diff --git a/Gemfile b/Gemfile index ee1afb3..f51d914 100755 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,8 @@ source 'https://rubygems.org' #don't upgrade -gem 'rails', '3.2.19' +gem 'rails', '4.0.9' +gem 'protected_attributes' # For Rails 4.0+ ruby '2.1.2' @@ -44,15 +45,12 @@ end # Gems used only for assets and not required # in production environments by default. -group :assets do - gem 'sass-rails' - gem 'coffee-rails' - gem 'jquery-fileupload-rails' - # See https://github.com/sstephenson/execjs#readme for more supported runtimes - # gem 'therubyracer', :platforms => :ruby - - gem 'uglifier' -end +gem 'sass-rails' +gem 'coffee-rails' +gem 'jquery-fileupload-rails' +gem 'uglifier' +# See https://github.com/sstephenson/execjs#readme for more supported runtimes +# gem 'therubyracer', :platforms => :ruby gem 'jquery-rails' diff --git a/Gemfile.lock b/Gemfile.lock index b464d0b..657e83d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,35 +1,32 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.19) - actionpack (= 3.2.19) + actionmailer (4.0.9) + actionpack (= 4.0.9) mail (~> 2.5.4) - actionpack (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) - builder (~> 3.0.0) + actionpack (4.0.9) + activesupport (= 4.0.9) + builder (~> 3.1.0) erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.19) - activesupport (= 3.2.19) - builder (~> 3.0.0) - activerecord (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) - activesupport (3.2.19) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.9) + activesupport (= 4.0.9) + builder (~> 3.1.0) + activerecord (4.0.9) + activemodel (= 4.0.9) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.9) + arel (~> 4.0.0) + activerecord-deprecated_finders (1.0.3) + activesupport (4.0.9) + i18n (~> 0.6, >= 0.6.9) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) addressable (2.3.6) - arel (3.0.3) + arel (4.0.2) aruba (0.5.4) childprocess (>= 0.3.6) cucumber (>= 1.1.1) @@ -52,7 +49,7 @@ GEM sass (~> 3.0) slim (>= 1.3.6, < 3.0) terminal-table (~> 1.4) - builder (3.0.4) + builder (3.1.4) bundler-audit (0.3.1) bundler (~> 1.2) thor (~> 0.18) @@ -68,9 +65,9 @@ GEM ffi (~> 1.0, >= 1.0.11) cliver (0.3.2) coderay (1.1.0) - coffee-rails (3.2.2) + coffee-rails (4.0.1) coffee-script (>= 2.2.0) - railties (~> 3.2.0) + railties (>= 4.0.0, < 5.0) coffee-script (2.3.0) coffee-script-source execjs @@ -133,7 +130,6 @@ GEM hitimes (1.2.2) http_parser.rb (0.6.0) i18n (0.6.11) - journey (1.0.4) jquery-fileupload-rails (0.4.1) actionpack (>= 3.1) railties (>= 3.1) @@ -153,18 +149,20 @@ GEM mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) - mailcatcher (0.5.12) - activesupport (~> 3.0) - eventmachine (~> 1.0.0) - haml (>= 3.1, < 5) - mail (~> 2.3) - sinatra (~> 1.2) - skinny (~> 0.2.3) - sqlite3 (~> 1.3) - thin (~> 1.5.0) + mailcatcher (0.2.4) + eventmachine + haml + i18n + json + mail + sinatra + skinny (>= 0.1.2) + sqlite3-ruby + thin method_source (0.8.2) mime-types (1.25.1) mini_portile (0.5.3) + minitest (4.7.5) multi_json (1.10.1) multi_test (0.1.1) mysql2 (0.3.16) @@ -178,43 +176,37 @@ GEM polyglot (0.3.5) powder (0.2.1) thor (>= 0.11.5) + protected_attributes (1.0.8) + activemodel (>= 4.0.1, < 5.0) pry (0.10.1) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) - rack (1.4.5) - rack-cache (1.2) - rack (>= 0.4) + rack (1.5.2) rack-livereload (0.3.15) rack rack-protection (1.5.3) rack - rack-ssl (1.3.4) - rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.19) - actionmailer (= 3.2.19) - actionpack (= 3.2.19) - activerecord (= 3.2.19) - activeresource (= 3.2.19) - activesupport (= 3.2.19) - bundler (~> 1.0) - railties (= 3.2.19) - railties (3.2.19) - actionpack (= 3.2.19) - activesupport (= 3.2.19) - rack-ssl (~> 1.3.2) + rails (4.0.9) + actionmailer (= 4.0.9) + actionpack (= 4.0.9) + activerecord (= 4.0.9) + activesupport (= 4.0.9) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.9) + sprockets-rails (~> 2.0) + railties (4.0.9) + actionpack (= 4.0.9) + activesupport (= 4.0.9) rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) + thor (>= 0.18.1, < 2.0) raindrops (0.13.0) rake (10.3.2) rb-fsevent (0.9.4) rb-inotify (0.9.5) ffi (>= 0.5.0) - rdoc (3.12.2) - json (~> 1.4) ref (1.0.5) rspec (2.14.1) rspec-core (~> 2.14.0) @@ -237,11 +229,12 @@ GEM sexp_processor (~> 4.0) ruby_parser (3.5.0) sexp_processor (~> 4.1) - sass (3.4.3) - sass-rails (3.2.6) - railties (~> 3.2.0) - sass (>= 3.1.10) - tilt (~> 1.3) + sass (3.2.19) + sass-rails (4.0.3) + railties (>= 4.0.0, < 5.0) + sass (~> 3.2.0) + sprockets (~> 2.8, <= 2.11.0) + sprockets-rails (~> 2.0) sexp_processor (4.4.4) simplecov (0.9.0) docile (~> 1.1.0) @@ -259,12 +252,18 @@ GEM temple (~> 0.6.6) tilt (>= 1.3.3, < 2.1) slop (3.6.0) - sprockets (2.2.2) + sprockets (2.11.0) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.1.4) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) sqlite3 (1.3.9) + sqlite3-ruby (1.3.3) + sqlite3 (>= 1.3.3) temple (0.6.8) terminal-table (1.4.5) therubyracer (0.12.1) @@ -275,6 +274,7 @@ GEM eventmachine (>= 0.12.6) rack (>= 1.0.0) thor (0.19.1) + thread_safe (0.3.4) tilt (1.4.1) timers (4.0.0) hitimes @@ -323,9 +323,10 @@ DEPENDENCIES mysql2 poltergeist powder + protected_attributes pry rack-livereload - rails (= 3.2.19) + rails (= 4.0.9) rb-fsevent rspec-rails (= 2.14.2) sass-rails diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 055e9c5..62c228a 100755 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -1,5 +1,5 @@ class AdminController < ApplicationController - before_filter :administrative, :if => :admin_param, :except => [:get_user] + before_action :administrative, :if => :admin_param, :except => [:get_user] skip_before_filter :has_info def dashboard diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3a58ed4..9524491 100755 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,5 @@ class ApplicationController < ActionController::Base - before_filter :authenticated, :has_info, :create_analytic, :mailer_options + before_action :authenticated, :has_info, :create_analytic, :mailer_options helper_method :current_user, :is_admin?, :sanitize_font # Our security guy keep talking about sea-surfing, cool story bro. diff --git a/config/application.rb b/config/application.rb index 25ef3f4..7a2e9d3 100755 --- a/config/application.rb +++ b/config/application.rb @@ -2,12 +2,7 @@ require File.expand_path('../boot', __FILE__) require 'rails/all' -if defined?(Bundler) - # If you precompile assets before deploying to production, use this line - Bundler.require(*Rails.groups(:assets => %w(development test mysql))) - # If you want your assets lazily compiled in production, use this line - # Bundler.require(:default, :assets, Rails.env) -end +Bundler.require(:default, Rails.env) module Railsgoat class Application < Rails::Application @@ -47,12 +42,6 @@ module Railsgoat # like if you have constraints or database-specific column types # config.active_record.schema_format = :sql - # Enforce whitelist mode for mass assignment. - # This will create an empty whitelist of attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly whitelist or blacklist accessible - # parameters by using an attr_accessible or attr_protected declaration. - config.active_record.whitelist_attributes = false - # Enable the asset pipeline config.assets.enabled = true diff --git a/config/boot.rb b/config/boot.rb index 4489e58..5e5f0c1 100755 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,6 +1,4 @@ -require 'rubygems' - # Set up gems listed in the Gemfile. ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) -require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE']) +require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) diff --git a/config/environment.rb b/config/environment.rb index 64c26bc..e3ae560 100755 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,5 @@ -# Load the rails application +# Load the Rails application. require File.expand_path('../application', __FILE__) -# Initialize the rails application +# Initialize the Rails application. Railsgoat::Application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb index 1c25474..ed6116c 100755 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -22,9 +22,6 @@ Railsgoat::Application.configure do # Only use best-standards-support built into browsers config.action_dispatch.best_standards_support = :builtin - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - # Log the query plan for queries taking more than this (works # with SQLite, MySQL, and PostgreSQL) config.active_record.auto_explain_threshold_in_seconds = 0.5 @@ -50,4 +47,7 @@ Railsgoat::Application.configure do :host => 'railsgoat.dev', :ignore => [ %r{dont/modify\.html$} ] ) + + # For Rails 4.0+ + config.eager_load = false end diff --git a/config/environments/mysql.rb b/config/environments/mysql.rb index 9ff11cf..04ffd34 100755 --- a/config/environments/mysql.rb +++ b/config/environments/mysql.rb @@ -22,9 +22,6 @@ Railsgoat::Application.configure do # Only use best-standards-support built into browsers config.action_dispatch.best_standards_support = :builtin - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - # Log the query plan for queries taking more than this (works # with SQLite, MySQL, and PostgreSQL) config.active_record.auto_explain_threshold_in_seconds = 0.5 diff --git a/config/environments/production.rb b/config/environments/production.rb index 5917335..1ada3e1 100755 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -64,4 +64,7 @@ Railsgoat::Application.configure do # Log the query plan for queries taking more than this (works # with SQLite, MySQL, and PostgreSQL) # config.active_record.auto_explain_threshold_in_seconds = 0.5 + + # For Rails 4.0+ + config.eager_load = true end diff --git a/config/environments/test.rb b/config/environments/test.rb index 71d265d..899e600 100755 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -11,9 +11,6 @@ Railsgoat::Application.configure do config.serve_static_assets = true config.static_cache_control = "public, max-age=3600" - # Log error messages when you accidentally call methods on nil - config.whiny_nils = true - # Show full error reports and disable caching config.consider_all_requests_local = true config.action_controller.perform_caching = false @@ -29,9 +26,9 @@ Railsgoat::Application.configure do # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - # Print deprecation notices to the stderr config.active_support.deprecation = :stderr + + # For Rails 4.0+ + config.eager_load = false end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb new file mode 100644 index 0000000..4a994e1 --- /dev/null +++ b/config/initializers/filter_parameter_logging.rb @@ -0,0 +1,4 @@ +# Be sure to restart your server when you modify this file. + +# Configure sensitive parameters which will be filtered from the log file. +Rails.application.config.filter_parameters += [:password] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index 5d8d9be..ac033bf 100755 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -1,15 +1,16 @@ # Be sure to restart your server when you modify this file. -# Add new inflection rules using the following format -# (all these examples are active by default): -# ActiveSupport::Inflector.inflections do |inflect| +# Add new inflection rules using the following format. Inflections +# are locale specific, and you may define rules for as many different +# locales as you wish. All of these examples are active by default: +# ActiveSupport::Inflector.inflections(:en) do |inflect| # inflect.plural /^(ox)$/i, '\1en' # inflect.singular /^(ox)en/i, '\1' # inflect.irregular 'person', 'people' # inflect.uncountable %w( fish sheep ) # end -# + # These inflection rules are supported but not enabled by default: -# ActiveSupport::Inflector.inflections do |inflect| +# ActiveSupport::Inflector.inflections(:en) do |inflect| # inflect.acronym 'RESTful' # end diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 1d9d83c..6bae38e 100755 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -5,3 +5,4 @@ # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. Railsgoat::Application.config.secret_token = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4' +Railsgoat::Application.config.secret_key_base = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4' diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 045db16..a60be40 100755 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,8 +1,3 @@ # Be sure to restart your server when you modify this file. -Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session', httponly: false - -# Use the database for sessions instead of the cookie-based default, -# which shouldn't be used to store highly confidential information -# (create the session table with "rails generate session_migration") -# Railsgoat::Application.config.session_store :active_record_store +Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session' diff --git a/config/locales/en.yml b/config/locales/en.yml index 179c14c..0653957 100755 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1,5 +1,23 @@ -# Sample localization file for English. Add more files in this directory for other locales. -# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. +# Files in the config/locales directory are used for internationalization +# and are automatically loaded by Rails. If you want to use locales other +# than English, add the necessary files in this directory. +# +# To use the locales, use `I18n.t`: +# +# I18n.t 'hello' +# +# In views, this is aliased to just `t`: +# +# <%= t('hello') %> +# +# To use a different locale, set it with `I18n.locale`: +# +# I18n.locale = :es +# +# This would use the information in config/locales/es.yml. +# +# To learn more, please read the Rails Internationalization guide +# available at http://guides.rubyonrails.org/i18n.html. en: hello: "Hello world" diff --git a/config/routes.rb b/config/routes.rb index 35ef733..7c1212a 100755 --- a/config/routes.rb +++ b/config/routes.rb @@ -3,7 +3,7 @@ Railsgoat::Application.routes.draw do get "login" => "sessions#new" get "signup" => "users#new" get "logout" => "sessions#destroy" - match "forgot_password" => "password_resets#forgot_password" + get "forgot_password" => "password_resets#forgot_password" get "password_resets" => "password_resets#confirm_token" post "password_resets" => "password_resets#reset_password" @@ -80,7 +80,7 @@ Railsgoat::Application.routes.draw do get "dashboard" get "get_user" post "delete_user" - put "update_user" + patch "update_user" get "get_all_users" get "analytics" end diff --git a/vendor/plugins/.gitkeep b/vendor/plugins/.gitkeep deleted file mode 100755 index e69de29..0000000