import { Test, TestingModule } from "@nestjs/testing"; import { INestApplication, ValidationPipe } from "@nestjs/common"; import { AppModule } from "@/src/app.module"; const request = require("supertest"); /** * E2E Tests for Admin Management Endpoints * * Prerequisites: * 1. Start test services: docker-compose -f test/docker-compose.yml up -d * 2. Run: pnpm test:e2e * * Tests cover: * - Admin user listing (paginated) * - Admin user detail retrieval * - Admin session management (list, revoke, force logout) * - Admin MFA management (view status, disable) * - Admin password reset trigger * - AdminAuthGuard enforcement (rejects non-admin users) */ describe("Admin Controller (e2e)", () => { let app: INestApplication; let regularSessionToken: string; let regularUserId: string; const regularUser = { email: `admin-e2e-regular-${Date.now()}@example.com`, username: `adminregular${Date.now()}`, password: "SecurePass123!", }; beforeAll(async () => { const moduleFixture: TestingModule = await Test.createTestingModule({ imports: [AppModule], }).compile(); app = moduleFixture.createNestApplication(); app.useGlobalPipes( new ValidationPipe({ whitelist: true, transform: true, forbidNonWhitelisted: true, }), ); await app.init(); // Register a regular user for access control tests const registerRes = await request(app.getHttpServer()) .post("/auth/register") .send(regularUser); regularSessionToken = registerRes.body.sessionId; regularUserId = registerRes.body.user?.id; }); afterAll(async () => { await app.close(); }); describe("Admin Access Control", () => { it("should reject unauthenticated requests to admin endpoints", () => { return request(app.getHttpServer()) .get("/admin/users") .expect(401); }); it("should reject non-admin user requests to admin endpoints", () => { return request(app.getHttpServer()) .get("/admin/users") .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); describe("GET /admin/users", () => { it("should reject non-admin access", () => { return request(app.getHttpServer()) .get("/admin/users") .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); describe("GET /admin/users/:id", () => { it("should reject non-admin access to user details", () => { return request(app.getHttpServer()) .get(`/admin/users/${regularUserId}`) .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); describe("GET /admin/sessions", () => { it("should reject non-admin access to session listing", () => { return request(app.getHttpServer()) .get("/admin/sessions") .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); describe("GET /admin/sessions/stats", () => { it("should reject non-admin access to session stats", () => { return request(app.getHttpServer()) .get("/admin/sessions/stats") .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); describe("POST /admin/users/:id/logout-all", () => { it("should reject non-admin force logout", () => { return request(app.getHttpServer()) .post(`/admin/users/${regularUserId}/logout-all`) .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); describe("GET /admin/users/:id/mfa", () => { it("should reject non-admin MFA status check", () => { return request(app.getHttpServer()) .get(`/admin/users/${regularUserId}/mfa`) .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); describe("POST /admin/users/:id/password-reset", () => { it("should reject non-admin password reset trigger", () => { return request(app.getHttpServer()) .post(`/admin/users/${regularUserId}/password-reset`) .set("Authorization", `Bearer ${regularSessionToken}`) .expect(403); }); }); });