diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
commit | 6e4e1050d9dba2b7b2523fdd1768823ab85feef4 (patch) | |
tree | 78be5963ec075d80116a932011d695dd33910b4e /qa/qa/specs/features/browser_ui/1_manage | |
parent | 1ce776de4ae122aba3f349c02c17cebeaa8ecf07 (diff) | |
download | gitlab-ce-6e4e1050d9dba2b7b2523fdd1768823ab85feef4.tar.gz |
Add latest changes from gitlab-org/gitlab@13-3-stable-ee
Diffstat (limited to 'qa/qa/specs/features/browser_ui/1_manage')
-rw-r--r-- | qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb | 92 | ||||
-rw-r--r-- | qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb | 46 |
2 files changed, 137 insertions, 1 deletions
diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb new file mode 100644 index 00000000000..e83aed18b5f --- /dev/null +++ b/qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb @@ -0,0 +1,92 @@ +# frozen_string_literal: true + +module QA + context 'Manage', :requires_admin, :skip_live_env do + describe '2FA' do + let(:owner_user) do + Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_2fa_owner_username_1, Runtime::Env.gitlab_qa_2fa_owner_password_1) + end + + let(:developer_user) do + Resource::User.fabricate_via_api! do |resource| + resource.api_client = admin_api_client + end + end + + let(:sandbox_group) do + Resource::Sandbox.fabricate! do |sandbox_group| + sandbox_group.path = "gitlab-qa-2fa-recovery-sandbox-group-#{SecureRandom.hex(4)}" + sandbox_group.api_client = owner_api_client + end + end + + let(:group) do + QA::Resource::Group.fabricate_via_api! do |group| + group.sandbox = sandbox_group + group.api_client = owner_api_client + group.require_two_factor_authentication = true + end + end + + before do + group.add_member(developer_user, Resource::Members::AccessLevel::DEVELOPER) + end + + it 'allows using 2FA recovery code once only' do + recovery_code = enable_2fa_for_user_and_fetch_recovery_code(developer_user) + + Flow::Login.sign_in(as: developer_user, skip_page_validation: true) + + Page::Main::TwoFactorAuth.perform do |two_fa_auth| + two_fa_auth.set_2fa_code(recovery_code) + two_fa_auth.click_verify_code_button + end + + expect(Page::Main::Menu.perform(&:signed_in?)).to be_truthy + + Page::Main::Menu.perform(&:sign_out) + + Flow::Login.sign_in(as: developer_user, skip_page_validation: true) + + Page::Main::TwoFactorAuth.perform do |two_fa_auth| + two_fa_auth.set_2fa_code(recovery_code) + two_fa_auth.click_verify_code_button + end + + expect(page).to have_text('Invalid two-factor code') + end + + after do + group.set_require_two_factor_authentication(value: 'false') + group.remove_via_api! + sandbox_group.remove_via_api! + developer_user.remove_via_api! + end + + def admin_api_client + @admin_api_client ||= Runtime::API::Client.as_admin + end + + def owner_api_client + @owner_api_client ||= Runtime::API::Client.new(:gitlab, user: owner_user) + end + + def enable_2fa_for_user_and_fetch_recovery_code(user) + Flow::Login.while_signed_in(as: user) do + Page::Profile::TwoFactorAuth.perform do |two_fa_auth| + @otp = QA::Support::OTP.new(two_fa_auth.otp_secret_content) + + two_fa_auth.set_pin_code(@otp.fresh_otp) + two_fa_auth.click_register_2fa_app_button + + recovery_code = two_fa_auth.recovery_codes.sample + + two_fa_auth.click_proceed_button + + recovery_code + end + end + end + end + end +end diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb index 9dfeec37869..bb01be9d86e 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb @@ -2,7 +2,7 @@ module QA RSpec.shared_examples 'registration and login' do - it 'user registers and logs in' do + it 'allows the user to registers and login' do Runtime::Browser.visit(:gitlab, Page::Main::Login) Resource::User.fabricate_via_browser_ui! @@ -16,6 +16,50 @@ module QA RSpec.describe 'Manage', :skip_signup_disabled do describe 'standard' do it_behaves_like 'registration and login' + + context 'when user account is deleted', :requires_admin do + let(:user) do + Resource::User.fabricate_via_api! do |resource| + resource.api_client = admin_api_client + end + end + + before do + # Use the UI instead of API to delete the account since + # this is the only test that exercise this UI. + # Other tests should use the API for this purpose. + Flow::Login.sign_in(as: user) + Page::Main::Menu.perform(&:click_settings_link) + Page::Profile::Menu.perform(&:click_account) + Page::Profile::Accounts::Show.perform do |show| + show.delete_account(user.password) + end + end + + it 'allows recreating with same credentials' do + expect(Page::Main::Menu.perform(&:signed_in?)).to be_falsy + + Flow::Login.sign_in(as: user, skip_page_validation: true) + + expect(page).to have_text("Invalid Login or password") + + @recreated_user = Resource::User.fabricate_via_browser_ui! do |resource| + resource.name = user.name + resource.username = user.username + resource.email = user.email + end + + expect(Page::Main::Menu.perform(&:signed_in?)).to be_truthy + end + + after do + @recreated_user.remove_via_api! + end + + def admin_api_client + @admin_api_client ||= Runtime::API::Client.as_admin + end + end end end |