Commit 5882b387 authored by Erick Banks's avatar Erick Banks Committed by Dan Davison

Change tests to add members using API

Due to this failure
https://gitlab.com/gitlab-org/gitlab/-/issues/212185
I've changed the way some of the effected tests add
members to groups or projects so that they use the
API which is faster and avoids the error above
without impacting the integrity of the test.
parent 09762c21
...@@ -3,33 +3,42 @@ ...@@ -3,33 +3,42 @@
module QA module QA
context 'Plan', :reliable do context 'Plan', :reliable do
describe 'check xss occurence in @mentions in issues', :requires_admin do describe 'check xss occurence in @mentions in issues', :requires_admin do
it 'mentions a user in a comment' do let(:user) do
Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
end
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'xss-test-for-mentions-project'
project.add_member(user)
end
end
let(:issue) do
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end
end
before do
QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
unless QA::Runtime::Env.personal_access_token unless QA::Runtime::Env.personal_access_token
Flow::Login.sign_in_as_admin Flow::Login.sign_in_as_admin
end end
user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
QA::Runtime::Env.personal_access_token = nil QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) } Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Flow::Login.sign_in Flow::Login.sign_in
end
project = Resource::Project.fabricate_via_api! do |project| it 'mentions a user in a comment' do
project.name = 'xss-test-for-mentions-project' issue.visit!
end
Flow::Project.add_member(project: project, username: user.username)
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end.visit!
Page::Project::Issue::Show.perform do |show| Page::Project::Issue::Show.perform do |show|
show.select_all_activities_filter show.select_all_activities_filter
......
...@@ -16,30 +16,38 @@ module QA ...@@ -16,30 +16,38 @@ module QA
] ]
end end
before do let(:user) do
# Add two new users to a project as members Resource::User.fabricate_or_use do |user|
Flow::Login.sign_in user.name = Runtime::Env.gitlab_qa_username_1
user.password = Runtime::Env.gitlab_qa_password_1
end
end
@user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1) let(:user2) do
@user2 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2) Resource::User.fabricate_or_use do |user2|
user2.name = Runtime::Env.gitlab_qa_username_2
user2.password = Runtime::Env.gitlab_qa_password_2
end
end
@project = Resource::Project.fabricate_via_api! do |project| let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = "codeowners" project.name = "codeowners"
end end
@project.visit! end
Page::Project::Menu.perform(&:go_to_members_settings) before do
Page::Project::Settings::Members.perform do |members_page| project.add_member(user)
members_page.add_member(@user.username) project.add_member(user2)
members_page.add_member(@user2.username)
end
end end
it 'displays owners specified in CODEOWNERS file' do it 'displays owners specified in CODEOWNERS file' do
Flow::Login.sign_in
project.visit!
codeowners_file_content = codeowners_file_content =
<<-CONTENT <<-CONTENT
* @#{@user2.username} * @#{user2.username}
*.txt @#{@user.username} *.txt @#{user.username}
CONTENT CONTENT
files << { files << {
name: 'CODEOWNERS', name: 'CODEOWNERS',
...@@ -48,27 +56,27 @@ module QA ...@@ -48,27 +56,27 @@ module QA
# Push CODEOWNERS and test files to the project # Push CODEOWNERS and test files to the project
Resource::Repository::ProjectPush.fabricate! do |push| Resource::Repository::ProjectPush.fabricate! do |push|
push.project = @project push.project = project
push.files = files push.files = files
push.commit_message = 'Add CODEOWNERS and test files' push.commit_message = 'Add CODEOWNERS and test files'
end end
@project.visit! project.visit!
# Check the files and code owners # Check the files and code owners
Page::Project::Show.perform do |project_page| Page::Project::Show.perform do |project_page|
project_page.click_file 'file.txt' project_page.click_file 'file.txt'
end end
expect(page).to have_content(@user.name) expect(page).to have_content(user.name)
expect(page).not_to have_content(@user2.name) expect(page).not_to have_content(user2.name)
@project.visit! project.visit!
Page::Project::Show.perform do |project_page| Page::Project::Show.perform do |project_page|
project_page.click_file 'README.md' project_page.click_file 'README.md'
end end
expect(page).to have_content(@user2.name) expect(page).to have_content(user2.name)
expect(page).not_to have_content(@user.name) expect(page).not_to have_content(user.name)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment