team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw

Browse Source
This commit is contained in:
cktricky
2014-03-15 21:58:42 -04:00
parent 9951af6170
commit 1f922916d2
4 changed files with 141 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/pay_controller.rb
+15 -1
View File
@@ -4,9 +4,23 @@ class PayController < ApplicationController
end
def update_dd_info
msg = false
pay = Pay.new(
:bank_account_num => params[:bank_account_num],
:bank_routing_num => params[:bank_routing_num],
:percent_of_deposit => params[:dd_percent]
)
pay.user_id = current_user.user_id
msg = true if pay.save!
respond_to do |format|
format.json {render :json => {:hello => :world} }
format.json {render :json => {:msg => :world} }
end
end
def show
respond_to do |format|
format.json { render :json => {:user => current_user.pay.as_json} }
end
end
end
app/models/pay.rb
+20
View File
@@ -1,5 +1,25 @@
class Pay < ActiveRecord::Base
# mass-assignable attributes
attr_accessible :bank_account_num, :bank_routing_num, :percent_of_deposit
# Associations
belongs_to :user
# Validations
validates :bank_account_num, presence: true
validates :bank_routing_num, presence: true
validates :percent_of_deposit, presence: true
# actions
before_save :encrypt_bank_account_num
def as_json
super(only: [:bank_account_num, :bank_routing_num, :percent_of_deposit])
end
def encrypt_bank_account_num
self.bank_account_num = Encryption.encrypt_sensitive_value(self.bank_account_num)
end
end
app/views/pay/index.html.erb
+103 -122
View File
@@ -63,149 +63,126 @@
</div>
</div>
<!-- End Row-Fluid for Inputs-->
<!-- Begin Table Stuff -->
<div class="row-fluid">
<div class="span9">
<div class="widget no-margin">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe14a;"></span> Deletable Table Row
</div>
</div>
<div class="widget-body">
<table class="table table-striped table-bordered no-margin">
<thead>
<tr>
<th style="width:25%">
Bank Account Number
</th>
<th style="width:25%">
Bank Routing Number
</th>
<th style="width:25%">
Percentage of Deposit
</th>
<th style="width:25%">
Actions
</th>
</tr>
</thead>
<tbody>
<tr>
<td >
1
</td>
<td>
Srinu
</td>
<td class="hidden-phone">
Active
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<!-- ###################-->
<!-- Begin Dynamic Table ColSpan Table -->
<div class="row-fluid">
<div class="span9">
<div class="widget">
<!-- Begin Widget Header-->
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe14a;"></span> Accounts
</div>
</div>
<!-- End Widget Header-->
<div class="widget-body">
<div id="dt_example" class="example_alt_pagination">
<table class="table table-condensed table-striped table-hover table-bordered pull-left" id="data_table">
<thead>
<tr>
<th style="width:25%">
Bank Account Number
</th>
<th style="width:25%">
Bank Routing Number
</th>
<th style="width:25%">
Percentage of Deposit
</th>
<th style="width:25%">
Action
</th>
</tr>
</thead>
<tbody>
<!--<tr>
<td>
December
</td>
<td>
14.7 %
</td>
<td>
31.1 %
</td>
<td>
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
<tr>
<td>
2
</td>
<td>
Baswa
</td>
<td class="hidden-phone">
Active
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
<tr>
<td>
3
</td>
<td>
Prem
</td>
<td class="hidden-phone">
Inactive
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
<tr>
<td>
4
</td>
<td>
Arjun
</td>
<td class="hidden-phone">
Active
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
<tr>
<td>
5
</td>
<td>
Gajju
</td>
<td class="hidden-phone">
Inactive
</td>
<td class="hidden-phone">
<a class="delete-row" data-original-title="Delete" href="#">
<i class="icon-trash">
</i>
</a>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<!-- End Table Stuff-->
</div>
</td>
</tr>-->
</tbody>
</table>
<div class="clearfix">
</div>
</div>
</div> <!-- end of widget body-->
</div>
</div>
</div
<!-- End Dynamic Table ColSpan Table -->
<!-- ###################-->
</div>
</div>
<%= javascript_include_tag "jquery.dataTables.js" %>
<script type="text/javascript">
function parseDirectDepostInfo(response){
var msg = jQuery.parseJSON(JSON.stringify(response));
$.each(msg.user, function(index, val){
$('#data_table').dataTable().fnAddData( [
val.bank_account_num,
val.bank_routing_num,
val.percent_of_deposit,
"test"
] );
});
};
function populateTable() {
$('#data_table').dataTable().fnClearTable();
$.ajax({
url: <%= sanitize(user_pay_path(:format => "json", :user_id => current_user.user_id, :id => current_user.user_id).inspect) %>,
type: "GET",
success: function(response) {
parseDirectDepostInfo(response);
},
error: function(event) {
$('#failure').show(500).delay(1500).fadeOut();
}
});
};
function createDataTable(){
$('#data_table').dataTable({
"sPaginationType": "full_numbers"
});
};
$('.delete-row').click(function () {
var conf = confirm('Continue delete?');
if (conf) $(this).parents('tr').fadeOut(function () {
$(this).remove();
});
return false;
});
return false;
});
$("#dd_form_btn").click(function(event) {
var valuesToSubmit = $("#bank_info_form").serialize();
event.preventDefault();
$.ajax({
url: <%= sanitize(update_dd_info_user_pay_index_path(:format => "json").inspect) %>,
url: <%= sanitize(update_dd_info_user_pay_index_path(:format => "json").inspect) %>,
data: valuesToSubmit,
type: "POST",
success: function(response) {
$('#success').show(500).delay(1500).fadeOut();
populateTable();
},
error: function(event) {
$('#failure').show(500).delay(1500).fadeOut();
@@ -217,6 +194,10 @@ $("#dd_form_btn").click(function(event) {
$('li[id="pay"]').addClass('active');
};
$(document).ready(makeActive)
$(document).ready(
makeActive,
createDataTable(),
populateTable()
)
</script>
config/environments/development.rb
+3
View File
@@ -29,6 +29,9 @@ Railsgoat::Application.configure do
# with SQLite, MySQL, and PostgreSQL)
config.active_record.auto_explain_threshold_in_seconds = 0.5
# Tired of caching causing issues
config.middleware.delete Rack::ETag
# Do not compress assets
config.assets.compress = false