150 lines
5.7 KiB
C#
150 lines
5.7 KiB
C#
using System.Net;
|
|
using System.Net.Http.Json;
|
|
using Randall.Api.IntegrationTests.Helpers;
|
|
|
|
namespace Randall.Api.IntegrationTests.Admin;
|
|
|
|
public class AdminTests(CustomWebApplicationFactory factory) : IClassFixture<CustomWebApplicationFactory>
|
|
{
|
|
[Fact]
|
|
public async Task GetAllUsers_WithoutAuth_Returns401()
|
|
{
|
|
var client = factory.CreateClient();
|
|
|
|
var response = await client.GetAsync("/api/admin/users");
|
|
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task GetAllUsers_WithNonAdmin_Returns403()
|
|
{
|
|
var email = $"{Guid.NewGuid():N}@test.com";
|
|
var token = await AuthHelper.CreateApprovedUserAndLoginAsync(factory, email);
|
|
|
|
var client = factory.CreateClient();
|
|
AuthHelper.SetBearerToken(client, token);
|
|
|
|
var response = await client.GetAsync("/api/admin/users");
|
|
|
|
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task GetAllUsers_WithAdmin_ReturnsUserList()
|
|
{
|
|
var client = factory.CreateClient();
|
|
var adminLogin = await AuthHelper.LoginAsAdminAsync(client);
|
|
AuthHelper.SetBearerToken(client, adminLogin.Token);
|
|
|
|
var users = await client.GetFromJsonAsync<List<AdminUserResponse>>(
|
|
"/api/admin/users", AuthHelper.JsonOptions);
|
|
|
|
Assert.NotNull(users);
|
|
Assert.Contains(users, u => u.Email == AuthHelper.AdminEmail && u.IsAdmin);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task GetPendingUsers_ShowsNewlyRegisteredUser()
|
|
{
|
|
var email = $"{Guid.NewGuid():N}@test.com";
|
|
var registerClient = factory.CreateClient();
|
|
await registerClient.PostAsJsonAsync("/api/auth/register",
|
|
new { Email = email, Password = "Test@1234", Name = "Pending User" });
|
|
|
|
var client = factory.CreateClient();
|
|
var adminLogin = await AuthHelper.LoginAsAdminAsync(client);
|
|
AuthHelper.SetBearerToken(client, adminLogin.Token);
|
|
|
|
var pending = await client.GetFromJsonAsync<List<PendingUserResponse>>(
|
|
"/api/admin/users/pending", AuthHelper.JsonOptions);
|
|
|
|
Assert.NotNull(pending);
|
|
Assert.Contains(pending, u => u.Email.Equals(email, StringComparison.OrdinalIgnoreCase));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task ApproveUser_AllowsSubsequentLogin()
|
|
{
|
|
var email = $"{Guid.NewGuid():N}@test.com";
|
|
var registerClient = factory.CreateClient();
|
|
await registerClient.PostAsJsonAsync("/api/auth/register",
|
|
new { Email = email, Password = "Test@1234", Name = "Pending User" });
|
|
|
|
var client = factory.CreateClient();
|
|
var adminLogin = await AuthHelper.LoginAsAdminAsync(client);
|
|
AuthHelper.SetBearerToken(client, adminLogin.Token);
|
|
|
|
var pending = await client.GetFromJsonAsync<List<PendingUserResponse>>(
|
|
"/api/admin/users/pending", AuthHelper.JsonOptions);
|
|
var userId = pending!.First(u => u.Email.Equals(email, StringComparison.OrdinalIgnoreCase)).Id;
|
|
|
|
var approveResponse = await client.PostAsync($"/api/admin/users/{userId}/approve", null);
|
|
Assert.Equal(HttpStatusCode.NoContent, approveResponse.StatusCode);
|
|
|
|
// User can now login
|
|
var loginClient = factory.CreateClient();
|
|
var login = await AuthHelper.LoginAsync(loginClient, email, "Test@1234");
|
|
Assert.NotEmpty(login.Token);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task MakeAdmin_ElevatesUserToAdmin()
|
|
{
|
|
var email = $"{Guid.NewGuid():N}@test.com";
|
|
await AuthHelper.CreateApprovedUserAndLoginAsync(factory, email);
|
|
|
|
var client = factory.CreateClient();
|
|
var adminLogin = await AuthHelper.LoginAsAdminAsync(client);
|
|
AuthHelper.SetBearerToken(client, adminLogin.Token);
|
|
|
|
var users = await client.GetFromJsonAsync<List<AdminUserResponse>>(
|
|
"/api/admin/users", AuthHelper.JsonOptions);
|
|
var userId = users!.First(u => u.Email.Equals(email, StringComparison.OrdinalIgnoreCase)).Id;
|
|
|
|
var response = await client.PostAsync($"/api/admin/users/{userId}/make-admin", null);
|
|
|
|
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
|
|
|
|
// Verify the user is now admin
|
|
var updated = await client.GetFromJsonAsync<List<AdminUserResponse>>(
|
|
"/api/admin/users", AuthHelper.JsonOptions);
|
|
Assert.True(updated!.First(u => u.Id == userId).IsAdmin);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task DeleteUser_NonAdminUser_Returns204()
|
|
{
|
|
var email = $"{Guid.NewGuid():N}@test.com";
|
|
await AuthHelper.CreateApprovedUserAndLoginAsync(factory, email);
|
|
|
|
var client = factory.CreateClient();
|
|
var adminLogin = await AuthHelper.LoginAsAdminAsync(client);
|
|
AuthHelper.SetBearerToken(client, adminLogin.Token);
|
|
|
|
var users = await client.GetFromJsonAsync<List<AdminUserResponse>>(
|
|
"/api/admin/users", AuthHelper.JsonOptions);
|
|
var userId = users!.First(u => u.Email.Equals(email, StringComparison.OrdinalIgnoreCase)).Id;
|
|
|
|
var response = await client.DeleteAsync($"/api/admin/users/{userId}");
|
|
|
|
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task DeleteUser_Self_ReturnsBadRequest()
|
|
{
|
|
var client = factory.CreateClient();
|
|
var adminLogin = await AuthHelper.LoginAsAdminAsync(client);
|
|
AuthHelper.SetBearerToken(client, adminLogin.Token);
|
|
|
|
var users = await client.GetFromJsonAsync<List<AdminUserResponse>>(
|
|
"/api/admin/users", AuthHelper.JsonOptions);
|
|
var adminId = users!.First(u => u.Email == AuthHelper.AdminEmail).Id;
|
|
|
|
var response = await client.DeleteAsync($"/api/admin/users/{adminId}");
|
|
|
|
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
|
}
|
|
}
|