team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix remaining CSS selector and form field issues from UI/UX overhaul

Browse Source 
This addresses the remaining test failures @jasnow reported in issue #486.

Fixes:
1. Ambiguous Login button - Changed from click_button "Login" to
   find("input[type='submit'][value='Login']").click to specifically
   target the form submit button and avoid the header Login button

2. Fixed password_complexity_spec field names:
   - user_email → email
   - user_first_name → first_name
   - user_last_name → last_name
   - user_password → password
   - user_password_confirmation → password_confirmation
   - Submit → Create Account (correct button text)

3. Applied same selector fix to login helper in capybara_shared.rb

These changes complete the test suite fixes for the new UI that was
introduced in the file upload UX improvements.

Related: #486

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Ken Johnson
2026-01-05 08:21:46 -05:00
parent 48e04c4c28
commit 5dd05249ec
4 changed files with 16 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/vulnerabilities/broken_auth_spec.rb
+6 -14
View File
@@ -14,26 +14,18 @@ feature "broken_auth" do
wrong_email = normal_user.email + "not"
visit "/"
within(".signup") do
fill_in "email", with: wrong_email
fill_in "password", with: normal_user.clear_password
end
within(".actions") do
click_on "Login"
end
fill_in "email", with: wrong_email
fill_in "password", with: normal_user.clear_password
find("input[type='submit'][value='Login']").click
expect(find("div#flash_notice").text).not_to include(wrong_email)
end
scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
visit "/"
within(".signup") do
fill_in "email", with: normal_user.email
fill_in "password", with: normal_user.clear_password + "not"
end
within(".actions") do
click_on "Login"
end
fill_in "email", with: normal_user.email
fill_in "password", with: normal_user.clear_password + "not"
find("input[type='submit'][value='Login']").click
expect(find("div#flash_notice").text).not_to include("Incorrect Password!")
end