DAST Site validation - Add Validation Component - Frontend
- Related issue: #238577 (closed)
What does this MR do?
Implements the basic DAST Site validation component.
How to test this?
- Enable the
security_on_demand_scans_site_validation
feature flag.
echo "Feature.enable(:security_on_demand_scans_site_validation)" | rails c
- Access the DAST Site Profile from from any project at
/:namepspace/:project/-/on_demand_scans/profiles/dast_site_profiles/new
Screenshots
Situation | Screenshot |
---|---|
Target URL empty (or invalid). | |
Target URL valid. | |
Validation enabled. | |
Validation failed. | |
Validation succeeded. |
Recordings
Situation | Recording |
---|---|
1. Initially, the Validate target site toggle is off and disabled. Once a valid target URL has been typed in, the toggle becomes enabled. | 1 |
2. When the toggle is switched to the on state, we check the site's validation status in the background. The toggle is put in the loading state in the meanwhile. At this point, the Save profile button becomes disabled as long as the toggle is on and the site isn't validated. The Target URL input is disabled as long as validation is on. Once we get the validation status, and if the site hasn't been validated yet, we show the validation section. | 2 |
3. If the site can not be validated, an error message appears next to the Validate button. | 3 |
4. Once all the necessary steps for validating the site have been completed, clicking on the Validate button triggers a request to actually validate the site. Once the request succeeds, the validation section is collapsed, a success message is displayed, and the Save profile button is enabled. | 4 |
5. At this point, switching the toggle back to the off position resets the validation components to their original state. | 5 |
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry (not needed, behind a feature flag)
- [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Edited by Paul Gascou-Vaillancourt