diff --git a/spec/support/capybara_shared.rb b/spec/support/capybara_shared.rb index 1b8d218..c0c2082 100644 --- a/spec/support/capybara_shared.rb +++ b/spec/support/capybara_shared.rb @@ -39,7 +39,7 @@ def login(user) visit "/" fill_in "email", with: user.email fill_in "password", with: user.clear_password - click_button "Login" + find("input[type='submit'][value='Login']").click end # Configure Selenium with headless Chrome for JavaScript testing diff --git a/spec/vulnerabilities/broken_auth_spec.rb b/spec/vulnerabilities/broken_auth_spec.rb index 8a1f347..4a89b0f 100644 --- a/spec/vulnerabilities/broken_auth_spec.rb +++ b/spec/vulnerabilities/broken_auth_spec.rb @@ -14,26 +14,18 @@ feature "broken_auth" do wrong_email = normal_user.email + "not" visit "/" - within(".signup") do - fill_in "email", with: wrong_email - fill_in "password", with: normal_user.clear_password - end - within(".actions") do - click_on "Login" - end + fill_in "email", with: wrong_email + fill_in "password", with: normal_user.clear_password + find("input[type='submit'][value='Login']").click expect(find("div#flash_notice").text).not_to include(wrong_email) end scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do visit "/" - within(".signup") do - fill_in "email", with: normal_user.email - fill_in "password", with: normal_user.clear_password + "not" - end - within(".actions") do - click_on "Login" - end + fill_in "email", with: normal_user.email + fill_in "password", with: normal_user.clear_password + "not" + find("input[type='submit'][value='Login']").click expect(find("div#flash_notice").text).not_to include("Incorrect Password!") end diff --git a/spec/vulnerabilities/password_complexity_spec.rb b/spec/vulnerabilities/password_complexity_spec.rb index 79da0a2..b1b4c6e 100644 --- a/spec/vulnerabilities/password_complexity_spec.rb +++ b/spec/vulnerabilities/password_complexity_spec.rb @@ -13,14 +13,12 @@ feature "password complexity" do new_user_email = normal_user.email + "two" visit "/signup" - within(".signup") do - fill_in "user_email", with: new_user_email - fill_in "user_first_name", with: normal_user.first_name - fill_in "user_last_name", with: normal_user.last_name + "not" - fill_in "user_password", with: "password" - fill_in "user_password_confirmation", with: "password" - end - click_on "Submit" + fill_in "email", with: new_user_email + fill_in "first_name", with: normal_user.first_name + fill_in "last_name", with: normal_user.last_name + "not" + fill_in "password", with: "password" + fill_in "password_confirmation", with: "password" + click_on "Create Account" expect(User.find_by(email: new_user_email)).to be_nil expect(current_path).to eq("/signup") diff --git a/spec/vulnerabilities/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb index 97b9627..724c256 100644 --- a/spec/vulnerabilities/unvalidated_redirects_spec.rb +++ b/spec/vulnerabilities/unvalidated_redirects_spec.rb @@ -12,13 +12,9 @@ feature "unvalidated redirect" do scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", js: true do visit "/?url=http://example.com/do/evil/things" - within(".signup") do - fill_in "email", with: normal_user.email - fill_in "password", with: normal_user.clear_password - end - within(".actions") do - click_on "Login" - end + fill_in "email", with: normal_user.email + fill_in "password", with: normal_user.clear_password + find("input[type='submit'][value='Login']").click expect(current_url).to start_with("http://127.0.0.1") expect(current_path).to eq("/dashboard/home")