Add latest changes from gitlab-org/gitlab@13-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-20 17:34:42 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-20 17:34:42 +0300
commit: 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch)
tree: f9748c7e287041e37d6da49e0a29c9511dc34768 /spec/features/projects/issues
parent: dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff)
7 files changed, 299 insertions, 0 deletions
diff --git a/spec/features/projects/issues/design_management/user_paginates_designs_spec.rb b/spec/features/projects/issues/design_management/user_paginates_designs_spec.rb
new file mode 100644
index 00000000000..d9a72f2d5c5
--- /dev/null
+++ b/spec/features/projects/issues/design_management/user_paginates_designs_spec.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'User paginates issue designs', :js do
+  include DesignManagementTestHelpers
+
+  let(:project) { create(:project_empty_repo, :public) }
+  let(:issue) { create(:issue, project: project) }
+
+  before do
+    enable_design_management
+
+    create_list(:design, 2, :with_file, issue: issue)
+
+    visit project_issue_path(project, issue)
+
+    click_link 'Designs'
+
+    wait_for_requests
+
+    find('.js-design-list-item', match: :first).click
+  end
+
+  it 'paginates to next design' do
+    expect(find('.js-previous-design')[:disabled]).to eq('true')
+
+    page.within(find('.js-design-header')) do
+      expect(page).to have_content('1 of 2')
+    end
+
+    find('.js-next-design').click
+
+    expect(find('.js-previous-design')[:disabled]).not_to eq('true')
+
+    page.within(find('.js-design-header')) do
+      expect(page).to have_content('2 of 2')
+    end
+  end
+end
diff --git a/spec/features/projects/issues/design_management/user_permissions_upload_spec.rb b/spec/features/projects/issues/design_management/user_permissions_upload_spec.rb
new file mode 100644
index 00000000000..2238e86a47f
--- /dev/null
+++ b/spec/features/projects/issues/design_management/user_permissions_upload_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'User design permissions', :js do
+  include DesignManagementTestHelpers
+
+  let(:project) { create(:project_empty_repo, :public) }
+  let(:issue) { create(:issue, project: project) }
+
+  before do
+    enable_design_management
+
+    visit project_issue_path(project, issue)
+
+    click_link 'Designs'
+
+    wait_for_requests
+  end
+
+  it 'user does not have permissions to upload design' do
+    expect(page).not_to have_field('design_file')
+  end
+end
diff --git a/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb
new file mode 100644
index 00000000000..d160ab95a65
--- /dev/null
+++ b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb
@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'User uploads new design', :js do
+  include DesignManagementTestHelpers
+
+  let_it_be(:project) { create(:project_empty_repo, :public) }
+  let_it_be(:user) { project.owner }
+  let_it_be(:issue) { create(:issue, project: project) }
+
+  before do
+    sign_in(user)
+  end
+
+  context "when the feature is available" do
+    before do
+      enable_design_management
+
+      visit project_issue_path(project, issue)
+
+      click_link 'Designs'
+
+      wait_for_requests
+    end
+
+    it 'uploads designs' do
+      attach_file(:design_file, logo_fixture, make_visible: true)
+
+      expect(page).to have_selector('.js-design-list-item', count: 1)
+
+      within first('#designs-tab .js-design-list-item') do
+        expect(page).to have_content('dk.png')
+      end
+
+      attach_file(:design_file, gif_fixture, make_visible: true)
+
+      expect(page).to have_selector('.js-design-list-item', count: 2)
+    end
+  end
+
+  context 'when the feature is not available' do
+    before do
+      visit project_issue_path(project, issue)
+
+      click_link 'Designs'
+
+      wait_for_requests
+    end
+
+    it 'shows the message about requirements' do
+      expect(page).to have_content("To enable design management, you'll need to meet the requirements.")
+    end
+  end
+
+  def logo_fixture
+    Rails.root.join('spec', 'fixtures', 'dk.png')
+  end
+
+  def gif_fixture
+    Rails.root.join('spec', 'fixtures', 'banana_sample.gif')
+  end
+end
diff --git a/spec/features/projects/issues/design_management/user_views_design_images_spec.rb b/spec/features/projects/issues/design_management/user_views_design_images_spec.rb
new file mode 100644
index 00000000000..3d0f4df55c4
--- /dev/null
+++ b/spec/features/projects/issues/design_management/user_views_design_images_spec.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Users views raw design image files' do
+  include DesignManagementTestHelpers
+
+  let_it_be(:project) { create(:project, :public) }
+  let_it_be(:issue) { create(:issue, project: project) }
+  let_it_be(:design) { create(:design, :with_file, issue: issue, versions_count: 2) }
+  let(:newest_version) { design.versions.ordered.first }
+  let(:oldest_version) { design.versions.ordered.last }
+
+  before do
+    enable_design_management
+  end
+
+  it 'serves the latest design version when no ref is given' do
+    visit project_design_management_designs_raw_image_path(design.project, design)
+
+    expect(response_headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to eq(
+      workhorse_data_header_for_version(oldest_version.sha)
+    )
+  end
+
+  it 'serves the correct design version when a ref is given' do
+    visit project_design_management_designs_raw_image_path(design.project, design, oldest_version.sha)
+
+    expect(response_headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to eq(
+      workhorse_data_header_for_version(oldest_version.sha)
+    )
+  end
+
+  private
+
+  def workhorse_data_header_for_version(ref)
+    blob = project.design_repository.blob_at(ref, design.full_path)
+
+    Gitlab::Workhorse.send_git_blob(project.design_repository, blob).last
+  end
+end
diff --git a/spec/features/projects/issues/design_management/user_views_design_spec.rb b/spec/features/projects/issues/design_management/user_views_design_spec.rb
new file mode 100644
index 00000000000..707049b0068
--- /dev/null
+++ b/spec/features/projects/issues/design_management/user_views_design_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'User views issue designs', :js do
+  include DesignManagementTestHelpers
+
+  let_it_be(:project) { create(:project_empty_repo, :public) }
+  let_it_be(:issue) { create(:issue, project: project) }
+  let_it_be(:design) { create(:design, :with_file, issue: issue) }
+
+  before do
+    enable_design_management
+
+    visit project_issue_path(project, issue)
+
+    click_link 'Designs'
+  end
+
+  it 'opens design detail' do
+    click_link design.filename
+
+    page.within(find('.js-design-header')) do
+      expect(page).to have_content(design.filename)
+    end
+
+    expect(page).to have_selector('.js-design-image')
+  end
+end
diff --git a/spec/features/projects/issues/design_management/user_views_designs_spec.rb b/spec/features/projects/issues/design_management/user_views_designs_spec.rb
new file mode 100644
index 00000000000..a4fb7456922
--- /dev/null
+++ b/spec/features/projects/issues/design_management/user_views_designs_spec.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'User views issue designs', :js do
+  include DesignManagementTestHelpers
+
+  let_it_be(:project) { create(:project_empty_repo, :public) }
+  let_it_be(:issue) { create(:issue, project: project) }
+  let_it_be(:design) { create(:design, :with_file, issue: issue) }
+
+  before do
+    enable_design_management
+  end
+
+  context 'navigates from the issue view' do
+    before do
+      visit project_issue_path(project, issue)
+      click_link 'Designs'
+      wait_for_requests
+    end
+
+    it 'fetches list of designs' do
+      expect(page).to have_selector('.js-design-list-item', count: 1)
+    end
+  end
+
+  context 'navigates directly to the design collection view' do
+    before do
+      visit designs_project_issue_path(project, issue)
+    end
+
+    it 'expands the sidebar' do
+      expect(page).to have_selector('.layout-page.right-sidebar-expanded')
+    end
+  end
+
+  context 'navigates directly to the individual design view' do
+    before do
+      visit designs_project_issue_path(project, issue, vueroute: design.filename)
+    end
+
+    it 'sees the design' do
+      expect(page).to have_selector('.js-design-detail')
+    end
+  end
+end
diff --git a/spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb b/spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb
new file mode 100644
index 00000000000..a9e4aa899a7
--- /dev/null
+++ b/spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'User views an SVG design that contains XSS', :js do
+  include DesignManagementTestHelpers
+
+  let(:project) { create(:project_empty_repo, :public) }
+  let(:issue) { create(:issue, project: project) }
+  let(:file) { Rails.root.join('spec', 'fixtures', 'logo_sample.svg') }
+  let(:design) { create(:design, :with_file, filename: 'xss.svg', file: file, issue: issue) }
+
+  before do
+    enable_design_management
+
+    visit designs_project_issue_path(
+      project,
+      issue,
+      { vueroute: design.filename }
+    )
+
+    wait_for_requests
+  end
+
+  it 'has XSS within the SVG file' do
+    file_content = File.read(file)
+
+    expect(file_content).to include("<script>alert('FAIL')</script>")
+  end
+
+  it 'displays the SVG' do
+    expect(page).to have_selector("img.design-img[alt='xss.svg']", count: 1, visible: false)
+  end
+
+  it 'does not execute the JavaScript within the SVG' do
+    # The expectation is that we can call the capybara `page.dismiss_prompt`
+    # method to close a JavaScript alert prompt without a `Capybara::ModalNotFound`
+    # being raised.
+    run_expectation = -> {
+      page.dismiss_prompt(wait: 1)
+    }
+
+    # With the page loaded, there should be no alert modal
+    expect(run_expectation).to raise_error(
+      Capybara::ModalNotFound,
+      'Unable to find modal dialog'
+    )
+
+    # Perform a negative control test of the above expectation.
+    # With an alert modal displaying, the modal should be dismissable.
+    execute_script('alert(true)')
+
+    expect(run_expectation).not_to raise_error
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-20 17:34:42 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-20 17:34:42 +0300
commit	9f46488805e86b1bc341ea1620b866016c2ce5ed (patch)
tree	f9748c7e287041e37d6da49e0a29c9511dc34768 /spec/features/projects/issues
parent	dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff)