138 lines
4.1 KiB
TypeScript
138 lines
4.1 KiB
TypeScript
import { Test, TestingModule } from "@nestjs/testing";
|
|
import { INestApplication, ValidationPipe } from "@nestjs/common";
|
|
import { AppModule } from "@/src/app.module";
|
|
|
|
const request = require("supertest");
|
|
|
|
/**
|
|
* E2E Tests for Admin Management Endpoints
|
|
*
|
|
* Prerequisites:
|
|
* 1. Start test services: docker-compose -f test/docker-compose.yml up -d
|
|
* 2. Run: pnpm test:e2e
|
|
*
|
|
* Tests cover:
|
|
* - Admin user listing (paginated)
|
|
* - Admin user detail retrieval
|
|
* - Admin session management (list, revoke, force logout)
|
|
* - Admin MFA management (view status, disable)
|
|
* - Admin password reset trigger
|
|
* - AdminAuthGuard enforcement (rejects non-admin users)
|
|
*/
|
|
describe("Admin Controller (e2e)", () => {
|
|
let app: INestApplication;
|
|
let regularSessionToken: string;
|
|
let regularUserId: string;
|
|
|
|
const regularUser = {
|
|
email: `admin-e2e-regular-${Date.now()}@example.com`,
|
|
username: `adminregular${Date.now()}`,
|
|
password: "SecurePass123!",
|
|
};
|
|
|
|
beforeAll(async () => {
|
|
const moduleFixture: TestingModule = await Test.createTestingModule({
|
|
imports: [AppModule],
|
|
}).compile();
|
|
|
|
app = moduleFixture.createNestApplication();
|
|
app.useGlobalPipes(
|
|
new ValidationPipe({
|
|
whitelist: true,
|
|
transform: true,
|
|
forbidNonWhitelisted: true,
|
|
}),
|
|
);
|
|
await app.init();
|
|
|
|
// Register a regular user for access control tests
|
|
const registerRes = await request(app.getHttpServer())
|
|
.post("/auth/register")
|
|
.send(regularUser);
|
|
|
|
regularSessionToken = registerRes.body.sessionId;
|
|
regularUserId = registerRes.body.user?.id;
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await app.close();
|
|
});
|
|
|
|
describe("Admin Access Control", () => {
|
|
it("should reject unauthenticated requests to admin endpoints", () => {
|
|
return request(app.getHttpServer())
|
|
.get("/admin/users")
|
|
.expect(401);
|
|
});
|
|
|
|
it("should reject non-admin user requests to admin endpoints", () => {
|
|
return request(app.getHttpServer())
|
|
.get("/admin/users")
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
|
|
describe("GET /admin/users", () => {
|
|
it("should reject non-admin access", () => {
|
|
return request(app.getHttpServer())
|
|
.get("/admin/users")
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
|
|
describe("GET /admin/users/:id", () => {
|
|
it("should reject non-admin access to user details", () => {
|
|
return request(app.getHttpServer())
|
|
.get(`/admin/users/${regularUserId}`)
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
|
|
describe("GET /admin/sessions", () => {
|
|
it("should reject non-admin access to session listing", () => {
|
|
return request(app.getHttpServer())
|
|
.get("/admin/sessions")
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
|
|
describe("GET /admin/sessions/stats", () => {
|
|
it("should reject non-admin access to session stats", () => {
|
|
return request(app.getHttpServer())
|
|
.get("/admin/sessions/stats")
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
|
|
describe("POST /admin/users/:id/logout-all", () => {
|
|
it("should reject non-admin force logout", () => {
|
|
return request(app.getHttpServer())
|
|
.post(`/admin/users/${regularUserId}/logout-all`)
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
|
|
describe("GET /admin/users/:id/mfa", () => {
|
|
it("should reject non-admin MFA status check", () => {
|
|
return request(app.getHttpServer())
|
|
.get(`/admin/users/${regularUserId}/mfa`)
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
|
|
describe("POST /admin/users/:id/password-reset", () => {
|
|
it("should reject non-admin password reset trigger", () => {
|
|
return request(app.getHttpServer())
|
|
.post(`/admin/users/${regularUserId}/password-reset`)
|
|
.set("Authorization", `Bearer ${regularSessionToken}`)
|
|
.expect(403);
|
|
});
|
|
});
|
|
});
|