team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw

Browse Source
This commit is contained in:
cktricky
2014-03-15 21:58:42 -04:00
parent 9951af6170
commit 1f922916d2
4 changed files with 141 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/pay_controller.rb
+15 -1
View File
@@ -4,9 +4,23 @@ class PayController < ApplicationController
end end
def update_dd_info def update_dd_info
msg = false
pay = Pay.new(
:bank_account_num => params[:bank_account_num],
:bank_routing_num => params[:bank_routing_num],
:percent_of_deposit => params[:dd_percent]
)
pay.user_id = current_user.user_id
msg = true if pay.save!
respond_to do |format| respond_to do |format|
format.json {render :json => {:hello => :world} } format.json {render :json => {:msg => :world} }
end end
end end
def show
respond_to do |format|
format.json { render :json => {:user => current_user.pay.as_json} }
end
end
end end
app/models/pay.rb
+20
View File
@@ -1,5 +1,25 @@
class Pay < ActiveRecord::Base class Pay < ActiveRecord::Base
# mass-assignable attributes
attr_accessible :bank_account_num, :bank_routing_num, :percent_of_deposit attr_accessible :bank_account_num, :bank_routing_num, :percent_of_deposit
# Associations
belongs_to :user belongs_to :user
# Validations
validates :bank_account_num, presence: true
validates :bank_routing_num, presence: true
validates :percent_of_deposit, presence: true
# actions
before_save :encrypt_bank_account_num
def as_json
super(only: [:bank_account_num, :bank_routing_num, :percent_of_deposit])
end
def encrypt_bank_account_num
self.bank_account_num = Encryption.encrypt_sensitive_value(self.bank_account_num)
end
end end
app/views/pay/index.html.erb
+103 -122
View File
@@ -63,149 +63,126 @@
</div> </div>
</div> </div>
<!-- End Row-Fluid for Inputs--> <!-- End Row-Fluid for Inputs-->
<!-- Begin Table Stuff -->
<div class="row-fluid"> <!-- ###################-->
<div class="span9"> <!-- Begin Dynamic Table ColSpan Table -->
<div class="widget no-margin"> <div class="row-fluid">
<div class="widget-header"> <div class="span9">
<div class="title"> <div class="widget">
<span class="fs1" aria-hidden="true" data-icon="&#xe14a;"></span> Deletable Table Row
</div> <!-- Begin Widget Header-->
</div> <div class="widget-header">
<div class="widget-body"> <div class="title">
<table class="table table-striped table-bordered no-margin"> <span class="fs1" aria-hidden="true" data-icon="&#xe14a;"></span> Accounts
<thead> </div>
<tr> </div>
<th style="width:25%"> <!-- End Widget Header-->
Bank Account Number <div class="widget-body">
</th> <div id="dt_example" class="example_alt_pagination">
<th style="width:25%"> <table class="table table-condensed table-striped table-hover table-bordered pull-left" id="data_table">
Bank Routing Number <thead>
</th> <tr>
<th style="width:25%"> <th style="width:25%">
Percentage of Deposit Bank Account Number
</th> </th>
<th style="width:25%"> <th style="width:25%">
Actions Bank Routing Number
</th> </th>
</tr> <th style="width:25%">
</thead> Percentage of Deposit
<tbody> </th>
<tr> <th style="width:25%">
<td > Action
1 </th>
</td> </tr>
<td> </thead>
Srinu <tbody>
</td> <!--<tr>
<td class="hidden-phone"> <td>
Active December
</td> </td>
<td class="hidden-phone"> <td>
<a class="delete-row" data-original-title="Delete" href="#"> 14.7 %
</td>
<td>
31.1 %
</td>
<td>
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash"> <i class="icon-trash">
</i> </i>
</a> </a>
</td> </td>
</tr> </tr>-->
<tr> </tbody>
<td> </table>
2 <div class="clearfix">
</td> </div>
<td> </div>
Baswa </div> <!-- end of widget body-->
</td> </div>
<td class="hidden-phone"> </div>
Active </div
</td> <!-- End Dynamic Table ColSpan Table -->
<td class="hidden-phone"> <!-- ###################-->
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
<tr>
<td>
3
</td>
<td>
Prem
</td>
<td class="hidden-phone">
Inactive
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
<tr>
<td>
4
</td>
<td>
Arjun
</td>
<td class="hidden-phone">
Active
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
<tr>
<td>
5
</td>
<td>
Gajju
</td>
<td class="hidden-phone">
Inactive
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<!-- End Table Stuff-->
</div>
</div> </div>
</div> </div>
<%= javascript_include_tag "jquery.dataTables.js" %>
<script type="text/javascript"> <script type="text/javascript">
function parseDirectDepostInfo(response){
var msg = jQuery.parseJSON(JSON.stringify(response));
$.each(msg.user, function(index, val){
$('#data_table').dataTable().fnAddData( [
val.bank_account_num,
val.bank_routing_num,
val.percent_of_deposit,
"test"
] );
});
};
function populateTable() {
$('#data_table').dataTable().fnClearTable();
$.ajax({
url: <%= sanitize(user_pay_path(:format => "json", :user_id => current_user.user_id, :id => current_user.user_id).inspect) %>,
type: "GET",
success: function(response) {
parseDirectDepostInfo(response);
},
error: function(event) {
$('#failure').show(500).delay(1500).fadeOut();
}
});
};
function createDataTable(){
$('#data_table').dataTable({
"sPaginationType": "full_numbers"
});
};
$('.delete-row').click(function () { $('.delete-row').click(function () {
var conf = confirm('Continue delete?'); var conf = confirm('Continue delete?');
if (conf) $(this).parents('tr').fadeOut(function () { if (conf) $(this).parents('tr').fadeOut(function () {
$(this).remove(); $(this).remove();
}); });
return false; return false;
}); });
$("#dd_form_btn").click(function(event) { $("#dd_form_btn").click(function(event) {
var valuesToSubmit = $("#bank_info_form").serialize(); var valuesToSubmit = $("#bank_info_form").serialize();
event.preventDefault(); event.preventDefault();
$.ajax({ $.ajax({
url: <%= sanitize(update_dd_info_user_pay_index_path(:format => "json").inspect) %>, url: <%= sanitize(update_dd_info_user_pay_index_path(:format => "json").inspect) %>,
data: valuesToSubmit, data: valuesToSubmit,
type: "POST", type: "POST",
success: function(response) { success: function(response) {
$('#success').show(500).delay(1500).fadeOut(); $('#success').show(500).delay(1500).fadeOut();
populateTable();
}, },
error: function(event) { error: function(event) {
$('#failure').show(500).delay(1500).fadeOut(); $('#failure').show(500).delay(1500).fadeOut();
@@ -217,6 +194,10 @@ $("#dd_form_btn").click(function(event) {
$('li[id="pay"]').addClass('active'); $('li[id="pay"]').addClass('active');
}; };
$(document).ready(makeActive) $(document).ready(
makeActive,
createDataTable(),
populateTable()
)
</script> </script>
config/environments/development.rb
+3
View File
@@ -28,6 +28,9 @@ Railsgoat::Application.configure do
# Log the query plan for queries taking more than this (works # Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL) # with SQLite, MySQL, and PostgreSQL)
config.active_record.auto_explain_threshold_in_seconds = 0.5 config.active_record.auto_explain_threshold_in_seconds = 0.5
# Tired of caching causing issues
config.middleware.delete Rack::ETag
# Do not compress assets # Do not compress assets
config.assets.compress = false config.assets.compress = false