|
| 1 | +<?xml version="1.0" encoding="UTF-8"?> |
| 2 | +<!-- |
| 3 | + /** |
| 4 | + * Copyright © Magento, Inc. All rights reserved. |
| 5 | + * See COPYING.txt for license details. |
| 6 | + */ |
| 7 | +--> |
| 8 | + |
| 9 | +<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| 10 | + xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd"> |
| 11 | + <test name="CheckXSSVulnerabilityDuringOrderCreationTest"> |
| 12 | + <annotations> |
| 13 | + <features value="Sales"/> |
| 14 | + <stories value="Create order"/> |
| 15 | + <title value="Check XSS vulnerability during order creation test"/> |
| 16 | + <description value="Order should not be created with XSS vulnerability in email address"/> |
| 17 | + <severity value="CRITICAL"/> |
| 18 | + <testCaseId value="MC-11438"/> |
| 19 | + <group value="sales"/> |
| 20 | + </annotations> |
| 21 | + <before> |
| 22 | + <!-- Create product --> |
| 23 | + <createData entity="SimpleProduct2" stepKey="createProduct"/> |
| 24 | + </before> |
| 25 | + <after> |
| 26 | + <!-- Delete product --> |
| 27 | + <deleteData createDataKey="createProduct" stepKey="deleteProduct"/> |
| 28 | + |
| 29 | + <!-- Log out --> |
| 30 | + <actionGroup ref="logout" stepKey="logout"/> |
| 31 | + </after> |
| 32 | + |
| 33 | + <!-- Add product to the shopping cart --> |
| 34 | + <actionGroup ref="OpenStoreFrontProductPageActionGroup" stepKey="openProductPage"> |
| 35 | + <argument name="productUrlKey" value="$$createProduct.custom_attributes[url_key]$$"/> |
| 36 | + </actionGroup> |
| 37 | + <actionGroup ref="StorefrontAddProductToCartActionGroup" stepKey="addProductToCart"> |
| 38 | + <argument name="product" value="$$createProduct$$"/> |
| 39 | + <argument name="productCount" value="1"/> |
| 40 | + </actionGroup> |
| 41 | + |
| 42 | + <!-- Try to create order on Storefront with provided email --> |
| 43 | + <actionGroup ref="GoToCheckoutFromMinicartActionGroup" stepKey="goToCheckoutFromMinicart"/> |
| 44 | + <actionGroup ref="StorefrontFillEmailFieldOnCheckoutActionGroup" stepKey="fillIncorrectEmailStorefront"> |
| 45 | + <argument name="email" value="{{Simple_US_Customer_Incorrect_Email.email}}"/> |
| 46 | + </actionGroup> |
| 47 | + |
| 48 | + <!-- Order can not be created --> |
| 49 | + <actionGroup ref="AssertStorefrontEmailValidationMessageOnCheckoutActionGroup" stepKey="assertErrorMessageStorefront"/> |
| 50 | + |
| 51 | + <!-- Login as admin --> |
| 52 | + <actionGroup ref="LoginAsAdmin" stepKey="loginAsAdmin"/> |
| 53 | + |
| 54 | + <!-- Try to create order in admin with provided email --> |
| 55 | + <actionGroup ref="navigateToNewOrderPageNewCustomerSingleStore" stepKey="navigateToNewOrderPage"/> |
| 56 | + <fillField selector="{{AdminOrderFormAccountSection.email}}" userInput="{{Simple_US_Customer_Incorrect_Email.email}}" stepKey="fillEmailAddressAdminPanel"/> |
| 57 | + <click selector="{{AdminOrderFormActionSection.submitOrder}}" stepKey="clickSubmitOrder"/> |
| 58 | + |
| 59 | + <!-- Order can not be created --> |
| 60 | + <actionGroup ref="AssertAdminEmailValidationMessageOnCheckoutActionGroup" stepKey="assertErrorMessageAdminPanel"/> |
| 61 | + </test> |
| 62 | +</tests> |
0 commit comments