diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:58:22 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:58:45 +0000 |
commit | 1794d7d6a11019da7fe8bb56536f3fce69d1825d (patch) | |
tree | 4975bcf5629d6322feab02d1987676ef5fd5411d /spec/controllers/concerns | |
parent | 5825f3338e723e631964bf67d259e3365014a442 (diff) | |
download | gitlab-ce-1794d7d6a11019da7fe8bb56536f3fce69d1825d.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-9-stable-ee
Diffstat (limited to 'spec/controllers/concerns')
-rw-r--r-- | spec/controllers/concerns/confirm_email_warning_spec.rb | 34 |
1 files changed, 1 insertions, 33 deletions
diff --git a/spec/controllers/concerns/confirm_email_warning_spec.rb b/spec/controllers/concerns/confirm_email_warning_spec.rb index b8a4b94aa66..334c156e1ae 100644 --- a/spec/controllers/concerns/confirm_email_warning_spec.rb +++ b/spec/controllers/concerns/confirm_email_warning_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe ConfirmEmailWarning, feature_category: :system_access do +RSpec.describe ConfirmEmailWarning do before do stub_feature_flags(soft_email_confirmation: true) end @@ -82,38 +82,6 @@ RSpec.describe ConfirmEmailWarning, feature_category: :system_access do it { is_expected.to set_confirm_warning_for(user.email) } end end - - context 'when user is being impersonated' do - let(:impersonator) { create(:admin) } - - before do - allow(controller).to receive(:session).and_return({ impersonator_id: impersonator.id }) - - get :index - end - - it { is_expected.to set_confirm_warning_for(user.email) } - - context 'when impersonated user email has html in their email' do - let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - - it { is_expected.to set_confirm_warning_for("malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - end - end - - context 'when user is not being impersonated' do - before do - get :index - end - - it { is_expected.to set_confirm_warning_for(user.email) } - - context 'when user email has html in their email' do - let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - - it { is_expected.to set_confirm_warning_for("malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - end - end end end end |