Commit 87567b57 authored by Sanad Liaquat's avatar Sanad Liaquat

Add E2E test for restrict access by ip addr

Add scenario with user's ip address and once scenario with other
ip address
parent 1cb0dc20
......@@ -14,7 +14,7 @@
.settings-content
= render 'groups/settings/general'
%section.settings.gs-permissions.no-animate#js-permissions-settings{ class: ('expanded' if expanded) }
%section.settings.gs-permissions.no-animate#js-permissions-settings{ class: ('expanded' if expanded), data: { qa_selector: 'permission_lfs_2fa_section' } }
.settings-header
%h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only{ role: 'button' }
= _('Permissions, LFS, 2FA')
......
......@@ -31,4 +31,4 @@
= render 'groups/settings/two_factor_auth', f: f
= render_if_exists 'groups/member_lock_setting', f: f, group: @group
= f.submit _('Save changes'), class: 'btn btn-success prepend-top-default js-dirty-submit'
= f.submit _('Save changes'), class: 'btn btn-success prepend-top-default js-dirty-submit', data: { qa_selector: 'save_permissions_changes_button' }
......@@ -147,7 +147,7 @@
= _('Settings')
%li.divider.fly-out-top-item
= nav_link(path: 'groups#edit') do
= link_to edit_group_path(@group), title: _('General') do
= link_to edit_group_path(@group), title: _('General'), data: { qa_selector: 'general_settings_link' } do
%span
= _('General')
......
......@@ -10,7 +10,7 @@
.form-text.text-muted
= _('IP address restriction is not editable in subgroups. Value inherited from top-level parent group.')
- else
= f.text_field :ip_restriction_ranges, class: 'form-control', placeholder: _('Enter IP address range')
= f.text_field :ip_restriction_ranges, class: 'form-control', data: { qa_selector: 'ip_restriction_field' }, placeholder: _('Enter IP address range')
.form-text.text-muted
- read_more_link = link_to(_('Read more'), help_page_path('user/group/index', anchor: 'ip-access-restriction-ultimate'))
= _('This group, including all subgroups, projects and git repositories, will only be reachable from the specified IP address range. Multiple addresses are supported with comma delimiters. Example: <code>192.168.0.0/24,192.168.1.0/24</code>. %{read_more_link}.').html_safe % { read_more_link: read_more_link }
......@@ -160,6 +160,10 @@ module QA
module Group
autoload :New, 'qa/page/group/new'
autoload :Show, 'qa/page/group/show'
module Settings
autoload :General, 'qa/page/group/settings/general'
end
end
module File
......
......@@ -15,6 +15,7 @@ module QA
element :group_sidebar_submenu
element :group_settings_item
element :group_members_item
element :general_settings_link
end
view 'ee/app/views/layouts/nav/ee/_epic_link.html.haml' do
......@@ -57,6 +58,14 @@ module QA
end
end
def click_group_general_settings_item
hover_settings do
within_submenu do
click_element(:general_settings_link)
end
end
end
def click_group_epics_link
within_sidebar do
click_element(:group_epics_link)
......
......@@ -15,6 +15,10 @@ module QA
element :save_changes_button
end
view 'ee/app/views/groups/settings/_ip_restriction.html.haml' do
element :ip_restriction_field
end
def current_custom_project_template
expand_section(:custom_project_templates)
......@@ -33,6 +37,13 @@ module QA
search_and_select(path)
click_element :save_changes_button
end
def set_ip_address_restriction(ip_address)
expand_section(:permission_lfs_2fa_section)
find_element(:ip_restriction_field).send_keys([:command, 'a'], :backspace)
find_element(:ip_restriction_field).set ip_address
click_element :save_permissions_changes_button
end
end
end
end
......
# frozen_string_literal: true
module QA
module Page
module Group
module Settings
class General < QA::Page::Base
view 'app/views/groups/edit.html.haml' do
element :permission_lfs_2fa_section
end
view 'app/views/groups/settings/_permissions.html.haml' do
element :save_permissions_changes_button
end
end
end
end
end
end
......@@ -7,7 +7,7 @@ module QA
# creating it if it doesn't yet exist.
#
class Sandbox < Base
attr_reader :path
attr_accessor :path
attribute :id
......
# frozen_string_literal: true
require 'securerandom'
require 'socket'
module QA
context 'Manage' do
describe 'Group access' do
LOOPBACK_ADDRESS = '127.0.0.1'
before(:all) do
@sandbox_group = Resource::Sandbox.fabricate! do |sandbox_group|
sandbox_group.path = 'gitlab-qa-ip-restricted-sandbox-group'
end
@user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
@group = Resource::Group.fabricate_via_api! do |group|
group.path = "ip-address-restricted-group-#{SecureRandom.hex(8)}"
group.sandbox = @sandbox_group
end
end
before do
Page::Main::Menu.perform do |menu|
menu.sign_out if menu.has_personal_area?(wait: 0)
end
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform(&:sign_in_using_credentials)
end
context 'when restricted by another ip address' do
it 'denies access' do
@group.sandbox.visit!
EE::Page::Group::Menu.perform(&:click_group_general_settings_item)
EE::Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(get_next_ip_address)
end
Page::Main::Menu.perform do |menu|
menu.sign_out if menu.has_personal_area?(wait: 0)
end
Page::Main::Login.perform do |menu|
menu.sign_in_using_credentials(@user)
end
@group.sandbox.visit!
expect(page).to have_text('Page Not Found')
page.go_back
@group.visit!
expect(page).to have_text('Page Not Found')
page.go_back
end
end
context 'when restricted by user\'s ip address' do
it 'allows access' do
@group.sandbox.visit!
EE::Page::Group::Menu.perform(&:click_group_general_settings_item)
EE::Page::Group::Settings::General.perform do |settings|
settings.set_ip_address_restriction(get_current_ip_address)
end
Page::Main::Menu.perform do |menu|
menu.sign_out if menu.has_personal_area?(wait: 0)
end
Page::Main::Login.perform do |menu|
menu.sign_in_using_credentials(@user)
end
@group.sandbox.visit!
expect(page).to have_text(@group.sandbox.path)
@group.visit!
expect(page).to have_text(@group.path)
end
end
def get_current_ip_address
return LOOPBACK_ADDRESS if page.current_host.include?('localhost')
Socket.ip_address_list.detect { |intf| intf.ipv4_private? }.ip_address
end
def get_next_ip_address
current_ip = get_current_ip_address
QA::Runtime::Logger.info "User's ip address: #{current_ip}"
current_last_part = current_ip.split(".").pop.to_i
updated_last_part = current_last_part < 255 ? current_last_part + 1 : 1
current_ip.split(".")[0...-1].push(updated_last_part).join(".")
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment