Commit f72f7455 authored by Sanad Liaquat's avatar Sanad Liaquat

Merge branch 'quarantine-specs-members-api' into 'master'

Restore the sequence of test steps to unblock deploy

See merge request gitlab-org/gitlab!30286
parents bc797061 1c66d576
......@@ -3,42 +3,33 @@
module QA
context 'Plan', :reliable do
describe 'check xss occurence in @mentions in issues', :requires_admin do
let(:user) do
Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
end
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'xss-test-for-mentions-project'
project.add_member(user)
end
end
let(:issue) do
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end
end
before do
it 'mentions a user in a comment' do
QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
unless QA::Runtime::Env.personal_access_token
Flow::Login.sign_in_as_admin
end
user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Flow::Login.sign_in
project = Resource::Project.fabricate_via_api! do |project|
project.name = 'xss-test-for-mentions-project'
end
it 'mentions a user in a comment' do
issue.visit!
Flow::Project.add_member(project: project, username: user.username)
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end.visit!
Page::Project::Issue::Show.perform do |show|
show.select_all_activities_filter
......
......@@ -16,38 +16,30 @@ module QA
]
end
let(:user) do
Resource::User.fabricate_or_use do |user|
user.name = Runtime::Env.gitlab_qa_username_1
user.password = Runtime::Env.gitlab_qa_password_1
end
end
before do
# Add two new users to a project as members
Flow::Login.sign_in
let(:user2) do
Resource::User.fabricate_or_use do |user2|
user2.name = Runtime::Env.gitlab_qa_username_2
user2.password = Runtime::Env.gitlab_qa_password_2
end
end
@user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
@user2 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2)
let(:project) do
Resource::Project.fabricate_via_api! do |project|
@project = Resource::Project.fabricate_via_api! do |project|
project.name = "codeowners"
end
end
@project.visit!
before do
project.add_member(user)
project.add_member(user2)
Page::Project::Menu.perform(&:go_to_members_settings)
Page::Project::Settings::Members.perform do |members_page|
members_page.add_member(@user.username)
members_page.add_member(@user2.username)
end
end
it 'displays owners specified in CODEOWNERS file' do
Flow::Login.sign_in
project.visit!
codeowners_file_content =
<<-CONTENT
* @#{user2.username}
*.txt @#{user.username}
* @#{@user2.username}
*.txt @#{@user.username}
CONTENT
files << {
name: 'CODEOWNERS',
......@@ -56,27 +48,27 @@ module QA
# Push CODEOWNERS and test files to the project
Resource::Repository::ProjectPush.fabricate! do |push|
push.project = project
push.project = @project
push.files = files
push.commit_message = 'Add CODEOWNERS and test files'
end
project.visit!
@project.visit!
# Check the files and code owners
Page::Project::Show.perform do |project_page|
project_page.click_file 'file.txt'
end
expect(page).to have_content(user.name)
expect(page).not_to have_content(user2.name)
expect(page).to have_content(@user.name)
expect(page).not_to have_content(@user2.name)
project.visit!
@project.visit!
Page::Project::Show.perform do |project_page|
project_page.click_file 'README.md'
end
expect(page).to have_content(user2.name)
expect(page).not_to have_content(user.name)
expect(page).to have_content(@user2.name)
expect(page).not_to have_content(@user.name)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment