From 51aa8701f229b99235af74676cf36fde03f07bcb Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@Kens-MacBook-Pro.local>
Date: Thu, 23 May 2013 16:55:27 -0400
Subject: [PATCH] refactoring tutorial instances into partials for
 extensibility

---
 .../crypto/_password_hashing.html.erb         |  67 +++++++++++
 .../tutorial/csrf/_csrf_first.html.erb        | 103 +++++++++++++++++
 app/views/tutorials/crypto.html.erb           |  72 +-----------
 app/views/tutorials/csrf.html.erb             | 108 +-----------------
 4 files changed, 176 insertions(+), 174 deletions(-)
 create mode 100644 app/views/layouts/tutorial/crypto/_password_hashing.html.erb
 create mode 100644 app/views/layouts/tutorial/csrf/_csrf_first.html.erb

diff --git a/app/views/layouts/tutorial/crypto/_password_hashing.html.erb b/app/views/layouts/tutorial/crypto/_password_hashing.html.erb
new file mode 100644
index 0000000..acd4113
--- /dev/null
+++ b/app/views/layouts/tutorial/crypto/_password_hashing.html.erb
@@ -0,0 +1,67 @@
+<div class="widget">
+    <div class="widget-header">
+      <div class="title">
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A7 - Insecure Cryptographic Storage
+      </div>
+    </div>
+    <div class="widget-body">
+      <div id="accordion1" class="accordion no-margin">
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapseOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-info icon-white">
+              </i>
+              Description
+            </a>
+          </div>
+          <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
+            <div class="accordion-inner">
+              Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
+            </div>
+          </div>
+        </div>
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapseTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-bug icon-white">
+              </i>
+              Bug
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapseTwo" style="height: 0px;">
+            <div class="accordion-inner">
+              Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
+            </div>
+          </div>
+        </div>
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapseThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-lightning icon-white">
+              </i>
+              Solution
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapseThree" style="height: 0px;">
+            <div class="accordion-inner">
+              Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
+            </div>
+          </div>
+        </div>
+		<div class="accordion-group">
+          <div class="accordion-heading">
+            <a  style="background-color: rgb(181, 121, 158)" href="#collapseFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-aid icon-white">
+              </i>
+              Hint
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapseFour" style="height: 0px;">
+            <div class="accordion-inner">
+              Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
\ No newline at end of file
diff --git a/app/views/layouts/tutorial/csrf/_csrf_first.html.erb b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
new file mode 100644
index 0000000..e56c42e
--- /dev/null
+++ b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
@@ -0,0 +1,103 @@
+<div class="widget">
+    <div class="widget-header">
+      <div class="title">
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A5 - Cross Site Request Forgery (CSRF)
+      </div>
+    </div>
+    <div class="widget-body">
+      <div id="accordion1" class="accordion no-margin">
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapseOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-info icon-white">
+              </i>
+              Description
+            </a>
+          </div>
+          <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
+            <div class="accordion-inner">
+              <p>A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.</p>
+            </div>
+          </div>
+        </div>
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapseTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-bug icon-white">
+              </i>
+              Bug
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapseTwo" style="height: 0px;">
+            <div class="accordion-inner">
+              <p><b>Cross-Site Request Forgery (CSRF) - The following code was taken from: /app/controllers/application_controller.rb and /app/views/layouts/application.html.erb</b></p>
+			  <p>application_controller.rb<<p>
+			  <p>
+			     <pre class="ruby">
+				 # Our security guy keep talking about sea-surfing, cool story bro.
+				 # protect_from_forgery
+				</pre>
+					
+			  </p>
+			  <p> application.html.erb </p>
+			  <p>
+				  <pre class="ruby">
+					<%= @meta_code_bad %>
+				  </pre>
+			  </p>
+            </div>
+          </div>
+        </div>
+        <div class="accordion-group">
+          <div class="accordion-heading">
+            <a href="#collapseThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-lightning icon-white">
+              </i>
+              Solution
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapseThree" style="height: 0px;">
+            <div class="accordion-inner">
+              <p><b> Cross-Site Request Forgery ATTACK:</b></p>
+				<p>
+					Save this content to an .html file and open it...
+				</p>
+			   	<p>
+					<font face="Courier New" style="color: rgb(69, 126, 136)">
+						<%= 
+			   				%{
+			   					
+			   				} 
+			   			%>
+					</font>
+				</p>
+				
+			  <p><b> Cross-Site Request Forgery SOLUTION:</b></p>
+			  <p>
+				 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. The solution around the JS problem is to add the following code within the header section of the application.html.erb file (or any other application layout file).
+			 </p>
+				<p>
+					<pre class="ruby">
+						<%= @meta_code_good %>
+					</pre>
+			  </p>
+            </div>
+          </div>
+        </div>
+      	<div class="accordion-group">
+          <div class="accordion-heading">
+            <a  style="background-color: rgb(181, 121, 158)" href="#collapseFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+              <i class="icon-aid icon-white">
+              </i>
+              Hint
+            </a>
+          </div>
+          <div class="accordion-body collapse" id="collapseFour" style="height: 0px;">
+            <div class="accordion-inner">
+              Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
+            </div>
+          </div>
+        </div>
+	 </div>
+    </div>
+  </div>
\ No newline at end of file
diff --git a/app/views/tutorials/crypto.html.erb b/app/views/tutorials/crypto.html.erb
index 2ab0279..e04656c 100644
--- a/app/views/tutorials/crypto.html.erb
+++ b/app/views/tutorials/crypto.html.erb
@@ -1,75 +1,9 @@
 <div class="dashboard-wrapper">
 	<div class="main-container">
 		<div class="row-fluid">
-		    <div class="span12">
-		      <div class="widget">
-		        <div class="widget-header">
-		          <div class="title">
-		            <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A7 - Insecure Cryptographic Storage
-		          </div>
-		        </div>
-		        <div class="widget-body">
-		          <div id="accordion1" class="accordion no-margin">
-		            <div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a href="#collapseOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-info icon-white">
-		                  </i>
-		                  Description
-		                </a>
-		              </div>
-		              <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
-		                <div class="accordion-inner">
-		                  Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
-		                </div>
-		              </div>
-		            </div>
-		            <div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a href="#collapseTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-bug icon-white">
-		                  </i>
-		                  Bug
-		                </a>
-		              </div>
-		              <div class="accordion-body collapse" id="collapseTwo" style="height: 0px;">
-		                <div class="accordion-inner">
-		                  Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
-		                </div>
-		              </div>
-		            </div>
-		            <div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a href="#collapseThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-lightning icon-white">
-		                  </i>
-		                  Solution
-		                </a>
-		              </div>
-		              <div class="accordion-body collapse" id="collapseThree" style="height: 0px;">
-		                <div class="accordion-inner">
-		                  Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
-		                </div>
-		              </div>
-		            </div>
-					<div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a  style="background-color: rgb(181, 121, 158)" href="#collapseFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-aid icon-white">
-		                  </i>
-		                  Hint
-		                </a>
-		              </div>
-		              <div class="accordion-body collapse" id="collapseFour" style="height: 0px;">
-		                <div class="accordion-inner">
-		                  Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
-		                </div>
-		              </div>
-		            </div>
-		          </div>
-		        </div>
-		      </div>
-		    </div>
+		    <div class="span12">  <!-- Beginning of span-->
+		       <%= render :partial => "layouts/tutorial/crypto/password_hashing" %>
+		    </div> <!-- End of span-->
 		</div>
 	</div>
 </div>
diff --git a/app/views/tutorials/csrf.html.erb b/app/views/tutorials/csrf.html.erb
index 287f244..ad8d961 100644
--- a/app/views/tutorials/csrf.html.erb
+++ b/app/views/tutorials/csrf.html.erb
@@ -1,111 +1,9 @@
 <div class="dashboard-wrapper">
 	<div class="main-container">
 		<div class="row-fluid">
-		    <div class="span12">
-		      <div class="widget">
-		        <div class="widget-header">
-		          <div class="title">
-		            <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A5 - Cross Site Request Forgery (CSRF)
-		          </div>
-		        </div>
-		        <div class="widget-body">
-		          <div id="accordion1" class="accordion no-margin">
-		            <div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a href="#collapseOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-info icon-white">
-		                  </i>
-		                  Description
-		                </a>
-		              </div>
-		              <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
-		                <div class="accordion-inner">
-		                  <p>A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.</p>
-		                </div>
-		              </div>
-		            </div>
-		            <div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a href="#collapseTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-bug icon-white">
-		                  </i>
-		                  Bug
-		                </a>
-		              </div>
-		              <div class="accordion-body collapse" id="collapseTwo" style="height: 0px;">
-		                <div class="accordion-inner">
-		                  <p><b>Cross-Site Request Forgery (CSRF) - The following code was taken from: /app/controllers/application_controller.rb and /app/views/layouts/application.html.erb</b></p>
-						  <p>application_controller.rb<<p>
-						  <p>
-						     <pre class="ruby">
-							 # Our security guy keep talking about sea-surfing, cool story bro.
-							 # protect_from_forgery
-							</pre>
-								
-						  </p>
-						  <p> application.html.erb </p>
-						  <p>
-							  <pre class="ruby">
-								<%= @meta_code_bad %>
-							  </pre>
-						  </p>
-		                </div>
-		              </div>
-		            </div>
-		            <div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a href="#collapseThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-lightning icon-white">
-		                  </i>
-		                  Solution
-		                </a>
-		              </div>
-		              <div class="accordion-body collapse" id="collapseThree" style="height: 0px;">
-		                <div class="accordion-inner">
-		                  <p><b> Cross-Site Request Forgery ATTACK:</b></p>
-							<p>
-								Save this content to an .html file and open it...
-							</p>
-						   	<p>
-								<font face="Courier New" style="color: rgb(69, 126, 136)">
-									<%= 
-						   				%{
-						   					
-						   				} 
-						   			%>
-								</font>
-							</p>
-							
-						  <p><b> Cross-Site Request Forgery SOLUTION:</b></p>
-						  <p>
-							 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. The solution around the JS problem is to add the following code within the header section of the application.html.erb file (or any other application layout file).
-						 </p>
-							<p>
-								<pre class="ruby">
-									<%= @meta_code_good %>
-								</pre>
-						  </p>
-		                </div>
-		              </div>
-		            </div>
-		          	<div class="accordion-group">
-		              <div class="accordion-heading">
-		                <a  style="background-color: rgb(181, 121, 158)" href="#collapseFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-		                  <i class="icon-aid icon-white">
-		                  </i>
-		                  Hint
-		                </a>
-		              </div>
-		              <div class="accordion-body collapse" id="collapseFour" style="height: 0px;">
-		                <div class="accordion-inner">
-		                  Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
-		                </div>
-		              </div>
-		            </div>
-				 </div>
-		        </div>
-		      </div>
-		    </div>
+		    <div class="span12"> <!-- Begin Span12-->
+		       <%= render :partial => "layouts/tutorial/csrf/csrf_first"%>
+		    </div> <!-- End Span12-->
 		</div>
 	</div>
 </div>