diff options
Diffstat (limited to 'qa/qa/specs/features/browser_ui/1_manage')
9 files changed, 133 insertions, 68 deletions
diff --git a/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb index a2eca6278d0..b576ab75c69 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb @@ -17,11 +17,10 @@ module QA end let(:imported_issue) do - Resource::Issue.init do |resource| - resource.project = imported_project - resource.iid = imported_project.issues.first[:iid] - resource.api_client = api_client - end.reload! + build(:issue, + project: imported_project, + iid: imported_project.issues.first[:iid], + api_client: api_client).reload! end let(:imported_issue_events) do diff --git a/qa/qa/specs/features/browser_ui/1_manage/integrations/slash_commands_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/integrations/slash_commands_spec.rb index 99be4e87251..9e6d79316ac 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/integrations/slash_commands_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/integrations/slash_commands_spec.rb @@ -55,12 +55,7 @@ module QA end context 'with gitlab issue' do - let!(:issue) do - Resource::Issue.fabricate_via_api! do |issue| - issue.project = project - end - end - + let!(:issue) { create(:issue, project: project) } let(:comment) { "Comment #{SecureRandom.hex(6)}" } it 'displays an issue', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/377891' do diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb index f2582d47723..3a1bf2b5fa2 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/2fa_recovery_spec.rb @@ -3,17 +3,9 @@ module QA RSpec.describe 'Manage', :requires_admin, :skip_live_env, :reliable do describe '2FA', product_group: :authentication_and_authorization do - let(:owner_user) do - Resource::User.fabricate_via_api! do |usr| - usr.api_client = admin_api_client - end - end + let(:owner_user) { create(:user, api_client: admin_api_client) } - let(:developer_user) do - Resource::User.fabricate_via_api! do |resource| - resource.api_client = admin_api_client - end - end + let(:developer_user) { create(:user, api_client: admin_api_client) } let(:sandbox_group) do Resource::Sandbox.fabricate! do |sandbox_group| diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/2fa_ssh_recovery_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/2fa_ssh_recovery_spec.rb index 9484f15f35d..d533855688d 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/2fa_ssh_recovery_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/2fa_ssh_recovery_spec.rb @@ -3,7 +3,7 @@ module QA context 'Manage', :reliable, :requires_admin, :skip_live_env, product_group: :authentication_and_authorization do describe '2FA' do - let!(:user) { Resource::User.fabricate_via_api! } + let!(:user) { create(:user) } let!(:user_api_client) { Runtime::API::Client.new(:gitlab, user: user) } let(:address) { QA::Runtime::Scenario.gitlab_address } let(:uri) { URI.parse(address) } diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/log_in_with_2fa_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/log_in_with_2fa_spec.rb index 89f15759b54..d7f088e08e3 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/log_in_with_2fa_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/log_in_with_2fa_spec.rb @@ -6,12 +6,7 @@ module QA let(:admin_api_client) { Runtime::API::Client.as_admin } let(:owner_api_client) { Runtime::API::Client.new(:gitlab, user: owner_user) } - let!(:owner_user) do - Resource::User.fabricate_via_api! do |usr| - usr.username = "owner_user_#{SecureRandom.hex(4)}" - usr.api_client = admin_api_client - end - end + let!(:owner_user) { create(:user, username: "owner_user_#{SecureRandom.hex(4)}", api_client: admin_api_client) } let(:sandbox_group) do Flow::Login.sign_in(as: owner_user) @@ -22,30 +17,31 @@ module QA end let(:group) do - create(:group, sandbox: sandbox_group, api_client: owner_api_client, path: "group-with-2fa-#{SecureRandom.hex(8)}") + create(:group, sandbox: sandbox_group, api_client: owner_api_client, + path: "group-with-2fa-#{SecureRandom.hex(8)}") end - let(:developer_user) do - Resource::User.fabricate_via_api! do |resource| - resource.username = "developer_user_#{SecureRandom.hex(4)}" - resource.api_client = admin_api_client - end - end + let(:developer_user) { create(:user, username: "developer_user_#{SecureRandom.hex(4)}", api_client: admin_api_client) } - let(:two_fa_expected_text) { /The group settings for.*require you to enable Two-Factor Authentication for your account.*You need to do this before/ } + let(:two_fa_expected_text) do + /The group settings for.*require you to enable Two-Factor Authentication for your account.*You need to do this before/ + end before do group.add_member(developer_user, Resource::Members::AccessLevel::DEVELOPER) end + after do + group.set_require_two_factor_authentication(value: 'false') + group.remove_via_api! do |resource| + resource.api_client = admin_api_client + end + developer_user.remove_via_api! + end + it( 'allows enforcing 2FA via UI and logging in with 2FA', - testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347931', - quarantine: { - type: :bug, - only: { condition: -> { QA::Runtime::Env.super_sidebar_enabled? } }, - issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/409336' - } + testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347931' ) do enforce_two_factor_authentication_on_group(group) @@ -68,21 +64,13 @@ module QA expect(Page::Main::Menu.perform(&:signed_in?)).to be_truthy end - after do - group.set_require_two_factor_authentication(value: 'false') - group.remove_via_api! do |resource| - resource.api_client = admin_api_client - end - developer_user.remove_via_api! - end - # We are intentionally using the UI to enforce 2FA to exercise the flow with UI. # Any future tests should use the API for this purpose. def enforce_two_factor_authentication_on_group(group) Flow::Login.while_signed_in(as: owner_user) do group.visit! - Page::Group::Menu.perform(&:click_group_general_settings_item) + Page::Group::Menu.perform(&:go_to_general_settings) Page::Group::Settings::General.perform(&:set_require_2fa_enabled) QA::Support::Retrier.retry_on_exception(reload_page: page) do diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb index b2aa3166b9d..c7bfe4daa84 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb @@ -3,7 +3,7 @@ module QA RSpec.describe 'Manage', :skip_live_env, requires_admin: 'creates users and instance OAuth application', product_group: :authentication_and_authorization do - let!(:user) { Resource::User.fabricate_via_api! } + let!(:user) { create(:user) } let(:consumer_host) { "http://#{consumer_name}.#{Runtime::Env.running_in_ci? ? 'test' : 'bridge'}" } let(:instance_oauth_app) do Resource::InstanceOauthApplication.fabricate! do |application| diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb index 5f31ac412d6..6b22a7f6eec 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb @@ -17,7 +17,12 @@ module QA RSpec.describe 'Manage', :skip_signup_disabled, :requires_admin, product_group: :authentication_and_authorization do describe 'while LDAP is enabled', :orchestrated, :ldap_no_tls, - testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347934' do + testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347934', + quarantine: { + only: { job: 'airgapped' }, + issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247', + type: :investigating + } do before do # When LDAP is enabled, a previous test might have created a token for the LDAP 'tanuki' user who is not an admin # So we need to set it to nil in order to create a new token for admin user so that we are able to set_application_settings @@ -43,7 +48,12 @@ module QA end describe 'standard', :reliable, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347867' do - context 'when admin approval is not required' do + context 'when admin approval is not required', + quarantine: { + only: { job: 'airgapped' }, + issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247', + type: :investigating + } do before(:all) do set_require_admin_approval_after_user_signup(false) end @@ -51,11 +61,7 @@ module QA it_behaves_like 'registration and login' context 'when user account is deleted' do - let(:user) do - Resource::User.fabricate_via_api! do |resource| - resource.api_client = admin_api_client - end - end + let(:user) { create(:user, api_client: admin_api_client) } before do # Use the UI instead of API to delete the account since @@ -101,7 +107,13 @@ module QA end end - context 'when admin approval is required' do + context 'when admin approval is required', + testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347871', + quarantine: { + only: { job: 'airgapped' }, + issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247', + type: :investigating + } do let(:signed_up_waiting_approval_text) do 'You have signed up successfully. However, we could not sign you in because your account is awaiting approval from your GitLab administrator.' end @@ -125,8 +137,7 @@ module QA set_require_admin_approval_after_user_signup(false) end - it 'allows user login after approval', - testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347871' do + it 'allows user login after approval' do user # sign up user expect(page).to have_text(signed_up_waiting_approval_text) diff --git a/qa/qa/specs/features/browser_ui/1_manage/user/impersonation_token_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/user/impersonation_token_spec.rb index ce5d9307769..27ce6565068 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/user/impersonation_token_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/user/impersonation_token_spec.rb @@ -5,12 +5,7 @@ module QA describe 'Impersonation tokens', :requires_admin, product_group: :authentication_and_authorization do let(:admin_api_client) { Runtime::API::Client.as_admin } - let!(:user) do - Resource::User.fabricate_via_api! do |usr| - usr.api_client = admin_api_client - usr.hard_delete_on_api_removal = true - end - end + let!(:user) { create(:user, :hard_delete, api_client: admin_api_client) } it( 'can be created and revoked via the UI', diff --git a/qa/qa/specs/features/browser_ui/1_manage/user/user_access_termination_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/user/user_access_termination_spec.rb new file mode 100644 index 00000000000..b67143276e8 --- /dev/null +++ b/qa/qa/specs/features/browser_ui/1_manage/user/user_access_termination_spec.rb @@ -0,0 +1,85 @@ +# frozen_string_literal: true + +module QA + RSpec.describe 'Manage' do + # TODO: `:reliable` should be added back once https://gitlab.com/gitlab-org/gitlab/-/issues/359278 is resolved + describe 'User', :requires_admin, product_group: :authentication_and_authorization do + # rubocop:disable RSpec/InstanceVariable + before(:all) do + admin_api_client = Runtime::API::Client.as_admin + + @user = create(:user, api_client: admin_api_client) + + @user_api_client = Runtime::API::Client.new(:gitlab, user: @user) + + # Use UI to create the top-level group as the `top_level_group_creation_enabled` feature flag + # could be disabled on live environments + @sandbox = Resource::Sandbox.fabricate! do |sandbox_group| + sandbox_group.path = "sandbox-for-access-termination-#{SecureRandom.hex(4)}" + end + + group = create(:group, path: "group-to-test-access-termination-#{SecureRandom.hex(8)}", sandbox: @sandbox) + + @sandbox.add_member(@user) + + @project = create(:project, :with_readme, name: 'project-for-user-group-access-termination', group: group) + end + + after(:all) do + @sandbox.remove_via_api! + end + + context 'when parent group membership is terminated' do + before do + @sandbox.remove_member(@user) + end + + it 'is not allowed to push code via the CLI', + testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347863' do + QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do + expect do + Resource::Repository::Push.fabricate! do |push| + push.repository_http_uri = @project.repository_http_location.uri + push.file_name = 'test.txt' + push.file_content = "# This is a test project named #{@project.name}" + push.commit_message = 'Add test.txt' + push.branch_name = "new_branch_#{SecureRandom.hex(8)}" + push.user = @user + end + end.to raise_error(QA::Support::Run::CommandError, /You are not allowed to push code to this project/) + end + end + + it 'is not allowed to create a file via the API', + testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347864' do + QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do + expect do + create(:file, + api_client: @user_api_client, + project: @project, + branch: "new_branch_#{SecureRandom.hex(8)}") + end.to raise_error(Resource::ApiFabricator::ResourceFabricationFailedError, /403 Forbidden/) + end + end + + it 'is not allowed to commit via the API', + testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347865' do + QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do + expect do + Resource::Repository::Commit.fabricate_via_api! do |commit| + commit.api_client = @user_api_client + commit.project = @project + commit.branch = "new_branch_#{SecureRandom.hex(8)}" + commit.start_branch = @project.default_branch + commit.commit_message = 'Add new file' + commit.add_files([{ file_path: 'test.txt', content: 'new file' }]) + end + end.to raise_error(Resource::ApiFabricator::ResourceFabricationFailedError, + /403 Forbidden - You are not allowed to push into this branch/) + end + end + end + # rubocop:enable RSpec/InstanceVariable + end + end +end |