summaryrefslogtreecommitdiff
path: root/qa
diff options
context:
space:
mode:
authorRamya Authappan <rauthappan@gitlab.com>2019-07-22 05:20:11 +0000
committerRamya Authappan <rauthappan@gitlab.com>2019-07-22 05:20:11 +0000
commit53547792dd7ca9e516ec756e2c0262381641d9c7 (patch)
tree8e57910044809a276d4050ef9b20c94dbfb8c350 /qa
parent695f4bb17d157ba2c7653a6aefa9bf09ecc2c583 (diff)
parent033c1c0c3c8e15c120612c5e1671c253f37fec73 (diff)
downloadgitlab-ce-53547792dd7ca9e516ec756e2c0262381641d9c7.tar.gz
Merge branch 'sl-qa-staging-65-fix-check-mentions-for-xss-spec' into 'master'
Updates check_mentions_for_xss_spec to use admin token for creating the user Closes gitlab-org/quality/staging#65 See merge request gitlab-org/gitlab-ce!30943
Diffstat (limited to 'qa')
-rw-r--r--qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb14
1 files changed, 12 insertions, 2 deletions
diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
index d412125bb68..425fb861456 100644
--- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
+++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
@@ -4,14 +4,24 @@ module QA
context 'Plan' do
describe 'check xss occurence in @mentions in issues' do
before do
- Runtime::Browser.visit(:gitlab, Page::Main::Login)
- Page::Main::Login.perform(&:sign_in_using_credentials)
+ QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
+
+ unless QA::Runtime::Env.personal_access_token
+ Runtime::Browser.visit(:gitlab, Page::Main::Login)
+ Page::Main::Login.perform(&:sign_in_using_admin_credentials)
+ end
user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
+ QA::Runtime::Env.personal_access_token = nil
+
+ Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
+
+ Page::Main::Login.perform(&:sign_in_using_credentials)
+
project = Resource::Project.fabricate_via_api! do |resource|
resource.name = 'xss-test-for-mentions-project'
end