Commit 1eb72aa4 authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1774274: Added scenarios that incorporate checking popups



To allow checking for a popup we need to stop the after_step hook
closing the popup before we check it.

To do this we need to add tag called @allow_popups to the feature file
so that popups stay open for the next step to check

To use with steps:
- And I should not see a popup
- And I accept the alert popup
- And I accept the confirm popup
- And I cancel the confirm popup
- And I should see "text" in popup

Change-Id: I5fa4827b12b355204141dd8b052bc4f5c77ae3a0
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 31f4f3a6
......@@ -21,7 +21,8 @@ use Behat\Mink\Exception\ExpectationException as ExpectationException,
Behat\Mink\Exception\ElementNotFoundException as ElementNotFoundException,
Behat\Mink\Exception\DriverException as DriverException,
WebDriver\Exception\NoSuchElement as NoSuchElement,
WebDriver\Exception\StaleElementReference as StaleElementReference;
WebDriver\Exception\StaleElementReference as StaleElementReference,
WebDriver\Exception\NoAlertOpenError;
/**
* Cross plugin steps definitions.
......@@ -249,6 +250,21 @@ class BehatGeneral extends BehatBase {
return $text == $this->getSession()->getDriver()->getWebDriverSession()->getAlert_text();
}
/**
* Assert the text is not in a popup window. This step does not work in all the browsers, consider it experimental.
* @Then /^I should not see a popup$/
* @return bool
*/
public function i_should_not_see_a_popup() {
try {
$text = $this->getSession()->getDriver()->getWebDriverSession()->getAlert_text();
throw new Exception('Popup window found when none expected.');
}
catch (NoAlertOpenError $e) {
return true;
}
}
/**
* Waits X seconds. Required after an action that requires data from an AJAX request.
*
......
......@@ -276,7 +276,10 @@ class BehatHooks extends BehatBase {
// the following scenarios. Some browsers already closes the alert, so
// wrapping in a try & catch.
try {
$this->getSession()->getDriver()->getWebDriverSession()->accept_alert();
$tags = $scope->getFeature()->getTags();
if (!in_array('allow_popups', $tags)) {
$this->getSession()->getDriver()->getWebDriverSession()->accept_alert();
}
}
catch (Exception $e) {
// Catching the generic one as we never know how drivers reacts here.
......
@javascript @core @core_administration
@javascript @core @core_administration @allow_popups
Feature:Injecting sql in groups search field
In order to inject javascript in group search field and group name field
As an admin
To see if mahara is secure enough
In order to inject javascript in group search field and group name field
As an admin
To see if mahara is secure enough
Background:
Given the following site settings are set:
| field | value |
| skins | 1 |
Scenario:Injecting sql in groups search field
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "My groups" in "Groups" from main menu
And I click on "Create group"
And I set the following fields to these values:
| Group name | <script>alert(1);</script> |
| Group description | <script>alert(1);</script> |
| Open| Off |
| Hide group | Off |
And I press "Save group"
And I should see "Group saved successfully"
And I choose "Administer groups" in "Groups" from administration menu
When I set the following fields to these values:
| search_query | <script>alert(1);</script> |
And I press "search_submit"
And I follow "About"
And I should see "About us"
Then I go to "homepage"
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "My groups" in "Groups" from main menu
And I click on "Create group"
And I set the following fields to these values:
| Group name | <script>alert(1);</script> |
| Group description | <script>alert(1);</script> |
| Open| Off |
| Hide group | Off |
And I press "Save group"
And I should see "Group saved successfully"
And I choose "Administer groups" in "Groups" from administration menu
When I set the following fields to these values:
| search_query | <script>alert(1);</script> |
And I press "search_submit"
And I follow "About"
And I should see "About us"
Then I go to "homepage"
# admin inject javascript in Skin title field. To see if mahara is secure enough
Scenario: Skin title not escaped in page settings form (Bug 1707076)
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "Skins" in "Portfolio" from main menu
And I click on "Create skin"
When I set the following fields to these values:
| Skin title | <script>alert(1);</script> |
| Skin description | <script>alert(1);</script> |
| Skin access | This is a private skin |
And I press "Save"
And I should see "Skin saved successfully"
And I should not see a popup
# check to see if "I should not see a popup" step definition fails when there is a page that has a popup
Scenario: I should see a popup
Given I log in as "admin" with password "Kupuh1pa!"
And I choose "Résumé" in "Content" from main menu
And I follow "Education and employment"
# Adding Education history
And I press "Add education history"
And I set the following fields to these values:
| addeducationhistory_startdate | 1 Jan 2009 |
| addeducationhistory_enddate | 2 Dec 2010 |
| addeducationhistory_institution | University of Life |
| addeducationhistory_institutionaddress | 2/103 Industrial Lane |
| addeducationhistory_qualtype | Masters of Arts |
| addeducationhistory_qualname | North American Cultural Studies |
| addeducationhistory_qualdescription | This qualification is a 4.5-year degree that ends in writing a Master's thesis. |
And I scroll to the base of id "educationhistoryform"
And I attach the file "Image2.png" to "Attach file"
When I press "Save"
And I follow "Delete"
And I should see "Are you sure you want to delete this?" in popup
And I accept the confirm popup
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment