diff options
Diffstat (limited to 'spec/features/projects/issues')
7 files changed, 299 insertions, 0 deletions
diff --git a/spec/features/projects/issues/design_management/user_paginates_designs_spec.rb b/spec/features/projects/issues/design_management/user_paginates_designs_spec.rb new file mode 100644 index 00000000000..d9a72f2d5c5 --- /dev/null +++ b/spec/features/projects/issues/design_management/user_paginates_designs_spec.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'User paginates issue designs', :js do + include DesignManagementTestHelpers + + let(:project) { create(:project_empty_repo, :public) } + let(:issue) { create(:issue, project: project) } + + before do + enable_design_management + + create_list(:design, 2, :with_file, issue: issue) + + visit project_issue_path(project, issue) + + click_link 'Designs' + + wait_for_requests + + find('.js-design-list-item', match: :first).click + end + + it 'paginates to next design' do + expect(find('.js-previous-design')[:disabled]).to eq('true') + + page.within(find('.js-design-header')) do + expect(page).to have_content('1 of 2') + end + + find('.js-next-design').click + + expect(find('.js-previous-design')[:disabled]).not_to eq('true') + + page.within(find('.js-design-header')) do + expect(page).to have_content('2 of 2') + end + end +end diff --git a/spec/features/projects/issues/design_management/user_permissions_upload_spec.rb b/spec/features/projects/issues/design_management/user_permissions_upload_spec.rb new file mode 100644 index 00000000000..2238e86a47f --- /dev/null +++ b/spec/features/projects/issues/design_management/user_permissions_upload_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'User design permissions', :js do + include DesignManagementTestHelpers + + let(:project) { create(:project_empty_repo, :public) } + let(:issue) { create(:issue, project: project) } + + before do + enable_design_management + + visit project_issue_path(project, issue) + + click_link 'Designs' + + wait_for_requests + end + + it 'user does not have permissions to upload design' do + expect(page).not_to have_field('design_file') + end +end diff --git a/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb new file mode 100644 index 00000000000..d160ab95a65 --- /dev/null +++ b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb @@ -0,0 +1,63 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'User uploads new design', :js do + include DesignManagementTestHelpers + + let_it_be(:project) { create(:project_empty_repo, :public) } + let_it_be(:user) { project.owner } + let_it_be(:issue) { create(:issue, project: project) } + + before do + sign_in(user) + end + + context "when the feature is available" do + before do + enable_design_management + + visit project_issue_path(project, issue) + + click_link 'Designs' + + wait_for_requests + end + + it 'uploads designs' do + attach_file(:design_file, logo_fixture, make_visible: true) + + expect(page).to have_selector('.js-design-list-item', count: 1) + + within first('#designs-tab .js-design-list-item') do + expect(page).to have_content('dk.png') + end + + attach_file(:design_file, gif_fixture, make_visible: true) + + expect(page).to have_selector('.js-design-list-item', count: 2) + end + end + + context 'when the feature is not available' do + before do + visit project_issue_path(project, issue) + + click_link 'Designs' + + wait_for_requests + end + + it 'shows the message about requirements' do + expect(page).to have_content("To enable design management, you'll need to meet the requirements.") + end + end + + def logo_fixture + Rails.root.join('spec', 'fixtures', 'dk.png') + end + + def gif_fixture + Rails.root.join('spec', 'fixtures', 'banana_sample.gif') + end +end diff --git a/spec/features/projects/issues/design_management/user_views_design_images_spec.rb b/spec/features/projects/issues/design_management/user_views_design_images_spec.rb new file mode 100644 index 00000000000..3d0f4df55c4 --- /dev/null +++ b/spec/features/projects/issues/design_management/user_views_design_images_spec.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Users views raw design image files' do + include DesignManagementTestHelpers + + let_it_be(:project) { create(:project, :public) } + let_it_be(:issue) { create(:issue, project: project) } + let_it_be(:design) { create(:design, :with_file, issue: issue, versions_count: 2) } + let(:newest_version) { design.versions.ordered.first } + let(:oldest_version) { design.versions.ordered.last } + + before do + enable_design_management + end + + it 'serves the latest design version when no ref is given' do + visit project_design_management_designs_raw_image_path(design.project, design) + + expect(response_headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to eq( + workhorse_data_header_for_version(oldest_version.sha) + ) + end + + it 'serves the correct design version when a ref is given' do + visit project_design_management_designs_raw_image_path(design.project, design, oldest_version.sha) + + expect(response_headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to eq( + workhorse_data_header_for_version(oldest_version.sha) + ) + end + + private + + def workhorse_data_header_for_version(ref) + blob = project.design_repository.blob_at(ref, design.full_path) + + Gitlab::Workhorse.send_git_blob(project.design_repository, blob).last + end +end diff --git a/spec/features/projects/issues/design_management/user_views_design_spec.rb b/spec/features/projects/issues/design_management/user_views_design_spec.rb new file mode 100644 index 00000000000..707049b0068 --- /dev/null +++ b/spec/features/projects/issues/design_management/user_views_design_spec.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'User views issue designs', :js do + include DesignManagementTestHelpers + + let_it_be(:project) { create(:project_empty_repo, :public) } + let_it_be(:issue) { create(:issue, project: project) } + let_it_be(:design) { create(:design, :with_file, issue: issue) } + + before do + enable_design_management + + visit project_issue_path(project, issue) + + click_link 'Designs' + end + + it 'opens design detail' do + click_link design.filename + + page.within(find('.js-design-header')) do + expect(page).to have_content(design.filename) + end + + expect(page).to have_selector('.js-design-image') + end +end diff --git a/spec/features/projects/issues/design_management/user_views_designs_spec.rb b/spec/features/projects/issues/design_management/user_views_designs_spec.rb new file mode 100644 index 00000000000..a4fb7456922 --- /dev/null +++ b/spec/features/projects/issues/design_management/user_views_designs_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'User views issue designs', :js do + include DesignManagementTestHelpers + + let_it_be(:project) { create(:project_empty_repo, :public) } + let_it_be(:issue) { create(:issue, project: project) } + let_it_be(:design) { create(:design, :with_file, issue: issue) } + + before do + enable_design_management + end + + context 'navigates from the issue view' do + before do + visit project_issue_path(project, issue) + click_link 'Designs' + wait_for_requests + end + + it 'fetches list of designs' do + expect(page).to have_selector('.js-design-list-item', count: 1) + end + end + + context 'navigates directly to the design collection view' do + before do + visit designs_project_issue_path(project, issue) + end + + it 'expands the sidebar' do + expect(page).to have_selector('.layout-page.right-sidebar-expanded') + end + end + + context 'navigates directly to the individual design view' do + before do + visit designs_project_issue_path(project, issue, vueroute: design.filename) + end + + it 'sees the design' do + expect(page).to have_selector('.js-design-detail') + end + end +end diff --git a/spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb b/spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb new file mode 100644 index 00000000000..a9e4aa899a7 --- /dev/null +++ b/spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'User views an SVG design that contains XSS', :js do + include DesignManagementTestHelpers + + let(:project) { create(:project_empty_repo, :public) } + let(:issue) { create(:issue, project: project) } + let(:file) { Rails.root.join('spec', 'fixtures', 'logo_sample.svg') } + let(:design) { create(:design, :with_file, filename: 'xss.svg', file: file, issue: issue) } + + before do + enable_design_management + + visit designs_project_issue_path( + project, + issue, + { vueroute: design.filename } + ) + + wait_for_requests + end + + it 'has XSS within the SVG file' do + file_content = File.read(file) + + expect(file_content).to include("<script>alert('FAIL')</script>") + end + + it 'displays the SVG' do + expect(page).to have_selector("img.design-img[alt='xss.svg']", count: 1, visible: false) + end + + it 'does not execute the JavaScript within the SVG' do + # The expectation is that we can call the capybara `page.dismiss_prompt` + # method to close a JavaScript alert prompt without a `Capybara::ModalNotFound` + # being raised. + run_expectation = -> { + page.dismiss_prompt(wait: 1) + } + + # With the page loaded, there should be no alert modal + expect(run_expectation).to raise_error( + Capybara::ModalNotFound, + 'Unable to find modal dialog' + ) + + # Perform a negative control test of the above expectation. + # With an alert modal displaying, the modal should be dismissable. + execute_script('alert(true)') + + expect(run_expectation).not_to raise_error + end +end |