Failure in browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb and ee/browser_ui/3_create/repository/code_owners_spec
Summary
- https://ops.gitlab.net/gitlab-org/quality/staging/-/jobs/1116747
- https://ops.gitlab.net/gitlab-org/quality/staging/-/jobs/1118268
The problem seems to be that gitlab-qa
is logged in when the test tries to create a user, which fails because admin access is needed to create a user via the API.
Stack trace
Failures:
1) Plan check xss occurence in @mentions in issues mentions a user in a comment
Failure/Error:
Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)<img src=x onerror=alert(1)>"
user.password = "test1234"
end
QA::Resource::ApiFabricator::ResourceFabricationFailedError:
Fabrication of QA::Resource::User using the API failed (403) with `{"message":"403 Forbidden"}`.
# ./qa/resource/api_fabricator.rb:89:in `api_post'
# ./qa/resource/api_fabricator.rb:33:in `fabricate_via_api!'
# ./qa/resource/user.rb:79:in `rescue in fabricate_via_api!'
# ./qa/resource/user.rb:76:in `fabricate_via_api!'
# ./qa/resource/base.rb:46:in `block (2 levels) in fabricate_via_api!'
# ./qa/resource/base.rb:135:in `log_fabrication'
# ./qa/resource/base.rb:46:in `block in fabricate_via_api!'
# ./qa/resource/base.rb:118:in `do_fabricate!'
# ./qa/resource/base.rb:45:in `fabricate_via_api!'
# ./qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb:7:in `block (3 levels) in <module:QA>'
# ./qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb:16:in `block (4 levels) in <module:QA>'
# ./qa/resource/base.rb:116:in `do_fabricate!'
# ./qa/resource/base.rb:45:in `fabricate_via_api!'
# ./qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb:14:in `block (3 levels) in <module:QA>'
# ./qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb:22:in `block (4 levels) in <module:QA>'
# ./qa/resource/base.rb:116:in `do_fabricate!'
# ./qa/resource/base.rb:45:in `fabricate_via_api!'
# ./qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb:21:in `block (3 levels) in <module:QA>'
# ./qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb:41:in `block (3 levels) in <module:QA>'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec/retry.rb:123:in `block in run'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec/retry.rb:110:in `loop'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec/retry.rb:110:in `run'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec_ext/rspec_ext.rb:12:in `run_with_retry'
# ./spec/spec_helper.rb:69:in `block (2 levels) in <top (required)>'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec/retry.rb:123:in `block in run'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec/retry.rb:110:in `loop'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec/retry.rb:110:in `run'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec_ext/rspec_ext.rb:12:in `run_with_retry'
# /usr/local/bundle/gems/rspec-retry-0.6.1/lib/rspec/retry.rb:37:in `block (2 levels) in setup'
Screenshot / HTML page
The screenshot shows a personal access token so I haven't included it.
But the sign in tab shows the wrong user logged in:
<li class="current-user">
<div class="user-name bold">
QA User (Quality Team's Test Account)
</div>
@gitlab-qa
</li>
It should be quality+qa_bot@gitlab.com
.
Possible fixes
Restore the sequence of test steps to what they were before 5882b387 so that the admin is logged in when the user is created.
Be sure to test the fix against Staging.
Edited by Nailia Iskhakova