Commit f72f7455 authored by Sanad Liaquat's avatar Sanad Liaquat

Merge branch 'quarantine-specs-members-api' into 'master'

Restore the sequence of test steps to unblock deploy

See merge request gitlab-org/gitlab!30286
parents bc797061 1c66d576
...@@ -3,42 +3,33 @@ ...@@ -3,42 +3,33 @@
module QA module QA
context 'Plan', :reliable do context 'Plan', :reliable do
describe 'check xss occurence in @mentions in issues', :requires_admin do describe 'check xss occurence in @mentions in issues', :requires_admin do
let(:user) do it 'mentions a user in a comment' do
Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
end
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'xss-test-for-mentions-project'
project.add_member(user)
end
end
let(:issue) do
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end
end
before do
QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
unless QA::Runtime::Env.personal_access_token unless QA::Runtime::Env.personal_access_token
Flow::Login.sign_in_as_admin Flow::Login.sign_in_as_admin
end end
user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
QA::Runtime::Env.personal_access_token = nil QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) } Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Flow::Login.sign_in Flow::Login.sign_in
end
it 'mentions a user in a comment' do project = Resource::Project.fabricate_via_api! do |project|
issue.visit! project.name = 'xss-test-for-mentions-project'
end
Flow::Project.add_member(project: project, username: user.username)
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end.visit!
Page::Project::Issue::Show.perform do |show| Page::Project::Issue::Show.perform do |show|
show.select_all_activities_filter show.select_all_activities_filter
......
...@@ -16,38 +16,30 @@ module QA ...@@ -16,38 +16,30 @@ module QA
] ]
end end
let(:user) do before do
Resource::User.fabricate_or_use do |user| # Add two new users to a project as members
user.name = Runtime::Env.gitlab_qa_username_1 Flow::Login.sign_in
user.password = Runtime::Env.gitlab_qa_password_1
end
end
let(:user2) do @user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
Resource::User.fabricate_or_use do |user2| @user2 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2)
user2.name = Runtime::Env.gitlab_qa_username_2
user2.password = Runtime::Env.gitlab_qa_password_2
end
end
let(:project) do @project = Resource::Project.fabricate_via_api! do |project|
Resource::Project.fabricate_via_api! do |project|
project.name = "codeowners" project.name = "codeowners"
end end
end @project.visit!
before do Page::Project::Menu.perform(&:go_to_members_settings)
project.add_member(user) Page::Project::Settings::Members.perform do |members_page|
project.add_member(user2) members_page.add_member(@user.username)
members_page.add_member(@user2.username)
end
end end
it 'displays owners specified in CODEOWNERS file' do it 'displays owners specified in CODEOWNERS file' do
Flow::Login.sign_in
project.visit!
codeowners_file_content = codeowners_file_content =
<<-CONTENT <<-CONTENT
* @#{user2.username} * @#{@user2.username}
*.txt @#{user.username} *.txt @#{@user.username}
CONTENT CONTENT
files << { files << {
name: 'CODEOWNERS', name: 'CODEOWNERS',
...@@ -56,27 +48,27 @@ module QA ...@@ -56,27 +48,27 @@ module QA
# Push CODEOWNERS and test files to the project # Push CODEOWNERS and test files to the project
Resource::Repository::ProjectPush.fabricate! do |push| Resource::Repository::ProjectPush.fabricate! do |push|
push.project = project push.project = @project
push.files = files push.files = files
push.commit_message = 'Add CODEOWNERS and test files' push.commit_message = 'Add CODEOWNERS and test files'
end end
project.visit! @project.visit!
# Check the files and code owners # Check the files and code owners
Page::Project::Show.perform do |project_page| Page::Project::Show.perform do |project_page|
project_page.click_file 'file.txt' project_page.click_file 'file.txt'
end end
expect(page).to have_content(user.name) expect(page).to have_content(@user.name)
expect(page).not_to have_content(user2.name) expect(page).not_to have_content(@user2.name)
project.visit! @project.visit!
Page::Project::Show.perform do |project_page| Page::Project::Show.perform do |project_page|
project_page.click_file 'README.md' project_page.click_file 'README.md'
end end
expect(page).to have_content(user2.name) expect(page).to have_content(@user2.name)
expect(page).not_to have_content(user.name) expect(page).not_to have_content(@user.name)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment