Commit 5882b387 authored by Erick Banks's avatar Erick Banks Committed by Dan Davison

Change tests to add members using API

Due to this failure
https://gitlab.com/gitlab-org/gitlab/-/issues/212185
I've changed the way some of the effected tests add
members to groups or projects so that they use the
API which is faster and avoids the error above
without impacting the integrity of the test.
parent 09762c21
......@@ -3,33 +3,42 @@
module QA
context 'Plan', :reliable do
describe 'check xss occurence in @mentions in issues', :requires_admin do
it 'mentions a user in a comment' do
let(:user) do
Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
end
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'xss-test-for-mentions-project'
project.add_member(user)
end
end
let(:issue) do
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end
end
before do
QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
unless QA::Runtime::Env.personal_access_token
Flow::Login.sign_in_as_admin
end
user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Flow::Login.sign_in
end
project = Resource::Project.fabricate_via_api! do |project|
project.name = 'xss-test-for-mentions-project'
end
Flow::Project.add_member(project: project, username: user.username)
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end.visit!
it 'mentions a user in a comment' do
issue.visit!
Page::Project::Issue::Show.perform do |show|
show.select_all_activities_filter
......
......@@ -16,30 +16,38 @@ module QA
]
end
before do
# Add two new users to a project as members
Flow::Login.sign_in
let(:user) do
Resource::User.fabricate_or_use do |user|
user.name = Runtime::Env.gitlab_qa_username_1
user.password = Runtime::Env.gitlab_qa_password_1
end
end
@user = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
@user2 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2)
let(:user2) do
Resource::User.fabricate_or_use do |user2|
user2.name = Runtime::Env.gitlab_qa_username_2
user2.password = Runtime::Env.gitlab_qa_password_2
end
end
@project = Resource::Project.fabricate_via_api! do |project|
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = "codeowners"
end
@project.visit!
end
Page::Project::Menu.perform(&:go_to_members_settings)
Page::Project::Settings::Members.perform do |members_page|
members_page.add_member(@user.username)
members_page.add_member(@user2.username)
end
before do
project.add_member(user)
project.add_member(user2)
end
it 'displays owners specified in CODEOWNERS file' do
Flow::Login.sign_in
project.visit!
codeowners_file_content =
<<-CONTENT
* @#{@user2.username}
*.txt @#{@user.username}
* @#{user2.username}
*.txt @#{user.username}
CONTENT
files << {
name: 'CODEOWNERS',
......@@ -48,27 +56,27 @@ module QA
# Push CODEOWNERS and test files to the project
Resource::Repository::ProjectPush.fabricate! do |push|
push.project = @project
push.project = project
push.files = files
push.commit_message = 'Add CODEOWNERS and test files'
end
@project.visit!
project.visit!
# Check the files and code owners
Page::Project::Show.perform do |project_page|
project_page.click_file 'file.txt'
end
expect(page).to have_content(@user.name)
expect(page).not_to have_content(@user2.name)
expect(page).to have_content(user.name)
expect(page).not_to have_content(user2.name)
@project.visit!
project.visit!
Page::Project::Show.perform do |project_page|
project_page.click_file 'README.md'
end
expect(page).to have_content(@user2.name)
expect(page).not_to have_content(@user.name)
expect(page).to have_content(user2.name)
expect(page).not_to have_content(user.name)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment