Merge branch 'qa-restric-access-by-ip-address-spec' into 'master'

E2E test for Restrict group access by ip address spec Closes gitlab-org/quality/testcases#100 See merge request gitlab-org/gitlab-ee!15632

Merge branch 'qa-restric-access-by-ip-address-spec' into 'master'
E2E test for Restrict group access by ip address spec Closes gitlab-org/quality/testcases#100 See merge request gitlab-org/gitlab-ee!15632
37515bb0 · Sanad Liaquat · 1cb0dc20 · 87567b57 · 37515bb0 · 37515bb0
Commit 37515bb0 authored Aug 28, 2019 by Sanad Liaquat
10 changed files
--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
@@ -14,7 +14,7 @@
  .settings-content
    = render 'groups/settings/general'

-%section.settings.gs-permissions.no-animate#js-permissions-settings{ class: ('expanded' if expanded) }
+%section.settings.gs-permissions.no-animate#js-permissions-settings{ class: ('expanded' if expanded), data: { qa_selector: 'permission_lfs_2fa_section' } }
  .settings-header
    %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only{ role: 'button' }
      = _('Permissions, LFS, 2FA')

--- a/app/views/groups/settings/_permissions.html.haml
+++ b/app/views/groups/settings/_permissions.html.haml
@@ -31,4 +31,4 @@
    = render 'groups/settings/two_factor_auth', f: f
    = render_if_exists 'groups/member_lock_setting', f: f, group: @group

-  = f.submit _('Save changes'), class: 'btn btn-success prepend-top-default js-dirty-submit'
+  = f.submit _('Save changes'), class: 'btn btn-success prepend-top-default js-dirty-submit', data: { qa_selector: 'save_permissions_changes_button' }
--- a/app/views/layouts/nav/sidebar/_group.html.haml
+++ b/app/views/layouts/nav/sidebar/_group.html.haml
@@ -147,7 +147,7 @@
                  = _('Settings')
            %li.divider.fly-out-top-item
            = nav_link(path: 'groups#edit') do
-              = link_to edit_group_path(@group), title: _('General') do
+              = link_to edit_group_path(@group), title: _('General'), data: { qa_selector: 'general_settings_link' } do
                %span
                  = _('General')


--- a/ee/app/views/groups/settings/_ip_restriction.html.haml
+++ b/ee/app/views/groups/settings/_ip_restriction.html.haml
@@ -10,7 +10,7 @@
    .form-text.text-muted
      = _('IP address restriction is not editable in subgroups. Value inherited from top-level parent group.')
  - else
-    = f.text_field :ip_restriction_ranges, class: 'form-control', placeholder: _('Enter IP address range')
+    = f.text_field :ip_restriction_ranges, class: 'form-control', data: { qa_selector: 'ip_restriction_field' }, placeholder: _('Enter IP address range')
  .form-text.text-muted
    - read_more_link = link_to(_('Read more'), help_page_path('user/group/index', anchor: 'ip-access-restriction-ultimate'))
    = _('This group, including all subgroups, projects and git repositories, will only be reachable from the specified IP address range. Multiple addresses are supported with comma delimiters. Example: <code>192.168.0.0/24,192.168.1.0/24</code>. %{read_more_link}.').html_safe % { read_more_link: read_more_link }
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -160,6 +160,10 @@ module QA
    module Group
      autoload :New, 'qa/page/group/new'
      autoload :Show, 'qa/page/group/show'
+
+      module Settings
+        autoload :General, 'qa/page/group/settings/general'
+      end
    end

    module File

--- a/qa/qa/ee/page/group/menu.rb
+++ b/qa/qa/ee/page/group/menu.rb
@@ -15,6 +15,7 @@ module QA
            element :group_sidebar_submenu
            element :group_settings_item
            element :group_members_item
+            element :general_settings_link
          end

          view 'ee/app/views/layouts/nav/ee/_epic_link.html.haml' do
@@ -57,6 +58,14 @@ module QA
            end
          end

+          def click_group_general_settings_item
+            hover_settings do
+              within_submenu do
+                click_element(:general_settings_link)
+              end
+            end
+          end
+
          def click_group_epics_link
            within_sidebar do
              click_element(:group_epics_link)

--- a/qa/qa/ee/page/group/settings/general.rb
+++ b/qa/qa/ee/page/group/settings/general.rb
@@ -15,6 +15,10 @@ module QA
              element :save_changes_button
            end

+            view 'ee/app/views/groups/settings/_ip_restriction.html.haml' do
+              element :ip_restriction_field
+            end
+
            def current_custom_project_template
              expand_section(:custom_project_templates)

@@ -33,6 +37,13 @@ module QA
              search_and_select(path)
              click_element :save_changes_button
            end
+
+            def set_ip_address_restriction(ip_address)
+              expand_section(:permission_lfs_2fa_section)
+              find_element(:ip_restriction_field).send_keys([:command, 'a'], :backspace)
+              find_element(:ip_restriction_field).set ip_address
+              click_element :save_permissions_changes_button
+            end
          end
        end
      end

--- a/qa/qa/page/group/settings/general.rb
+++ b/qa/qa/page/group/settings/general.rb
+# frozen_string_literal: true
+
+module QA
+  module Page
+    module Group
+      module Settings
+        class General < QA::Page::Base
+          view 'app/views/groups/edit.html.haml' do
+            element :permission_lfs_2fa_section
+          end
+          view 'app/views/groups/settings/_permissions.html.haml' do
+            element :save_permissions_changes_button
+          end
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/resource/sandbox.rb
+++ b/qa/qa/resource/sandbox.rb
@@ -7,7 +7,7 @@ module QA
    # creating it if it doesn't yet exist.
    #
    class Sandbox < Base
-      attr_reader :path
+      attr_accessor :path

      attribute :id


--- a/qa/qa/specs/features/ee/browser_ui/1_manage/group/restrict_by_ip_address_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/1_manage/group/restrict_by_ip_address_spec.rb
+# frozen_string_literal: true
+require 'securerandom'
+require 'socket'
+
+module QA
+  context 'Manage' do
+    describe 'Group access' do
+      LOOPBACK_ADDRESS = '127.0.0.1'
+
+      before(:all) do
+        @sandbox_group = Resource::Sandbox.fabricate! do |sandbox_group|
+          sandbox_group.path = 'gitlab-qa-ip-restricted-sandbox-group'
+        end
+
+        @user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
+
+        @group = Resource::Group.fabricate_via_api! do |group|
+          group.path = "ip-address-restricted-group-#{SecureRandom.hex(8)}"
+          group.sandbox = @sandbox_group
+        end
+      end
+
+      before do
+        Page::Main::Menu.perform do |menu|
+          menu.sign_out if menu.has_personal_area?(wait: 0)
+        end
+
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+        Page::Main::Login.perform(&:sign_in_using_credentials)
+      end
+
+      context 'when restricted by another ip address' do
+        it 'denies access' do
+          @group.sandbox.visit!
+
+          EE::Page::Group::Menu.perform(&:click_group_general_settings_item)
+
+          EE::Page::Group::Settings::General.perform do |settings|
+            settings.set_ip_address_restriction(get_next_ip_address)
+          end
+
+          Page::Main::Menu.perform do |menu|
+            menu.sign_out if menu.has_personal_area?(wait: 0)
+          end
+
+          Page::Main::Login.perform do |menu|
+            menu.sign_in_using_credentials(@user)
+          end
+
+          @group.sandbox.visit!
+          expect(page).to have_text('Page Not Found')
+          page.go_back
+
+          @group.visit!
+          expect(page).to have_text('Page Not Found')
+          page.go_back
+        end
+      end
+
+      context 'when restricted by user\'s ip address' do
+        it 'allows access' do
+          @group.sandbox.visit!
+
+          EE::Page::Group::Menu.perform(&:click_group_general_settings_item)
+
+          EE::Page::Group::Settings::General.perform do |settings|
+            settings.set_ip_address_restriction(get_current_ip_address)
+          end
+
+          Page::Main::Menu.perform do |menu|
+            menu.sign_out if menu.has_personal_area?(wait: 0)
+          end
+
+          Page::Main::Login.perform do |menu|
+            menu.sign_in_using_credentials(@user)
+          end
+
+          @group.sandbox.visit!
+          expect(page).to have_text(@group.sandbox.path)
+
+          @group.visit!
+          expect(page).to have_text(@group.path)
+        end
+      end
+
+      def get_current_ip_address
+        return LOOPBACK_ADDRESS if page.current_host.include?('localhost')
+
+        Socket.ip_address_list.detect { |intf| intf.ipv4_private? }.ip_address
+      end
+
+      def get_next_ip_address
+        current_ip = get_current_ip_address
+
+        QA::Runtime::Logger.info "User's ip address: #{current_ip}"
+
+        current_last_part = current_ip.split(".").pop.to_i
+
+        updated_last_part = current_last_part < 255 ? current_last_part + 1 : 1
+
+        current_ip.split(".")[0...-1].push(updated_last_part).join(".")
+      end
+    end
+  end
+end