Add latest changes from gitlab-org/gitlab@master

9 files changed, 161 insertions, 4 deletions

diff --git a/qa/Dockerfile b/qa/Dockerfile
index 6efc8ac09fa..2bf668abc49 100644
--- a/qa/Dockerfile
+++ b/qa/Dockerfile
@@ -22,6 +22,13 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/*
 
 ##
+# Install 1Password CLI
+#
+RUN wget -P /tmp/ https://downloads.1password.com/linux/debian/$(dpkg --print-architecture)/stable/1password-cli-$(dpkg --print-architecture)-latest.deb
+RUN dpkg -i /tmp/1password-cli-$(dpkg --print-architecture)-latest.deb
+RUN op --version
+
+##
 # Install root certificate
 #
 RUN mkdir -p /usr/share/ca-certificates/gitlab
diff --git a/qa/qa.rb b/qa/qa.rb
index a395dc6e0b0..f6fba30c079 100644
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -83,7 +83,8 @@ module QA
     "vscode" => "VSCode",
     "registry_with_cdn" => "RegistryWithCDN",
     "fips" => "FIPS",
-    "ci_cd_settings" => "CICDSettings"
+    "ci_cd_settings" => "CICDSettings",
+    "cli" => "CLI"
   )
 
   loader.setup
diff --git a/qa/qa/page/main/login.rb b/qa/qa/page/main/login.rb
index 4a5f9d90630..9fb1179373d 100644
--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -40,6 +40,7 @@ module QA
 
         view 'app/helpers/auth_helper.rb' do
           element :saml_login_button
+          element :github_login_button
         end
 
         view 'app/views/layouts/devise.html.haml' do
@@ -177,6 +178,11 @@ module QA
           click_element :standard_tab
         end
 
+        def sign_in_with_github
+          set_initial_password_if_present
+          click_element :github_login_button
+        end
+
         def sign_in_with_saml
           set_initial_password_if_present
           click_element :saml_login_button
diff --git a/qa/qa/runtime/env.rb b/qa/qa/runtime/env.rb
index 7da529becbd..34e392c6263 100644
--- a/qa/qa/runtime/env.rb
+++ b/qa/qa/runtime/env.rb
@@ -210,11 +210,11 @@ module QA
       end
 
       def github_username
-        ENV['GITHUB_USERNAME']
+        ENV['QA_GITHUB_USERNAME']
       end
 
       def github_password
-        ENV['GITHUB_PASSWORD']
+        ENV['QA_GITHUB_PASSWORD']
       end
 
       def forker?
@@ -541,6 +541,22 @@ module QA
         raise "Missing Slack env: #{missing_env.map(&:upcase).join(', ')}"
       end
 
+      def one_p_email
+        ENV['QA_1P_EMAIL']
+      end
+
+      def one_p_password
+        ENV['QA_1P_PASSWORD']
+      end
+
+      def one_p_secret
+        ENV['QA_1P_SECRET']
+      end
+
+      def one_p_github_uuid
+        ENV['QA_1P_GITHUB_UUID']
+      end
+
       private
 
       def remote_grid_credentials
diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/oauth_login_with_github_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/oauth_login_with_github_spec.rb
new file mode 100644
index 00000000000..3ac050c1649
--- /dev/null
+++ b/qa/qa/specs/features/browser_ui/1_manage/login/oauth_login_with_github_spec.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module QA
+  RSpec.describe 'Manage', :orchestrated, :oauth, product_group: :authentication_and_authorization do
+    describe 'OAuth' do
+      it 'connects and logs in with GitHub OAuth',
+        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/402405' do
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+
+        Page::Main::Login.perform(&:sign_in_with_github)
+
+        Vendor::Github::Page::Login.perform(&:login)
+
+        expect(page).to have_content('Welcome to GitLab')
+      end
+    end
+  end
+end
diff --git a/qa/qa/vendor/github/page/base.rb b/qa/qa/vendor/github/page/base.rb
new file mode 100644
index 00000000000..3b96180afe9
--- /dev/null
+++ b/qa/qa/vendor/github/page/base.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module QA
+  module Vendor
+    module Github
+      module Page
+        class Base
+          include Capybara::DSL
+          include Scenario::Actable
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/vendor/github/page/login.rb b/qa/qa/vendor/github/page/login.rb
new file mode 100644
index 00000000000..17a7471e251
--- /dev/null
+++ b/qa/qa/vendor/github/page/login.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'capybara/dsl'
+require 'benchmark'
+
+module QA
+  module Vendor
+    module Github
+      module Page
+        class Login < Page::Base
+          def login
+            fill_in 'login', with: QA::Runtime::Env.github_username
+            fill_in 'password', with: QA::Runtime::Env.github_password
+            click_on 'Sign in'
+
+            current_otp = OnePassword::CLI.instance.current_otp
+
+            fill_in 'app_otp', with: current_otp
+
+            if has_text?('Two-factor authentication failed', wait: 2)
+              new_otp = OnePassword::CLI.instance.new_otp(otp)
+
+              fill_in 'app_otp', with: new_otp
+            end
+
+            authorize_app
+          end
+
+          def authorize_app
+            click_on 'Authorize' if has_button?('Authorize')
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/vendor/one_password/cli.rb b/qa/qa/vendor/one_password/cli.rb
new file mode 100644
index 00000000000..f443ba05492
--- /dev/null
+++ b/qa/qa/vendor/one_password/cli.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'benchmark'
+
+module QA
+  module Vendor
+    module OnePassword
+      class CLI
+        include Singleton
+
+        def initialize
+          @email = QA::Runtime::Env.one_p_email
+          @password = QA::Runtime::Env.one_p_password
+          @secret = QA::Runtime::Env.one_p_secret
+          @github_uuid = QA::Runtime::Env.one_p_github_uuid
+          @address = 'gitlab.1password.com'
+        end
+
+        def new_otp(old_otp = "")
+          # Fetches a new OTP that is not equal to the old OTP
+          new_otp = ""
+          time = Benchmark.realtime do
+            # An otp is valid for 30 seconds so 64 attempts with 0.5 interval are enough to ensure a new OTP is obtained
+            Support::Retrier.retry_until(max_attempts: 64, sleep_interval: 0.5) do
+              new_otp = current_otp
+              new_otp != old_otp
+            end
+          end
+
+          QA::Runtime::Logger.info("Fetched new OTP in: #{time} seconds")
+
+          new_otp
+        end
+
+        def current_otp
+          result = nil
+
+          time = Benchmark.realtime do
+            result = `op item get #{@github_uuid} --otp --session #{session_token}`.chop
+          end
+
+          QA::Runtime::Logger.info("Fetched current OTP in: #{time} seconds")
+
+          result
+        end
+
+        private
+
+        # OP session tokens are valid for 30 minutes. We are caching the session token here and this is fine currently
+        # as we just have one test that is not expected to go over 30 minutes.
+        # But note that if we add more tests that use this class, we might need to add a mechanism to invalidate
+        # the cache after 30 minutes or if the session_token is rejected by op CLI.
+        def session_token
+          @session_token ||= `echo '#{@password}' | op account add --address #{@address} --email #{@email} --secret-key #{@secret} --signin --raw` # rubocop:disable Layout/LineLength
+        end
+      end
+    end
+  end
+end
diff --git a/qa/tasks/ci.rake b/qa/tasks/ci.rake
index aaf691de1b5..e5f4acb158b 100644
--- a/qa/tasks/ci.rake
+++ b/qa/tasks/ci.rake
@@ -32,7 +32,7 @@ namespace :ci do
 
     if run_all_label_present
       logger.info(" merge request has pipeline:run-all-e2e label, full test suite will be executed")
-      append_to_file(env_file, "QA_RUN_ALL_TESTS=true\n")
+      append_to_file(env_file, "QA_RUN_ALL_E2E_LABEL=true\n")
     elsif qa_changes.framework_changes? # run all tests when framework changes detected
       logger.info(" merge request contains qa framework changes, full test suite will be executed")
       append_to_file(env_file, "QA_FRAMEWORK_CHANGES=true\n")