Commit 53547792 authored by Ramya Authappan's avatar Ramya Authappan

Merge branch 'sl-qa-staging-65-fix-check-mentions-for-xss-spec' into 'master'

Updates check_mentions_for_xss_spec to use admin token for creating the user

Closes gitlab-org/quality/staging#65

See merge request gitlab-org/gitlab-ce!30943
parents 695f4bb1 033c1c0c
Pipeline #72164526 passed with stages
in 63 minutes and 55 seconds
......@@ -4,14 +4,24 @@ module QA
context 'Plan' do
describe 'check xss occurence in @mentions in issues' do
before do
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform(&:sign_in_using_credentials)
QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
unless QA::Runtime::Env.personal_access_token
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform(&:sign_in_using_admin_credentials)
end
user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234"
end
QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Page::Main::Login.perform(&:sign_in_using_credentials)
project = Resource::Project.fabricate_via_api! do |resource|
resource.name = 'xss-test-for-mentions-project'
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment