[MediaWiki-commits] [Gerrit] Logging in via LoginPage#login_with is a security risk - change (mediawiki...MobileFrontend)

Wed, 17 Feb 2016 06:06:50 -0800 

Zfilipin has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/271251

Change subject: Logging in via LoginPage#login_with is a security risk
......................................................................

Logging in via LoginPage#login_with is a security risk

Log in via the API instead.

Bug: T127042
Change-Id: I862a37ef50ad8dca2fa854b14e01e7c689886fce
---
M tests/browser/features/step_definitions/common_steps.rb
M tests/browser/features/support/pages/special_userlogin_page.rb
2 files changed, 3 insertions(+), 13 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend 
refs/changes/51/271251/1

diff --git a/tests/browser/features/step_definitions/common_steps.rb 
b/tests/browser/features/step_definitions/common_steps.rb
index 08f7043..c69e771 100644
--- a/tests/browser/features/step_definitions/common_steps.rb
+++ b/tests/browser/features/step_definitions/common_steps.rb
@@ -14,21 +14,19 @@
 Given /^I am logged in as a new user$/ do
   step 'I am on the "Main Page" page'
   step 'I click on "Log in" in the main navigation menu'
-  # FIXME: Actually create a new user instead of using an existing one
-  on(SpecialUserLoginPage).login_with('Selenium_newuser', password)
+  log_in
 end
 
 Given(/^I am logged in as a user with a > (\d+) edit count$/) do |count|
   api.meta(:userinfo, uiprop: 'editcount').data['editcount'].upto(count.to_i) 
do |n|
     api.create_page("Ensure #{user} edit count - #{n + 1}", 'foo')
   end
-
-  visit(SpecialUserLoginPage).login_with(user, password)
+  log_in
 end
 
 Given(/^I am logged into the mobile website$/) do
   step 'I am using the mobile site'
-  visit(LoginPage).login_with(user, password, false)
+  log_in
   # avoids login failing (see https://phabricator.wikimedia.org/T109593)
   expect(on(ArticlePage).is_authenticated_element.when_present(20)).to exist
 end
diff --git a/tests/browser/features/support/pages/special_userlogin_page.rb 
b/tests/browser/features/support/pages/special_userlogin_page.rb
index 86361ae..7c9dce3 100644
--- a/tests/browser/features/support/pages/special_userlogin_page.rb
+++ b/tests/browser/features/support/pages/special_userlogin_page.rb
@@ -19,12 +19,4 @@
   # signup specific
   text_field(:confirmation_field, id: 'wpCaptchaWord')
   div(:refresh_captcha, id: 'mf-captcha-reload-container')
-
-  def login_with(username, password)
-    # deal with autocomplete
-    self.username_element.when_present.clear
-    self.username = username
-    self.password = password
-    login
-  end
 end

-- 
To view, visit https://gerrit.wikimedia.org/r/271251
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I862a37ef50ad8dca2fa854b14e01e7c689886fce
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: master
Gerrit-Owner: Zfilipin <zfili...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to