team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Broken Authorization specs added.

Browse Source
This commit is contained in:
chrismo
2013-09-27 17:30:57 -05:00
parent 269d5a0075
commit 1c8b6e9e17
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/features/broken_auth_spec.rb
+25
View File
@@ -0,0 +1,25 @@
require 'spec_helper'
feature 'broken_auth' do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario 'TMI during login', :js => true do
visit '/'
within('.signup') do
fill_in 'email', :with => @normal_user.email + 'not'
fill_in 'password', :with => @normal_user.clear_password
end
click_on 'Login'
find('div#flash_notice').text.should == "#{@normal_user.email}not doesn't exist!"
within('.signup') do
fill_in 'email', :with => @normal_user.email
fill_in 'password', :with => @normal_user.clear_password + 'not'
end
click_on 'Login'
find('div#flash_notice').text.should == 'Incorrect Password!'
end
end
spec/features/xss_spec.rb
+1 -1
View File
@@ -6,7 +6,7 @@ feature 'xss' do
@normal_user = UserFixture.normal_user @normal_user = UserFixture.normal_user
end end
scenario 'injection attack on account_settings', :js => true do scenario 'xss attack on account_settings', :js => true do
login @normal_user login @normal_user
visit "/users/#{@normal_user.user_id}/account_settings" visit "/users/#{@normal_user.user_id}/account_settings"