Zfilipin has uploaded a new change for review. https://gerrit.wikimedia.org/r/271251
Change subject: Logging in via LoginPage#login_with is a security risk ...................................................................... Logging in via LoginPage#login_with is a security risk Log in via the API instead. Bug: T127042 Change-Id: I862a37ef50ad8dca2fa854b14e01e7c689886fce --- M tests/browser/features/step_definitions/common_steps.rb M tests/browser/features/support/pages/special_userlogin_page.rb 2 files changed, 3 insertions(+), 13 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend refs/changes/51/271251/1 diff --git a/tests/browser/features/step_definitions/common_steps.rb b/tests/browser/features/step_definitions/common_steps.rb index 08f7043..c69e771 100644 --- a/tests/browser/features/step_definitions/common_steps.rb +++ b/tests/browser/features/step_definitions/common_steps.rb @@ -14,21 +14,19 @@ Given /^I am logged in as a new user$/ do step 'I am on the "Main Page" page' step 'I click on "Log in" in the main navigation menu' - # FIXME: Actually create a new user instead of using an existing one - on(SpecialUserLoginPage).login_with('Selenium_newuser', password) + log_in end Given(/^I am logged in as a user with a > (\d+) edit count$/) do |count| api.meta(:userinfo, uiprop: 'editcount').data['editcount'].upto(count.to_i) do |n| api.create_page("Ensure #{user} edit count - #{n + 1}", 'foo') end - - visit(SpecialUserLoginPage).login_with(user, password) + log_in end Given(/^I am logged into the mobile website$/) do step 'I am using the mobile site' - visit(LoginPage).login_with(user, password, false) + log_in # avoids login failing (see https://phabricator.wikimedia.org/T109593) expect(on(ArticlePage).is_authenticated_element.when_present(20)).to exist end diff --git a/tests/browser/features/support/pages/special_userlogin_page.rb b/tests/browser/features/support/pages/special_userlogin_page.rb index 86361ae..7c9dce3 100644 --- a/tests/browser/features/support/pages/special_userlogin_page.rb +++ b/tests/browser/features/support/pages/special_userlogin_page.rb @@ -19,12 +19,4 @@ # signup specific text_field(:confirmation_field, id: 'wpCaptchaWord') div(:refresh_captcha, id: 'mf-captcha-reload-container') - - def login_with(username, password) - # deal with autocomplete - self.username_element.when_present.clear - self.username = username - self.password = password - login - end end -- To view, visit https://gerrit.wikimedia.org/r/271251 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I862a37ef50ad8dca2fa854b14e01e7c689886fce Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/MobileFrontend Gerrit-Branch: master Gerrit-Owner: Zfilipin <zfili...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits