Add latest changes from gitlab-org/gitlab@13-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 17:19:54 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 17:19:54 +0000
commit: 2ac1cf8af3050860c57933995cefd1e5cf1767de (patch)
tree: d4ed2f491da63e33fc16631d2be01b84c6235b41
parent: d8bf49ba281a48fe6d44659bedf13cfebb3101d1 (diff)
download: gitlab-ce-2ac1cf8af3050860c57933995cefd1e5cf1767de.tar.gz
1 files changed, 16 insertions, 19 deletions
diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
index 784f474a7d5..ec88042673c 100644
--- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
+++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
@@ -2,35 +2,32 @@
 
 module QA
   RSpec.describe 'Plan', :reliable do
-    describe 'check xss occurence in @mentions in issues', :requires_admin do
-      it 'mentions a user in a comment' do
-        QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
-
-        unless QA::Runtime::Env.personal_access_token
-          Flow::Login.sign_in_as_admin
-        end
-
-        user = Resource::User.fabricate_via_api! do |user|
-          user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
-          user.password = "test1234"
-        end
-
-        QA::Runtime::Env.personal_access_token = nil
+    let!(:user) do
+      Resource::User.fabricate_via_api! do |user|
+        user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
+        user.password = "test1234"
+        user.api_client = Runtime::API::Client.as_admin
+      end
+    end
 
-        Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
+    let!(:project) do
+      Resource::Project.fabricate_via_api! do |project|
+        project.name = 'xss-test-for-mentions-project'
+      end
+    end
 
+    describe 'check xss occurence in @mentions in issues', :requires_admin do
+      before do
         Flow::Login.sign_in
 
-        project = Resource::Project.fabricate_via_api! do |project|
-          project.name = 'xss-test-for-mentions-project'
-        end
-
         Flow::Project.add_member(project: project, username: user.username)
 
         Resource::Issue.fabricate_via_api! do |issue|
           issue.project = project
         end.visit!
+      end
 
+      it 'mentions a user in a comment' do
         Page::Project::Issue::Show.perform do |show|
           show.select_all_activities_filter
           show.comment("cc-ing you here @#{user.username}")
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 17:19:54 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 17:19:54 +0000
commit	2ac1cf8af3050860c57933995cefd1e5cf1767de (patch)
tree	d4ed2f491da63e33fc16631d2be01b84c6235b41
parent	d8bf49ba281a48fe6d44659bedf13cfebb3101d1 (diff)
download	gitlab-ce-2ac1cf8af3050860c57933995cefd1e5cf1767de.tar.gz