should_return_an_empty_category_list_when_there_are_no_categories() {
Expand Down Expand Up @@ -48,151 +46,226 @@ async fn it_should_return_a_category_list() {
}

#[tokio::test]
async fn it_should_not_allow_adding_a_new_category_to_unauthenticated_users() {
async fn it_should_not_allow_adding_empty_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
let logged_in_admin = new_logged_in_admin(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let response = client
.add_category(AddCategoryForm {
name: "CATEGORY NAME".to_string(),
icon: None,
})
.await;
let invalid_category_names = vec![String::new(), " ".to_string()];

assert_eq!(response.status, 401);
for invalid_name in invalid_category_names {
let response = client
.add_category(AddCategoryForm {
name: invalid_name,
icon: None,
})
.await;

assert_eq!(response.status, 400);
}
}

#[tokio::test]
async fn it_should_not_allow_adding_a_new_category_to_non_admins() {
async fn it_should_not_allow_adding_duplicated_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_non_admin = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_non_admin.token);
let added_category_name = add_random_category(&env).await;

let response = client
.add_category(AddCategoryForm {
name: "CATEGORY NAME".to_string(),
icon: None,
})
.await;
// Try to add the same category again
let response = add_category(&added_category_name, &env).await;

assert_eq!(response.status, 403);
assert_eq!(response.status, 400);
}

#[tokio::test]
async fn it_should_allow_admins_to_add_new_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
mod for_guest_users {
use torrust_index::web::api;

let logged_in_admin = new_logged_in_admin(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
use crate::common::client::Client;
use crate::common::contexts::category::forms::{AddCategoryForm, DeleteCategoryForm};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::category::steps::add_random_category;

let category_name = random_category_name();
#[tokio::test]
async fn it_should_allow_guest_users_to_get_the_categories() {
let mut env = TestEnv::new();

let response = client
.add_category(AddCategoryForm {
name: category_name.to_string(),
icon: None,
})
.await;
env.start(api::Version::V1).await;

assert_added_category_response(&response, &category_name);
}
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

#[tokio::test]
async fn it_should_not_allow_adding_empty_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
let response = client.get_categories().await;

let logged_in_admin = new_logged_in_admin(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
assert_eq!(response.status, 200);
}

let invalid_category_names = vec![String::new(), " ".to_string()];
#[tokio::test]
async fn it_should_not_allow_adding_a_new_category_to_guest_users() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

for invalid_name in invalid_category_names {
let response = client
.add_category(AddCategoryForm {
name: invalid_name,
name: "CATEGORY NAME".to_string(),
icon: None,
})
.await;

assert_eq!(response.status, 400);
assert_eq!(response.status, 401);
}
}

#[tokio::test]
async fn it_should_not_allow_adding_duplicated_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
#[tokio::test]
async fn it_should_not_allow_guests_to_delete_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let added_category_name = add_random_category(&env).await;
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

// Try to add the same category again
let response = add_category(&added_category_name, &env).await;
let added_category_name = add_random_category(&env).await;

assert_eq!(response.status, 400);
let response = client
.delete_category(DeleteCategoryForm {
name: added_category_name.to_string(),
icon: None,
})
.await;

assert_eq!(response.status, 401);
}
}

#[tokio::test]
async fn it_should_allow_admins_to_delete_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
mod for_authenticated_users {
use torrust_index::web::api;

let logged_in_admin = new_logged_in_admin(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);
use crate::common::client::Client;
use crate::common::contexts::category::forms::{AddCategoryForm, DeleteCategoryForm};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::category::steps::add_random_category;
use crate::e2e::web::api::v1::contexts::user::steps::new_logged_in_user;

let added_category_name = add_random_category(&env).await;
#[tokio::test]
async fn it_should_allow_authenticated_users_to_get_the_categories() {
let mut env = TestEnv::new();

let response = client
.delete_category(DeleteCategoryForm {
name: added_category_name.to_string(),
icon: None,
})
.await;
env.start(api::Version::V1).await;

assert_deleted_category_response(&response, &added_category_name);
}
let authenticated_user = new_logged_in_user(&env).await;

#[tokio::test]
async fn it_should_not_allow_non_admins_to_delete_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &authenticated_user.token);

let added_category_name = add_random_category(&env).await;
let response = client.get_categories().await;

let logged_in_non_admin = new_logged_in_user(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_non_admin.token);
assert_eq!(response.status, 200);
}

let response = client
.delete_category(DeleteCategoryForm {
name: added_category_name.to_string(),
icon: None,
})
.await;
#[tokio::test]
async fn it_should_not_allow_adding_a_new_category_to_authenticated_users() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

assert_eq!(response.status, 403);
let logged_non_admin = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_non_admin.token);

let response = client
.add_category(AddCategoryForm {
name: "CATEGORY NAME".to_string(),
icon: None,
})
.await;

assert_eq!(response.status, 403);
}

#[tokio::test]
async fn it_should_not_allow_authenticated_users_to_delete_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let added_category_name = add_random_category(&env).await;

let logged_in_non_admin = new_logged_in_user(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_non_admin.token);

let response = client
.delete_category(DeleteCategoryForm {
name: added_category_name.to_string(),
icon: None,
})
.await;

assert_eq!(response.status, 403);
}
}

#[tokio::test]
async fn it_should_not_allow_guests_to_delete_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
mod for_admin_users {

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
use torrust_index::web::api;

let added_category_name = add_random_category(&env).await;
use crate::common::client::Client;
use crate::common::contexts::category::asserts::{assert_added_category_response, assert_deleted_category_response};
use crate::common::contexts::category::fixtures::random_category_name;
use crate::common::contexts::category::forms::{AddCategoryForm, DeleteCategoryForm};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::category::steps::add_random_category;
use crate::e2e::web::api::v1::contexts::user::steps::new_logged_in_admin;

#[tokio::test]
async fn it_should_allow_admins_to_get_categories() {
let mut env = TestEnv::new();

let response = client
.delete_category(DeleteCategoryForm {
name: added_category_name.to_string(),
icon: None,
})
.await;
env.start(api::Version::V1).await;

assert_eq!(response.status, 401);
let logged_in_admin = new_logged_in_admin(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let response = client.get_categories().await;

assert_eq!(response.status, 200);
}

#[tokio::test]
async fn it_should_allow_admins_to_add_new_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let category_name = random_category_name();

let response = client
.add_category(AddCategoryForm {
name: category_name.to_string(),
icon: None,
})
.await;

assert_added_category_response(&response, &category_name);
}

#[tokio::test]
async fn it_should_allow_admins_to_delete_categories() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let added_category_name = add_random_category(&env).await;

let response = client
.delete_category(DeleteCategoryForm {
name: added_category_name.to_string(),
icon: None,
})
.await;

assert_deleted_category_response(&response, &added_category_name);
}
}

0 comments on commit f2f1c57

Please sign in to comment.