Profile update tests

tests/api/helpers.rs

@@ -375,6 +375,30 @@ impl TestApp {
             .expect("Failed to execute request")
     }
 
+    pub async fn edit_profile<Body>(&self, body: &Body) -> reqwest::Response
+    where
+        Body: serde::Serialize,
+    {
+        self.api_client
+            .put(format!("{}/users/edit", self.address))
+            .form(body)
+            .send()
+            .await
+            .expect("Failed to execute request")
+    }
+
+    pub async fn get_profile(&self, username: &str) -> reqwest::Response {
+        self.api_client
+            .get(format!("{}/users/{}", self.address, username))
+            .send()
+            .await
+            .expect("Failed to execute request")
+    }
+
+    pub async fn get_profile_html(&self, username: &str) -> String {
+        self.get_profile(username).await.text().await.unwrap()
+    }
+
     pub async fn post_create_post<Body>(&self, body: &Body) -> reqwest::Response
     where
         Body: serde::Serialize,
@@ -426,6 +450,14 @@ impl TestApp {
             .await
             .expect("Failed to execute request")
     }
+
+    pub async fn get_user_id(&self, username: &str) -> Uuid {
+        let record = sqlx::query!("SELECT user_id FROM users WHERE username = $1", username)
+            .fetch_one(&self.connection_pool)
+            .await
+            .unwrap();
+        record.user_id
+    }
 }
 
 pub fn assert_is_redirect_to(response: &reqwest::Response, location: &str) {

tests/api/users.rs

@@ -344,3 +344,184 @@ async fn writers_cannot_perform_admin_functions(connection_pool: PgPool) {
         .unwrap();
     assert!(record.is_none());
 }
+
+#[sqlx::test]
+async fn user_can_change_his_display_name(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let user_id = app.get_user_id(username).await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+    let full_name = "Alphonse Paix";
+    let edit_body = serde_json::json!( {
+        "user_id": user_id,
+        "username": username,
+        "full_name": full_name,
+        "bio": "",
+    });
+    let html = app.get_profile_html(username).await;
+    assert!(!html.contains(full_name));
+    let response = app.edit_profile(&edit_body).await;
+    assert!(dbg!(response.text().await.unwrap()).contains("Your profile has been updated"));
+    let html = app.get_profile_html(username).await;
+    assert!(html.contains(full_name));
+}
+
+#[sqlx::test]
+async fn user_can_change_his_bio(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let user_id = app.get_user_id(username).await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+    let bio = "This is me";
+    let edit_body = serde_json::json!( {
+        "user_id": user_id,
+        "username": username,
+        "full_name": "",
+        "bio": bio,
+    });
+    let html = app.get_profile_html(username).await;
+    assert!(!html.contains(bio));
+    let response = app.edit_profile(&edit_body).await;
+    assert!(dbg!(response.text().await.unwrap()).contains("Your profile has been updated"));
+    let html = app.get_profile_html(username).await;
+    assert!(html.contains(bio));
+}
+
+#[sqlx::test]
+async fn user_can_change_his_username(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let user_id = app.get_user_id(username).await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+    let new_username = "alphonsepaix";
+    let edit_body = serde_json::json!( {
+        "user_id": user_id,
+        "username": new_username,
+        "full_name": "",
+        "bio": "",
+    });
+    let html = app.get_profile_html(username).await;
+    assert!(html.contains(username));
+    let response = app.edit_profile(&edit_body).await;
+    assert!(dbg!(response.text().await.unwrap()).contains("Your profile has been updated"));
+    let html = app.get_profile_html(username).await;
+    assert!(html.contains("404"));
+    let html = app.get_profile_html(new_username).await;
+    assert!(html.contains(new_username));
+}
+
+#[sqlx::test]
+async fn user_cannot_change_other_profiles(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let other_user_id = app.get_user_id("admin").await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+    let new_username = "alphonsepaix";
+    let edit_body = serde_json::json!( {
+        "user_id": other_user_id,
+        "username": new_username,
+        "full_name": "",
+        "bio": "",
+    });
+    let response = app.edit_profile(&edit_body).await;
+    assert!(
+        response
+            .text()
+            .await
+            .unwrap()
+            .contains("You are not authorized")
+    );
+}
+
+#[sqlx::test]
+async fn user_cannot_take_an_existing_username(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let user_id = app.get_user_id(username).await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+    let edit_body = serde_json::json!( {
+        "user_id": user_id,
+        "username": "admin",
+        "full_name": "",
+        "bio": "",
+    });
+    let response = app.edit_profile(&edit_body).await;
+    assert!(
+        response
+            .text()
+            .await
+            .unwrap()
+            .contains("This username is already taken")
+    );
+    let html = app.get_profile_html(username).await;
+    assert!(html.contains(username));
+}
+
+#[sqlx::test]
+async fn invalid_fields_are_rejected(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let user_id = app.get_user_id(username).await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+
+    let test_cases = [(
+        serde_json::json!({
+        "user_id": user_id,
+        "username": "ab",
+        "full_name": "",
+        "bio": "",
+        }),
+        "Username must be at least 3 characters",
+        "the username was too short",
+    )];
+    for (invalid_body, expected_error_message, explaination) in test_cases {
+        let html = app.edit_profile(&invalid_body).await;
+        assert!(
+            html.text().await.unwrap().contains(expected_error_message),
+            "The API did not reject the changes when {}",
+            explaination
+        );
+    }
+}