summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSanad Liaquat <sliaquat@gitlab.com>2019-07-19 19:23:43 +0500
committerSanad Liaquat <sliaquat@gitlab.com>2019-07-19 19:23:43 +0500
commit033c1c0c3c8e15c120612c5e1671c253f37fec73 (patch)
tree390f38ae6c164c4b8c9852841d33b774581c1f7a
parent4c30b0a1cf5ead26d20845b82ae528fcbdf98728 (diff)
downloadgitlab-ce-033c1c0c3c8e15c120612c5e1671c253f37fec73.tar.gz
-rw-r--r--qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb14
1 files changed, 12 insertions, 2 deletions
diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
index afddbff75bd..1bcd80f27af 100644
--- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
+++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
@@ -4,14 +4,24 @@ module QA
context 'Plan' do
describe 'check xss occurence in @mentions in issues' do
before do
- Runtime::Browser.visit(:gitlab, Page::Main::Login)
- Page::Main::Login.perform(&:sign_in_using_credentials)
+ QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
+
+ unless QA::Runtime::Env.personal_access_token
+ Runtime::Browser.visit(:gitlab, Page::Main::Login)
+ Page::Main::Login.perform(&:sign_in_using_admin_credentials)
+ end
user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
+ QA::Runtime::Env.personal_access_token = nil
+
+ Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
+
+ Page::Main::Login.perform(&:sign_in_using_credentials)
+
project = Resource::Project.fabricate_via_api! do |resource|
resource.name = 'xss-test-for-mentions-project'
end