summaryrefslogtreecommitdiff
path: root/spec/features
diff options
context:
space:
mode:
Diffstat (limited to 'spec/features')
-rw-r--r--spec/features/admin/admin_users_impersonation_tokens_spec.rb12
-rw-r--r--spec/features/dashboard/todos/target_state_spec.rb20
-rw-r--r--spec/features/dashboard/todos/todos_filtering_spec.rb2
-rw-r--r--spec/features/dashboard/todos/todos_spec.rb38
-rw-r--r--spec/features/invites_spec.rb39
-rw-r--r--spec/features/markdown/mermaid_spec.rb23
-rw-r--r--spec/features/projects/pipelines/pipeline_spec.rb5
7 files changed, 83 insertions, 56 deletions
diff --git a/spec/features/admin/admin_users_impersonation_tokens_spec.rb b/spec/features/admin/admin_users_impersonation_tokens_spec.rb
index ee64e71f176..7466150addf 100644
--- a/spec/features/admin/admin_users_impersonation_tokens_spec.rb
+++ b/spec/features/admin/admin_users_impersonation_tokens_spec.rb
@@ -83,4 +83,16 @@ RSpec.describe 'Admin > Users > Impersonation Tokens', :js do
expect(no_personal_access_tokens_message).to have_text("This user has no active impersonation tokens.")
end
end
+
+ describe "impersonation disabled state" do
+ before do
+ stub_config_setting(impersonation_enabled: false)
+ end
+
+ it "does not show impersonation tokens tab" do
+ visit admin_user_path(user)
+
+ expect(page).not_to have_content("Impersonation Tokens")
+ end
+ end
end
diff --git a/spec/features/dashboard/todos/target_state_spec.rb b/spec/features/dashboard/todos/target_state_spec.rb
index 4c43948201c..b0aafdda59a 100644
--- a/spec/features/dashboard/todos/target_state_spec.rb
+++ b/spec/features/dashboard/todos/target_state_spec.rb
@@ -3,16 +3,20 @@
require 'spec_helper'
RSpec.describe 'Dashboard > Todo target states' do
- let(:user) { create(:user) }
- let(:author) { create(:user) }
- let(:project) { create(:project, :public) }
+ let_it_be(:user) { create(:user) }
+ let_it_be(:author) { create(:user) }
+ let_it_be(:project) { create(:project, :public) }
+
+ before_all do
+ project.add_developer(user)
+ end
before do
sign_in(user)
end
it 'on a closed issue todo has closed label' do
- issue_closed = create(:issue, state: 'closed')
+ issue_closed = create(:issue, state: 'closed', project: project)
create_todo issue_closed
visit dashboard_todos_path
@@ -22,7 +26,7 @@ RSpec.describe 'Dashboard > Todo target states' do
end
it 'on an open issue todo does not have an open label' do
- issue_open = create(:issue)
+ issue_open = create(:issue, project: project)
create_todo issue_open
visit dashboard_todos_path
@@ -32,7 +36,7 @@ RSpec.describe 'Dashboard > Todo target states' do
end
it 'on a merged merge request todo has merged label' do
- mr_merged = create(:merge_request, :simple, :merged, author: user)
+ mr_merged = create(:merge_request, :simple, :merged, author: user, source_project: project)
create_todo mr_merged
visit dashboard_todos_path
@@ -42,7 +46,7 @@ RSpec.describe 'Dashboard > Todo target states' do
end
it 'on a closed merge request todo has closed label' do
- mr_closed = create(:merge_request, :simple, :closed, author: user)
+ mr_closed = create(:merge_request, :simple, :closed, author: user, source_project: project)
create_todo mr_closed
visit dashboard_todos_path
@@ -52,7 +56,7 @@ RSpec.describe 'Dashboard > Todo target states' do
end
it 'on an open merge request todo does not have an open label' do
- mr_open = create(:merge_request, :simple, author: user)
+ mr_open = create(:merge_request, :simple, author: user, source_project: project)
create_todo mr_open
visit dashboard_todos_path
diff --git a/spec/features/dashboard/todos/todos_filtering_spec.rb b/spec/features/dashboard/todos/todos_filtering_spec.rb
index b1464af4194..53209db3107 100644
--- a/spec/features/dashboard/todos/todos_filtering_spec.rb
+++ b/spec/features/dashboard/todos/todos_filtering_spec.rb
@@ -128,7 +128,7 @@ RSpec.describe 'Dashboard > User filters todos', :js do
describe 'filter by action' do
before do
- create(:todo, :build_failed, user: user_1, author: user_2, project: project_1)
+ create(:todo, :build_failed, user: user_1, author: user_2, project: project_1, target: merge_request)
create(:todo, :marked, user: user_1, author: user_2, project: project_1, target: issue1)
create(:todo, :review_requested, user: user_1, author: user_2, project: project_1, target: issue1)
end
diff --git a/spec/features/dashboard/todos/todos_spec.rb b/spec/features/dashboard/todos/todos_spec.rb
index 0bc6cc9c017..7345bfa19e2 100644
--- a/spec/features/dashboard/todos/todos_spec.rb
+++ b/spec/features/dashboard/todos/todos_spec.rb
@@ -3,10 +3,16 @@
require 'spec_helper'
RSpec.describe 'Dashboard Todos' do
+ include DesignManagementTestHelpers
+
let_it_be(:user) { create(:user, username: 'john') }
let_it_be(:author) { create(:user) }
let_it_be(:project) { create(:project, :public) }
- let_it_be(:issue) { create(:issue, due_date: Date.today, title: "Fix bug") }
+ let_it_be(:issue) { create(:issue, project: project, due_date: Date.today, title: "Fix bug") }
+
+ before_all do
+ project.add_developer(user)
+ end
context 'User does not have todos' do
before do
@@ -21,8 +27,8 @@ RSpec.describe 'Dashboard Todos' do
context 'when the todo references a merge request' do
let(:referenced_mr) { create(:merge_request, source_project: project) }
- let(:note) { create(:note, project: project, note: "Check out #{referenced_mr.to_reference}") }
- let!(:todo) { create(:todo, :mentioned, user: user, project: project, author: author, note: note) }
+ let(:note) { create(:note, project: project, note: "Check out #{referenced_mr.to_reference}", noteable: create(:issue, project: project)) }
+ let!(:todo) { create(:todo, :mentioned, user: user, project: project, author: author, note: note, target: note.noteable) }
before do
sign_in(user)
@@ -39,9 +45,26 @@ RSpec.describe 'Dashboard Todos' do
end
end
- context 'User has a todo', :js do
+ context 'user has an unauthorized todo' do
before do
+ sign_in(user)
+ end
+
+ it 'does not render the todo' do
+ unauthorized_issue = create(:issue)
+ create(:todo, :mentioned, user: user, project: unauthorized_issue.project, target: unauthorized_issue, author: author)
create(:todo, :mentioned, user: user, project: project, target: issue, author: author)
+
+ visit dashboard_todos_path
+
+ expect(page).to have_selector('.todos-list .todo', count: 1)
+ end
+ end
+
+ context 'User has a todo', :js do
+ let_it_be(:user_todo) { create(:todo, :mentioned, user: user, project: project, target: issue, author: author) }
+
+ before do
sign_in(user)
visit dashboard_todos_path
@@ -183,7 +206,7 @@ RSpec.describe 'Dashboard Todos' do
end
context 'approval todo' do
- let(:merge_request) { create(:merge_request, title: "Fixes issue") }
+ let(:merge_request) { create(:merge_request, title: "Fixes issue", source_project: project) }
before do
create(:todo, :approval_required, user: user, project: project, target: merge_request, author: user)
@@ -199,7 +222,7 @@ RSpec.describe 'Dashboard Todos' do
end
context 'review request todo' do
- let(:merge_request) { create(:merge_request, title: "Fixes issue") }
+ let(:merge_request) { create(:merge_request, title: "Fixes issue", source_project: project) }
before do
create(:todo, :review_requested, user: user, project: project, target: merge_request, author: user)
@@ -355,7 +378,7 @@ RSpec.describe 'Dashboard Todos' do
end
context 'User has a Build Failed todo' do
- let!(:todo) { create(:todo, :build_failed, user: user, project: project, author: author) }
+ let!(:todo) { create(:todo, :build_failed, user: user, project: project, author: author, target: create(:merge_request, source_project: project)) }
before do
sign_in(user)
@@ -386,6 +409,7 @@ RSpec.describe 'Dashboard Todos' do
end
before do
+ enable_design_management
project.add_developer(user)
sign_in(user)
diff --git a/spec/features/invites_spec.rb b/spec/features/invites_spec.rb
index cf234032d33..fdd822ef25b 100644
--- a/spec/features/invites_spec.rb
+++ b/spec/features/invites_spec.rb
@@ -90,48 +90,17 @@ RSpec.describe 'Group or Project invitations', :aggregate_failures do
end
context 'when signed in and an invite link is clicked' do
- context 'when an invite email is a secondary email for the user' do
- let(:invite_email) { 'user_secondary@example.com' }
-
- before do
- sign_in(user)
- visit invite_path(group_invite.raw_invite_token)
- end
-
- it 'sends user to the invite url and allows them to decline' do
- expect(current_path).to eq(invite_path(group_invite.raw_invite_token))
- expect(page).to have_content("Note that this invitation was sent to #{invite_email}")
- expect(page).to have_content("but you are signed in as #{user.to_reference} with email #{user.email}")
-
- click_link('Decline')
-
- expect(page).to have_content('You have declined the invitation')
- expect(current_path).to eq(dashboard_projects_path)
- expect { group_invite.reload }.to raise_error ActiveRecord::RecordNotFound
- end
-
- it 'sends uer to the invite url and allows them to accept' do
- expect(current_path).to eq(invite_path(group_invite.raw_invite_token))
- expect(page).to have_content("Note that this invitation was sent to #{invite_email}")
- expect(page).to have_content("but you are signed in as #{user.to_reference} with email #{user.email}")
-
- click_link('Accept invitation')
-
- expect(page).to have_content('You have been granted')
- expect(current_path).to eq(activity_group_path(group))
- end
- end
-
context 'when user is an existing member' do
before do
- sign_in(owner)
+ group.add_developer(user)
+ sign_in(user)
visit invite_path(group_invite.raw_invite_token)
end
it 'shows message user already a member' do
expect(current_path).to eq(invite_path(group_invite.raw_invite_token))
- expect(page).to have_link(owner.name, href: user_url(owner))
- expect(page).to have_content('However, you are already a member of this group.')
+ expect(page).to have_link(user.name, href: user_path(user))
+ expect(page).to have_content('You are already a member of this group.')
end
end
end
diff --git a/spec/features/markdown/mermaid_spec.rb b/spec/features/markdown/mermaid_spec.rb
index c4994838d26..e080c7ffb3f 100644
--- a/spec/features/markdown/mermaid_spec.rb
+++ b/spec/features/markdown/mermaid_spec.rb
@@ -260,8 +260,6 @@ RSpec.describe 'Mermaid rendering', :js do
description *= 51
- project = create(:project, :public)
-
wiki_page = build(:wiki_page, { container: project, content: description })
wiki_page.create message: 'mermaid test commit' # rubocop:disable Rails/SaveBang
wiki_page = project.wiki.find_page(wiki_page.slug)
@@ -277,6 +275,27 @@ RSpec.describe 'Mermaid rendering', :js do
expect(page).not_to have_selector('.js-lazy-render-mermaid-container')
end
end
+
+ it 'does not allow HTML injection' do
+ description = <<~MERMAID
+ ```mermaid
+ %%{init: {"flowchart": {"htmlLabels": "false"}} }%%
+ flowchart
+ A["<iframe></iframe>"]
+ ```
+ MERMAID
+
+ issue = create(:issue, project: project, description: description)
+
+ visit project_issue_path(project, issue)
+
+ wait_for_requests
+ wait_for_mermaid
+
+ page.within('.description') do
+ expect(page).not_to have_xpath("//iframe")
+ end
+ end
end
def wait_for_mermaid
diff --git a/spec/features/projects/pipelines/pipeline_spec.rb b/spec/features/projects/pipelines/pipeline_spec.rb
index 0958e1d1891..ce2083b397a 100644
--- a/spec/features/projects/pipelines/pipeline_spec.rb
+++ b/spec/features/projects/pipelines/pipeline_spec.rb
@@ -365,9 +365,8 @@ RSpec.describe 'Pipeline', :js do
let(:project) { create(:project, :public, :repository, public_builds: false) }
let(:role) { :guest }
- it 'does not show failed jobs tab pane' do
- expect(page).to have_link('Pipeline')
- expect(page).not_to have_content('Failed Jobs')
+ it 'does not show the pipeline details page' do
+ expect(page).to have_content('Not Found')
end
end
end
View Lorry Controller Status