diff --git a/.rubocop.yml b/.rubocop.yml
index 6c1c91e..77b4529 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -3,3 +3,7 @@ inherit_gem:
- config/default.yml
- config/rails.yml
+
+Rails/OutputSafety:
+ Exclude:
+ - 'app/controllers/password_resets_controller.rb'
diff --git a/Gemfile b/Gemfile
index 669643a..ef6191f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,91 +1,62 @@
-source 'https://rubygems.org'
+# frozen_string_literal: true
+source "https://rubygems.org"
#don't upgrade
-gem 'rails', '5.1.4'
+gem "rails", "5.1.4"
-ruby '2.4.2'
+ruby "2.4.2"
-gem 'rake'
-gem 'rails-perftest'
-gem 'ruby-prof'
-
-# Bundle edge Rails instead:
-# gem 'rails', git: 'https://github.com/rails/rails'
-
-gem 'sqlite3'
-gem 'foreman'
-
-# Pry for Rails, not in dev group in case running via prod/staging @ a training
-gem 'pry-rails'
-
-group :development, :mysql do
- gem 'brakeman'
- gem 'bundler-audit'
- gem 'guard-brakeman'
- gem 'guard-livereload'
- gem 'guard-rspec'
- gem 'guard-shell'
- gem 'pry'
- gem 'rack-livereload'
- gem 'rb-fsevent'
- gem 'travis-lint'
- gem 'better_errors'
- gem 'binding_of_caller'
- gem "rubocop-github"
-end
-
-gem 'simplecov', :require => false, :group => :test
-
-group :development, :test, :mysql do
- gem 'launchy'
- gem 'capybara'
- gem 'database_cleaner'
- gem 'poltergeist'
- gem 'rspec-rails'
- gem 'test-unit'
-end
-
-group :mysql do
- gem 'mysql2'
-end
-
-# Gems used only for assets and not required
-# in production environments by default.
-gem 'sass-rails'
-gem 'coffee-rails'
-gem 'jquery-fileupload-rails'
-gem 'uglifier'
-gem 'turbolinks'
-
-# See https://github.com/sstephenson/execjs#readme for more supported runtimes
-# gem 'therubyracer', :platforms => :ruby
-
-gem 'jquery-rails'
-
-# To use ActiveModel has_secure_password
- gem 'bcrypt'
-
-# Use unicorn as the app server
- gem 'unicorn'
-
-# Pow related gem
-gem 'powder'
-
-gem 'aruba'
-gem 'execjs'
-gem 'therubyracer'
+gem "aruba"
+gem "bcrypt"
+gem "coffee-rails"
+gem "execjs"
+gem "foreman"
+gem "jquery-fileupload-rails"
+gem "jquery-rails"
+gem "minitest"
+gem "powder" # Pow related gem
+gem "pry-rails" # not in dev group in case running via prod/staging @ a training
+gem "rails-perftest"
+gem "rake"
+gem "responders" #For Rails 4.2
+gem "ruby-prof"
+gem "sass-rails"
+gem "simplecov", require: false, group: :test
+gem "sqlite3"
+gem "therubyracer"
+gem "turbolinks"
+gem "uglifier"
+gem "unicorn"
# Add SMTP server support using MailCatcher
# NOTE: https://github.com/sj26/mailcatcher#bundler
# gem 'mailcatcher'
-#For Rails 4.0
-#group :doc do
-# # bundle exec rails doc:rails generates the API under doc/api.
-# gem 'sdoc', require: false
-#end
+group :development, :mysql do
+ gem "better_errors"
+ gem "binding_of_caller"
+ gem "brakeman"
+ gem "bundler-audit"
+ gem "guard-brakeman"
+ gem "guard-livereload"
+ gem "guard-rspec"
+ gem "guard-shell"
+ gem "pry"
+ gem "rack-livereload"
+ gem "rb-fsevent"
+ gem "rubocop-github"
+ gem "travis-lint"
+end
-#For Rails 4.2
-gem 'responders'
+group :development, :test, :mysql do
+ gem "capybara"
+ gem "database_cleaner"
+ gem "launchy"
+ gem "poltergeist"
+ gem "rspec-rails"
+ gem "test-unit"
+end
-gem "minitest"
+group :mysql do
+ gem "mysql2"
+end
diff --git a/Guardfile b/Guardfile
index af80ae3..ed193e5 100755
--- a/Guardfile
+++ b/Guardfile
@@ -1,18 +1,19 @@
+# frozen_string_literal: true
# A sample Guardfile
# More info at https://github.com/guard/guard#readme
-guard 'brakeman', :run_on_start => true do
+guard "brakeman", run_on_start: true do
watch(%r{^app/.+\.(erb|haml|rhtml|rb)$})
watch(%r{^config/.+\.rb$})
watch(%r{^lib/.+\.rb$})
- watch('Gemfile')
+ watch("Gemfile")
end
guard :shell do
- watch(%r{^Gemfile|Gemfile.lock$}) { system("bundle-audit")}
+ watch(%r{^Gemfile|Gemfile.lock$}) { system("bundle-audit")}
end
-guard 'livereload', host: "railsgoat.dev", port: '35727' do
+guard "livereload", host: "railsgoat.dev", port: "35727" do
watch(%r{app/views/.+\.(erb|haml|slim)$})
watch(%r{app/helpers/.+\.rb})
watch(%r{public/.+\.(css|js|html)})
@@ -22,24 +23,23 @@ guard 'livereload', host: "railsgoat.dev", port: '35727' do
end
-guard 'rspec' do
+guard "rspec" do
watch(%r{^spec/.+_spec\.rb$})
watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
- watch('spec/spec_helper.rb') { "spec" }
+ watch("spec/spec_helper.rb") { "spec" }
# Rails example
watch(%r{^app/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
watch(%r{^app/(.*)(\.erb|\.haml)$}) { |m| "spec/#{m[1]}#{m[2]}_spec.rb" }
watch(%r{^app/controllers/(.+)_(controller)\.rb$}) { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
watch(%r{^spec/support/(.+)\.rb$}) { "spec" }
- watch('config/routes.rb') { "spec/routing" }
- watch('app/controllers/application_controller.rb') { "spec/controllers" }
+ watch("config/routes.rb") { "spec/routing" }
+ watch("app/controllers/application_controller.rb") { "spec/controllers" }
# Capybara features specs
watch(%r{^app/views/(.+)/.*\.(erb|haml)$}) { |m| "spec/features/#{m[1]}_spec.rb" }
# Turnip features and steps
watch(%r{^spec/acceptance/(.+)\.feature$})
- watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'spec/acceptance' }
+ watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || "spec/acceptance" }
end
-
diff --git a/Rakefile b/Rakefile
index e85f913..4237d41 100755
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,7 @@
+# frozen_string_literal: true
# Add your own tasks in files placed in lib/tasks ending in .rake,
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
-require_relative 'config/application'
+require_relative "config/application"
Rails.application.load_tasks
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index f009299..ba5c335 100755
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -1,6 +1,8 @@
+# frozen_string_literal: true
class AdminController < ApplicationController
- before_action :administrative, :if => :admin_param, :except => [:get_user]
+ before_action :administrative, if: :admin_param, except: [:get_user]
skip_before_action :has_info
+ layout false, only: [:get_all_users, :get_user]
def dashboard
end
@@ -21,14 +23,12 @@ class AdminController < ApplicationController
def get_all_users
@users = User.all
- render layout: false
end
def get_user
@user = User.find_by_id(params[:admin_id].to_s)
arr = ["true", "false"]
@admin_select = @user.admin ? arr : arr.reverse
- render layout: false
end
def update_user
@@ -41,7 +41,7 @@ class AdminController < ApplicationController
message = true
end
respond_to do |format|
- format.json { render :json => { :msg => message ? "success" : "failure"} }
+ format.json { render json: { msg: message ? "success" : "failure"} }
end
end
@@ -54,7 +54,7 @@ class AdminController < ApplicationController
message = true
end
respond_to do |format|
- format.json { render :json => { :msg => message ? "success" : "failure"} }
+ format.json { render json: { msg: message ? "success" : "failure"} }
end
end
@@ -66,6 +66,6 @@ class AdminController < ApplicationController
helper_method :custom_fields
def admin_param
- params[:admin_id] != '1'
+ params[:admin_id] != "1"
end
end
diff --git a/app/controllers/api/v1/mobile_controller.rb b/app/controllers/api/v1/mobile_controller.rb
index e4aae15..90faf6a 100644
--- a/app/controllers/api/v1/mobile_controller.rb
+++ b/app/controllers/api/v1/mobile_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class Api::V1::MobileController < ApplicationController
skip_before_action :authenticated
before_action :mobile_request?
diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb
index 20fb4eb..1383e9e 100644
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class Api::V1::UsersController < ApplicationController
skip_before_action :authenticated
before_action :valid_api_token
@@ -24,7 +25,7 @@ class Api::V1::UsersController < ApplicationController
end
end
- def identify_user(token="")
+ def identify_user(token = "")
# We've had issues with URL encoding, etc. causing issues so just to be safe
# we will go ahead and unescape the user's token
unescape_token(token)
@@ -42,7 +43,7 @@ class Api::V1::UsersController < ApplicationController
# We had some issues with the token and url encoding...
# this is an attempt to normalize the data.
- def unescape_token(token="")
+ def unescape_token(token = "")
@clean_token = CGI::unescape(token)
end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 102b900..e0305f4 100755
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class ApplicationController < ActionController::Base
before_action :authenticated, :has_info, :create_analytic, :mailer_options
helper_method :current_user, :is_admin?, :sanitize_font
@@ -22,8 +23,8 @@ class ApplicationController < ActionController::Base
end
def authenticated
- path = request.fullpath.present? ? root_url(:url => request.fullpath) : root_url
- redirect_to path and reset_session if not current_user
+ path = request.fullpath.present? ? root_url(url: request.fullpath) : root_url
+ redirect_to path and reset_session if !current_user
end
def is_admin?
@@ -31,7 +32,7 @@ class ApplicationController < ActionController::Base
end
def administrative
- if not is_admin?
+ if !is_admin?
redirect_to root_url
end
end
@@ -51,7 +52,7 @@ class ApplicationController < ActionController::Base
end
def create_analytic
- Analytics.create({ :ip_address => request.remote_ip, :referrer => request.referrer, :user_agent => request.user_agent})
+ Analytics.create({ ip_address: request.remote_ip, referrer: request.referrer, user_agent: request.user_agent})
end
def sanitize_font(css)
diff --git a/app/controllers/benefit_forms_controller.rb b/app/controllers/benefit_forms_controller.rb
index 2909769..2f59d72 100644
--- a/app/controllers/benefit_forms_controller.rb
+++ b/app/controllers/benefit_forms_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class BenefitFormsController < ApplicationController
def index
@@ -8,9 +9,9 @@ class BenefitFormsController < ApplicationController
begin
path = params[:name]
file = params[:type].constantize.new(path)
- send_file file, :disposition => 'attachment'
+ send_file file, disposition: "attachment"
rescue
- redirect_to user_benefit_forms_path(:user_id => current_user.user_id)
+ redirect_to user_benefit_forms_path(user_id: current_user.user_id)
end
end
@@ -22,7 +23,7 @@ class BenefitFormsController < ApplicationController
else
flash[:error] = "Something went wrong"
end
- redirect_to user_benefit_forms_path(:user_id => current_user.user_id)
+ redirect_to user_benefit_forms_path(user_id: current_user.user_id)
end
end
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index 0c19f07..5e5f698 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -1,5 +1,7 @@
+# frozen_string_literal: true
class DashboardController < ApplicationController
skip_before_action :has_info
+ layout false, only: [:change_graph]
def home
@user = current_user
@@ -12,15 +14,12 @@ class DashboardController < ApplicationController
def change_graph
self.try(params[:graph])
- end
- def bar_graph
- render :bar_graph, layout: false
+ if params[:graph] == "bar_graph"
+ render "dashboard/bar_graph"
+ else
+ @user = current_user
+ render "dashboard/pie_charts"
+ end
end
-
- def pie_charts
- @user = current_user
- render :dashboard_stats, layout: false
- end
-
end
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index 4ecb80b..b74d84b 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class MessagesController < ApplicationController
def index
@@ -7,15 +8,15 @@ class MessagesController < ApplicationController
end
def show
- @message = Message.where(:id => params[:id]).first
+ @message = Message.where(id: params[:id]).first
end
def destroy
- message = Message.where(:id => params[:id]).first
+ message = Message.where(id: params[:id]).first
if message.destroy
flash[:success] = "Your message has been deleted."
- redirect_to user_messages_path(:user_id => current_user.user_id)
+ redirect_to user_messages_path(user_id: current_user.user_id)
else
flash[:error] = "Could not delete message."
end
@@ -24,13 +25,13 @@ class MessagesController < ApplicationController
def create
if Message.create(message_params)
respond_to do |format|
- format.html { redirect_to user_messages_path(:user_id => current_user.user_id) }
- format.json { render :json => {:msg => "success"} }
+ format.html { redirect_to user_messages_path(user_id: current_user.user_id) }
+ format.json { render json: {msg: "success"} }
end
else
respond_to do |format|
format.html { redirect_to user_messages_path }
- format.json { render :json => {:msg => "failure"} }
+ format.json { render json: {msg: "failure"} }
end
end
end
diff --git a/app/controllers/paid_time_off_controller.rb b/app/controllers/paid_time_off_controller.rb
index fb63087..55a39d4 100644
--- a/app/controllers/paid_time_off_controller.rb
+++ b/app/controllers/paid_time_off_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class PaidTimeOffController < ApplicationController
def index
diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index b8178fd..6e9402c 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class PasswordResetsController < ApplicationController
skip_before_action :authenticated
@@ -18,7 +19,7 @@ class PasswordResetsController < ApplicationController
def confirm_token
if !params[:token].nil? && is_valid?(params[:token])
flash[:success] = "Password reset token confirmed! Please create a new password."
- render :reset_password
+ render "password_resets/reset_password"
else
flash[:error] = "Invalid password reset token. Please try again."
redirect_to :login
diff --git a/app/controllers/pay_controller.rb b/app/controllers/pay_controller.rb
index 6245c62..df1cd04 100644
--- a/app/controllers/pay_controller.rb
+++ b/app/controllers/pay_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class PayController < ApplicationController
def index
@@ -6,20 +7,20 @@ class PayController < ApplicationController
def update_dd_info
msg = false
pay = Pay.new(
- :bank_account_num => params[:bank_account_num],
- :bank_routing_num => params[:bank_routing_num],
- :percent_of_deposit => params[:dd_percent]
+ bank_account_num: params[:bank_account_num],
+ bank_routing_num: params[:bank_routing_num],
+ percent_of_deposit: params[:dd_percent]
)
pay.user_id = current_user.user_id
msg = true if pay.save!
respond_to do |format|
- format.json {render :json => {:msg => msg } }
+ format.json {render json: {msg: msg } }
end
end
def show
respond_to do |format|
- format.json { render :json => {:user => current_user.pay.as_json} }
+ format.json { render json: {user: current_user.pay.as_json} }
end
end
@@ -36,7 +37,7 @@ class PayController < ApplicationController
def decrypted_bank_acct_num
decrypted = Encryption.decrypt_sensitive_value(params[:value_to_decrypt])
respond_to do |format|
- format.json {render :json => {:account_num => decrypted || "No Data" }}
+ format.json {render json: {account_num: decrypted || "No Data" }}
end
end
end
diff --git a/app/controllers/performance_controller.rb b/app/controllers/performance_controller.rb
index 1ba6aa8..1508618 100644
--- a/app/controllers/performance_controller.rb
+++ b/app/controllers/performance_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class PerformanceController < ApplicationController
def index
diff --git a/app/controllers/retirement_controller.rb b/app/controllers/retirement_controller.rb
index 541b083..49ee140 100644
--- a/app/controllers/retirement_controller.rb
+++ b/app/controllers/retirement_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class RetirementController < ApplicationController
def index
diff --git a/app/controllers/schedule_controller.rb b/app/controllers/schedule_controller.rb
index d940a9d..8c14ac5 100644
--- a/app/controllers/schedule_controller.rb
+++ b/app/controllers/schedule_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class ScheduleController < ApplicationController
def create
@@ -14,7 +15,7 @@ class ScheduleController < ApplicationController
end
respond_to do |format|
- format.json {render :json => {:msg => message ? "success" : "failure" }}
+ format.json {render json: {msg: message ? "success" : "failure" }}
end
end
@@ -32,12 +33,10 @@ class ScheduleController < ApplicationController
end
rescue
end
- respond_to do |format|
- format.json do
- render :json => jfs.to_json
- end
- end
- end
+ respond_to do |format|
+ format.json { render json: jfs.to_json }
+ end
+ end
private
@@ -47,8 +46,8 @@ class ScheduleController < ApplicationController
begin
vals = []
return vals if date_array.empty?
- date_array.split('-').each do |s|
- date = Date.strptime(s.strip, '%m/%d/%Y')
+ date_array.split("-").each do |s|
+ date = Date.strptime(s.strip, "%m/%d/%Y")
vals <<(date)
end
rescue ArgumentError
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 166724f..30ed486 100755
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,6 +1,7 @@
+# frozen_string_literal: true
class SessionsController < ApplicationController
skip_before_action :has_info
- skip_before_action :authenticated, :only => [:new, :create]
+ skip_before_action :authenticated, only: [:new, :create]
def new
@url = params[:url]
@@ -12,19 +13,20 @@ class SessionsController < ApplicationController
begin
# Normalize the email address, why not
user = User.authenticate(params[:email].to_s.downcase, params[:password])
- rescue Exception => e
+ rescue RuntimeError => e
+ # don't do ANYTHING
end
if user
if params[:remember_me]
- cookies.permanent[:auth_token] = user.auth_token if User.where(:user_id => user.user_id).exists?
+ cookies.permanent[:auth_token] = user.auth_token if User.where(user_id: user.user_id).exists?
else
- session[:user_id] = user.user_id if User.where(:user_id => user.user_id).exists?
+ session[:user_id] = user.user_id if User.where(user_id: user.user_id).exists?
end
redirect_to path
else
flash[:error] = e.message
- render "new"
+ render "sessions/new"
end
end
diff --git a/app/controllers/tutorials_controller.rb b/app/controllers/tutorials_controller.rb
index 8f2f69e..039200f 100755
--- a/app/controllers/tutorials_controller.rb
+++ b/app/controllers/tutorials_controller.rb
@@ -1,9 +1,7 @@
+# frozen_string_literal: true
class TutorialsController < ApplicationController
skip_before_action :has_info
skip_before_action :authenticated
- def credentials
- render layout: false
- end
-
+ layout false, only: [:credentials]
end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8d4a8da..329904e 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,6 +1,7 @@
+# frozen_string_literal: true
class UsersController < ApplicationController
skip_before_action :has_info
- skip_before_action :authenticated, :only => [:new, :create]
+ skip_before_action :authenticated, only: [:new, :create]
def new
@user = User.new
@@ -35,12 +36,12 @@ class UsersController < ApplicationController
end
message = true if user.save!
respond_to do |format|
- format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) }
- format.json { render :json => {:msg => message ? "success" : "false "} }
+ format.html { redirect_to user_account_settings_path(user_id: current_user.user_id) }
+ format.json { render json: {msg: message ? "success" : "false "} }
end
else
flash[:error] = "Could not update user!"
- redirect_to user_account_settings_path(:user_id => current_user.user_id)
+ redirect_to user_account_settings_path(user_id: current_user.user_id)
end
end
diff --git a/app/controllers/work_info_controller.rb b/app/controllers/work_info_controller.rb
index f6d8362..31fa91c 100644
--- a/app/controllers/work_info_controller.rb
+++ b/app/controllers/work_info_controller.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class WorkInfoController < ApplicationController
def index
@user = User.find_by_user_id(params[:user_id])
diff --git a/app/helpers/admin_helper.rb b/app/helpers/admin_helper.rb
index d5c6d35..1bb959d 100755
--- a/app/helpers/admin_helper.rb
+++ b/app/helpers/admin_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module AdminHelper
end
diff --git a/app/helpers/api/v1/users_helper.rb b/app/helpers/api/v1/users_helper.rb
index 4d5288c..cdf9f59 100644
--- a/app/helpers/api/v1/users_helper.rb
+++ b/app/helpers/api/v1/users_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module Api::V1::UsersHelper
end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index de6be79..71249b9 100755
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module ApplicationHelper
end
diff --git a/app/helpers/benefit_forms_helper.rb b/app/helpers/benefit_forms_helper.rb
index 4378d04..c91e9bf 100644
--- a/app/helpers/benefit_forms_helper.rb
+++ b/app/helpers/benefit_forms_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module BenefitFormsHelper
end
diff --git a/app/helpers/dashboard_helper.rb b/app/helpers/dashboard_helper.rb
index a94ddfc..79ce46b 100755
--- a/app/helpers/dashboard_helper.rb
+++ b/app/helpers/dashboard_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module DashboardHelper
end
diff --git a/app/helpers/messages_helper.rb b/app/helpers/messages_helper.rb
index f1bca9f..1f84eb2 100644
--- a/app/helpers/messages_helper.rb
+++ b/app/helpers/messages_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module MessagesHelper
end
diff --git a/app/helpers/paid_time_off_helper.rb b/app/helpers/paid_time_off_helper.rb
index 2b35141..3a71d3a 100644
--- a/app/helpers/paid_time_off_helper.rb
+++ b/app/helpers/paid_time_off_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module PaidTimeOffHelper
end
diff --git a/app/helpers/password_resets_helper.rb b/app/helpers/password_resets_helper.rb
index 0c9d96e..86deb1f 100644
--- a/app/helpers/password_resets_helper.rb
+++ b/app/helpers/password_resets_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module PasswordResetsHelper
end
diff --git a/app/helpers/pay_helper.rb b/app/helpers/pay_helper.rb
index 0af6719..5cb59f3 100644
--- a/app/helpers/pay_helper.rb
+++ b/app/helpers/pay_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module PayHelper
end
diff --git a/app/helpers/performance_helper.rb b/app/helpers/performance_helper.rb
index b25da1f..95af860 100644
--- a/app/helpers/performance_helper.rb
+++ b/app/helpers/performance_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module PerformanceHelper
end
diff --git a/app/helpers/retirement_helper.rb b/app/helpers/retirement_helper.rb
index ff34695..67e04ea 100644
--- a/app/helpers/retirement_helper.rb
+++ b/app/helpers/retirement_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module RetirementHelper
end
diff --git a/app/helpers/schedule_helper.rb b/app/helpers/schedule_helper.rb
index 3334a9b..06f35c0 100644
--- a/app/helpers/schedule_helper.rb
+++ b/app/helpers/schedule_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module ScheduleHelper
end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 309f8b2..3c57237 100755
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module SessionsHelper
end
diff --git a/app/helpers/tutorials_helper.rb b/app/helpers/tutorials_helper.rb
index 30716fd..0f40d1c 100755
--- a/app/helpers/tutorials_helper.rb
+++ b/app/helpers/tutorials_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module TutorialsHelper
end
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 2310a24..6485901 100755
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module UsersHelper
end
diff --git a/app/helpers/work_info_helper.rb b/app/helpers/work_info_helper.rb
index 627e8e8..eede307 100644
--- a/app/helpers/work_info_helper.rb
+++ b/app/helpers/work_info_helper.rb
@@ -1,2 +1,3 @@
+# frozen_string_literal: true
module WorkInfoHelper
end
diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
index 209b839..9e4037a 100644
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class UserMailer < ActionMailer::Base
default from: "noreply@railsgoat.dev"
diff --git a/app/models/analytics.rb b/app/models/analytics.rb
index cb33f7b..ab8fd73 100644
--- a/app/models/analytics.rb
+++ b/app/models/analytics.rb
@@ -1,5 +1,6 @@
+# frozen_string_literal: true
class Analytics < ApplicationRecord
- scope :hits_by_ip, ->(ip,col="*") { select("#{col}").where(:ip_address => ip).order("id DESC")}
+ scope :hits_by_ip, ->(ip, col = "*") { select("#{col}").where(ip_address: ip).order("id DESC")}
def self.count_by_col(col)
calculate(:count, col)
diff --git a/app/models/application_record.rb b/app/models/application_record.rb
index 10a4cba..767a072 100644
--- a/app/models/application_record.rb
+++ b/app/models/application_record.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class ApplicationRecord < ActiveRecord::Base
self.abstract_class = true
end
diff --git a/app/models/benefits.rb b/app/models/benefits.rb
index 10a38fd..ff65555 100644
--- a/app/models/benefits.rb
+++ b/app/models/benefits.rb
@@ -1,6 +1,7 @@
+# frozen_string_literal: true
class Benefits < ApplicationRecord
- def self.save(file, backup=false)
+ def self.save(file, backup = false)
data_path = Rails.root.join("public", "data")
full_file_name = "#{data_path}/#{file.original_filename}"
f = File.open(full_file_name, "wb+")
@@ -10,7 +11,7 @@ class Benefits < ApplicationRecord
end
def self.make_backup(file, data_path, full_file_name)
- if File.exists?(full_file_name)
+ if File.exist?(full_file_name)
silence_streams(STDERR) { system("cp #{full_file_name} #{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}") }
end
end
@@ -18,7 +19,7 @@ class Benefits < ApplicationRecord
def self.silence_streams(*streams)
on_hold = streams.collect { |stream| stream.dup }
streams.each do |stream|
- stream.reopen(RUBY_PLATFORM =~ /mswin/ ? 'NUL:' : '/dev/null')
+ stream.reopen(RUBY_PLATFORM =~ /mswin/ ? "NUL:" : "/dev/null")
stream.sync = true
end
yield
diff --git a/app/models/key_management.rb b/app/models/key_management.rb
index 054d335..3d23549 100644
--- a/app/models/key_management.rb
+++ b/app/models/key_management.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class KeyManagement < ApplicationRecord
belongs_to :work_info
belongs_to :user
diff --git a/app/models/message.rb b/app/models/message.rb
index 07dc5fd..2796a51 100644
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -1,12 +1,13 @@
+# frozen_string_literal: true
class Message < ApplicationRecord
belongs_to :user
validates_presence_of :creator_id, :receiver_id, :message
def creator_name
- if creator = User.where(:user_id => self.creator_id).first
+ if creator = User.where(user_id: self.creator_id).first
creator.full_name
else
- "Name unavailable".html_safe
+ "Name unavailable"
end
end
end
diff --git a/app/models/paid_time_off.rb b/app/models/paid_time_off.rb
index d576733..6ba62c7 100644
--- a/app/models/paid_time_off.rb
+++ b/app/models/paid_time_off.rb
@@ -1,6 +1,7 @@
+# frozen_string_literal: true
class PaidTimeOff < ApplicationRecord
belongs_to :user
- has_many :schedule, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
+ has_many :schedule, foreign_key: :user_id, primary_key: :user_id, dependent: :destroy
def sick_days_remaining
self.sick_days_earned - self.sick_days_taken
diff --git a/app/models/pay.rb b/app/models/pay.rb
index a2447db..a179afd 100644
--- a/app/models/pay.rb
+++ b/app/models/pay.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class Pay < ApplicationRecord
# Associations
belongs_to :user
diff --git a/app/models/performance.rb b/app/models/performance.rb
index fe746db..110027e 100644
--- a/app/models/performance.rb
+++ b/app/models/performance.rb
@@ -1,8 +1,9 @@
+# frozen_string_literal: true
class Performance < ApplicationRecord
belongs_to :user
def reviewer_name
u = User.find_by_id(self.reviewer)
- u.full_name if u.respond_to?('fullname')
+ u.full_name if u.respond_to?("fullname")
end
end
diff --git a/app/models/retirement.rb b/app/models/retirement.rb
index e1d7d19..a23c236 100644
--- a/app/models/retirement.rb
+++ b/app/models/retirement.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class Retirement < ApplicationRecord
belongs_to :user
end
diff --git a/app/models/schedule.rb b/app/models/schedule.rb
index 65bff12..69c99e0 100644
--- a/app/models/schedule.rb
+++ b/app/models/schedule.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class Schedule < ApplicationRecord
belongs_to :paid_time_off
diff --git a/app/models/user.rb b/app/models/user.rb
index 31d21ab..3468edd 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,46 +1,45 @@
-require 'encryption'
+# frozen_string_literal: true
+require "encryption"
class User < ApplicationRecord
- validates :password, :presence => true,
- :confirmation => true,
- :length => {:within => 6..40},
- :on => :create,
- :if => :password
+ validates :password, presence: true,
+ confirmation: true,
+ length: {within: 6..40},
+ on: :create,
+ if: :password
validates_presence_of :email
validates_uniqueness_of :email
- validates_format_of :email, :with => /.+@.+\..+/i
+ validates_format_of :email, with: /.+@.+\..+/i
attr_accessor :skip_user_id_assign
- before_save :assign_user_id, :on => :create
+ before_save :assign_user_id, on: :create
before_save :hash_password
- has_one :retirement, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
- has_one :paid_time_off, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
- has_one :work_info, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
- has_many :performance, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
- has_many :messages, :foreign_key => :receiver_id, :primary_key => :user_id, :dependent => :destroy
- has_many :pay, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
+ has_one :retirement, foreign_key: :user_id, primary_key: :user_id, dependent: :destroy
+ has_one :paid_time_off, foreign_key: :user_id, primary_key: :user_id, dependent: :destroy
+ has_one :work_info, foreign_key: :user_id, primary_key: :user_id, dependent: :destroy
+ has_many :performance, foreign_key: :user_id, primary_key: :user_id, dependent: :destroy
+ has_many :messages, foreign_key: :receiver_id, primary_key: :user_id, dependent: :destroy
+ has_many :pay, foreign_key: :user_id, primary_key: :user_id, dependent: :destroy
before_create { generate_token(:auth_token) }
before_create :build_benefits_data
def build_benefits_data
- build_retirement(POPULATE_RETIREMENTS.shuffle.first)
- build_paid_time_off(POPULATE_PAID_TIME_OFF.shuffle.first).schedule.build(POPULATE_SCHEDULE.shuffle.first)
- build_work_info(POPULATE_WORK_INFO.shuffle.first)
+ build_retirement(POPULATE_RETIREMENTS.sample)
+ build_paid_time_off(POPULATE_PAID_TIME_OFF.sample).schedule.build(POPULATE_SCHEDULE.sample)
+ build_work_info(POPULATE_WORK_INFO.sample)
# Uncomment below line to use encrypted SSN(s)
#work_info.build_key_management(:iv => SecureRandom.hex(32))
- performance.build(POPULATE_PERFORMANCE.shuffle.first)
+ performance.build(POPULATE_PERFORMANCE.sample)
end
def full_name
"#{self.first_name} #{self.last_name}"
end
-=begin
- # Instead of the entire user object being returned, we can use this to filter.
- def as_json
- super(only: [:user_id, :email, :first_name, :last_name])
- end
-=end
+# # Instead of the entire user object being returned, we can use this to filter.
+# def as_json
+# super(only: [:user_id, :email, :first_name, :last_name])
+# end
private
@@ -59,7 +58,7 @@ class User < ApplicationRecord
def assign_user_id
unless @skip_user_id_assign.present? || self.user_id.present?
user = User.order("user_id").last
- uid = if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}"))
+ uid = if user && user.user_id && !(User.exists?(user_id: "#{user.user_id.to_i + 1}"))
user.user_id.to_i + 1
else
1
@@ -75,8 +74,7 @@ class User < ApplicationRecord
end
def generate_token(column)
- begin
- self[column] = Encryption.encrypt_sensitive_value(self.user_id)
- end while User.exists?(column => self[column])
+ self[column] = Encryption.encrypt_sensitive_value(self.user_id)
+ generate_token(column) if User.exists?(column => self[column])
end
end
diff --git a/app/models/work_info.rb b/app/models/work_info.rb
index bdf65df..bab9aa4 100644
--- a/app/models/work_info.rb
+++ b/app/models/work_info.rb
@@ -1,11 +1,12 @@
+# frozen_string_literal: true
class WorkInfo < ApplicationRecord
belongs_to :user
- has_one :key_management, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
+ has_one :key_management, foreign_key: :user_id, primary_key: :user_id, dependent: :destroy
#before_save :encrypt_ssn
# We should probably use this
def last_four
- "***-**-" << self.decrypt_ssn[-4,4]
+ "***-**-" << self.decrypt_ssn[-4, 4]
end
def encrypt_ssn
@@ -36,6 +37,6 @@ class WorkInfo < ApplicationRecord
end
def cipher_type
- 'aes-256-cbc'
+ "aes-256-cbc"
end
end
diff --git a/app/views/dashboard/dashboard_stats.html.erb b/app/views/dashboard/pie_charts.html.erb
similarity index 100%
rename from app/views/dashboard/dashboard_stats.html.erb
rename to app/views/dashboard/pie_charts.html.erb
diff --git a/config.ru b/config.ru
index 5bc2a61..d10ffdd 100755
--- a/config.ru
+++ b/config.ru
@@ -1,4 +1,5 @@
+# frozen_string_literal: true
# This file is used by Rack-based servers to start the application.
-require ::File.expand_path('../config/environment', __FILE__)
+require ::File.expand_path("../config/environment", __FILE__)
run Rails.application
diff --git a/config/application.rb b/config/application.rb
index 06727f0..b27f634 100755
--- a/config/application.rb
+++ b/config/application.rb
@@ -1,6 +1,7 @@
-require File.expand_path('../boot', __FILE__)
+# frozen_string_literal: true
+require File.expand_path("../boot", __FILE__)
-require 'rails/all'
+require "rails/all"
# Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production.
@@ -46,12 +47,12 @@ module Railsgoat
# Enable the asset pipeline
config.assets.enabled = true
-
+
# add app/assets/fonts to the asset path
config.assets.paths << Rails.root.join("app", "assets", "fonts")
# Version of your assets, change this if you want to expire all your assets
- config.assets.version = '1.0'
+ config.assets.version = "1.0"
I18n.config.enforce_available_locales = false
end
diff --git a/config/boot.rb b/config/boot.rb
index 3596736..5e28a74 100755
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,4 +1,5 @@
+# frozen_string_literal: true
# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__)
-require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+require "bundler/setup" if File.exist?(ENV["BUNDLE_GEMFILE"])
diff --git a/config/environment.rb b/config/environment.rb
index e3ae560..0effbcf 100755
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -1,5 +1,6 @@
+# frozen_string_literal: true
# Load the Rails application.
-require File.expand_path('../application', __FILE__)
+require File.expand_path("../application", __FILE__)
# Initialize the Rails application.
Railsgoat::Application.initialize!
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 3e46de3..5196727 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
Railsgoat::Application.configure do
# Settings specified here will take precedence over those in config/application.rb
@@ -30,8 +31,8 @@ Railsgoat::Application.configure do
# ActionMailer settings for email support
config.action_mailer.delivery_method = :smtp
- config.action_mailer.smtp_settings = { :address => "127.0.0.1", :port => 1025 }
- config.action_mailer.default_url_options = { :host => "127.0.0.1:3000" }
+ config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 }
+ config.action_mailer.default_url_options = { host: "127.0.0.1:3000" }
# config.middleware.insert_before(
# Rack::Lock, Rack::LiveReload,
diff --git a/config/environments/mysql.rb b/config/environments/mysql.rb
index 3e46de3..5196727 100755
--- a/config/environments/mysql.rb
+++ b/config/environments/mysql.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
Railsgoat::Application.configure do
# Settings specified here will take precedence over those in config/application.rb
@@ -30,8 +31,8 @@ Railsgoat::Application.configure do
# ActionMailer settings for email support
config.action_mailer.delivery_method = :smtp
- config.action_mailer.smtp_settings = { :address => "127.0.0.1", :port => 1025 }
- config.action_mailer.default_url_options = { :host => "127.0.0.1:3000" }
+ config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 }
+ config.action_mailer.default_url_options = { host: "127.0.0.1:3000" }
# config.middleware.insert_before(
# Rack::Lock, Rack::LiveReload,
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 3f3d6b0..8a0c22e 100755
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
Railsgoat::Application.configure do
# Settings specified here will take precedence over those in config/application.rb
@@ -31,7 +32,7 @@ Railsgoat::Application.configure do
config.assets.digest = true
# For Rails 4.0+: Version of your assets, change this if you want to expire all your assets.
- config.assets.version = '1.0'
+ config.assets.version = "1.0"
# Defaults to nil and saved in location specified by config.assets.prefix
# config.assets.manifest = YOUR_PATH
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 22845da..efc1521 100755
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
Railsgoat::Application.configure do
# Settings specified here will take precedence over those in config/application.rb
@@ -9,7 +10,7 @@ Railsgoat::Application.configure do
# Configure static asset server for tests with Cache-Control for performance.
config.public_file_server.enabled = true
- config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
+ config.public_file_server.headers = { "Cache-Control" => "public, max-age=3600" }
# Show full error reports and disable caching.
config.consider_all_requests_local = true
diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb
index 701fd1e..891ade3 100644
--- a/config/initializers/assets.rb
+++ b/config/initializers/assets.rb
@@ -1 +1,2 @@
+# frozen_string_literal: true
Rails.application.config.assets.precompile += %w( validation.js jquery.dataTables.min.js fullcalendar.min.js moment.min.js )
diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb
index 59385cd..d0f0d3b 100755
--- a/config/initializers/backtrace_silencers.rb
+++ b/config/initializers/backtrace_silencers.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb
index 086522f..f0c53c4 100644
--- a/config/initializers/constants.rb
+++ b/config/initializers/constants.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
ACCESS_TOKEN_SALT = "S4828341189aefiasd#ASDF"
-RG_IV = "PPKLKAJDKGHALDJL482823458028"
\ No newline at end of file
+RG_IV = "PPKLKAJDKGHALDJL482823458028"
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index 4a994e1..b7fe123 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
diff --git a/config/initializers/html_entities.rb b/config/initializers/html_entities.rb
index 4db1c30..58f7972 100644
--- a/config/initializers/html_entities.rb
+++ b/config/initializers/html_entities.rb
@@ -1 +1,2 @@
+# frozen_string_literal: true
ActiveSupport::JSON::Encoding::escape_html_entities_in_json = false
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
index ac033bf..aa7435f 100755
--- a/config/initializers/inflections.rb
+++ b/config/initializers/inflections.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
# Add new inflection rules using the following format. Inflections
diff --git a/config/initializers/key.rb b/config/initializers/key.rb
index 89022ee..2ecae57 100644
--- a/config/initializers/key.rb
+++ b/config/initializers/key.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
if Rails.env.production?
# Specify env variable/location/etc. to retrieve key from
else
diff --git a/config/initializers/mime_types.rb b/config/initializers/mime_types.rb
index 72aca7e..f75864f 100755
--- a/config/initializers/mime_types.rb
+++ b/config/initializers/mime_types.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
# Add new mime types for use in respond_to blocks:
diff --git a/config/initializers/populate_user_data.rb b/config/initializers/populate_user_data.rb
index 863e84f..8df5a62 100644
--- a/config/initializers/populate_user_data.rb
+++ b/config/initializers/populate_user_data.rb
@@ -1,163 +1,164 @@
+# frozen_string_literal: true
POPULATE_RETIREMENTS = [
{
- :employee_contrib => "1000",
- :employer_contrib => "2000",
- :total => "4500"
+ employee_contrib: "1000",
+ employer_contrib: "2000",
+ total: "4500"
},
{
- :employee_contrib => "8000",
- :employer_contrib => "16000",
- :total => "30000"
+ employee_contrib: "8000",
+ employer_contrib: "16000",
+ total: "30000"
},
{
- :employee_contrib => "10000",
- :employer_contrib => "20000",
- :total => "40000"
+ employee_contrib: "10000",
+ employer_contrib: "20000",
+ total: "40000"
},
{
- :employee_contrib => "3000",
- :employer_contrib => "6000",
- :total => "12500"
+ employee_contrib: "3000",
+ employer_contrib: "6000",
+ total: "12500"
}
-
+
]
POPULATE_PAID_TIME_OFF = [
{
- :sick_days_taken => 2,
- :sick_days_earned => 5,
- :pto_taken => 5,
- :pto_earned => 30
+ sick_days_taken: 2,
+ sick_days_earned: 5,
+ pto_taken: 5,
+ pto_earned: 30
},
{
- :sick_days_taken => 3,
- :sick_days_earned => 6,
- :pto_taken => 3,
- :pto_earned => 20
+ sick_days_taken: 3,
+ sick_days_earned: 6,
+ pto_taken: 3,
+ pto_earned: 20
},
{
- :sick_days_taken => 2,
- :sick_days_earned => 5,
- :pto_taken => 5,
- :pto_earned => 30
+ sick_days_taken: 2,
+ sick_days_earned: 5,
+ pto_taken: 5,
+ pto_earned: 30
},
{
- :sick_days_taken => 1,
- :sick_days_earned => 5,
- :pto_taken => 10,
- :pto_earned => 30
+ sick_days_taken: 1,
+ sick_days_earned: 5,
+ pto_taken: 10,
+ pto_earned: 30
}
-
+
]
-
+
POPULATE_SCHEDULE = [
{
- :date_begin => Date.new(2014, 7, 30),
- :date_end => Date.new(2014, 8, 2),
- :event_type => "pto",
- :event_desc => "vacation to france",
- :event_name => "My 2014 Vacation"
-
+ date_begin: Date.new(2014, 7, 30),
+ date_end: Date.new(2014, 8, 2),
+ event_type: "pto",
+ event_desc: "vacation to france",
+ event_name: "My 2014 Vacation"
+
},
{
- :date_begin => Date.new(2013, 9, 1),
- :date_end => Date.new(2013, 9, 12),
- :event_type => "pto",
- :event_desc => "Going Home to see folks",
- :event_name => "Visit Parents"
-
+ date_begin: Date.new(2013, 9, 1),
+ date_end: Date.new(2013, 9, 12),
+ event_type: "pto",
+ event_desc: "Going Home to see folks",
+ event_name: "Visit Parents"
+
},
{
- :date_begin => Date.new(2013, 9, 13),
- :date_end => Date.new(2013, 9, 20),
- :event_type => "pto",
- :event_desc => "Taking kids to Grand Canyon",
- :event_name => "AZ Trip"
-
+ date_begin: Date.new(2013, 9, 13),
+ date_end: Date.new(2013, 9, 20),
+ event_type: "pto",
+ event_desc: "Taking kids to Grand Canyon",
+ event_name: "AZ Trip"
+
},
{
- :date_begin => Date.new(2013, 12, 20),
- :date_end => Date.new(2013, 12, 30),
- :event_type => "pto",
- :event_desc => "Xmas Staycation",
- :event_name => "Christmas Leave"
+ date_begin: Date.new(2013, 12, 20),
+ date_end: Date.new(2013, 12, 30),
+ event_type: "pto",
+ event_desc: "Xmas Staycation",
+ event_name: "Christmas Leave"
}
]
-
+
POPULATE_WORK_INFO = [
{
- :income => "$50,000",
- :bonuses => "$10,000",
- :years_worked => 2,
- :SSN => "666-66-6666",
- :DoB => "01-01-1980"
+ income: "$50,000",
+ bonuses: "$10,000",
+ years_worked: 2,
+ SSN: "666-66-6666",
+ DoB: "01-01-1980"
},
{
- :income => "$40,000",
- :bonuses => "$10,000",
- :years_worked => 1,
- :SSN => "777-77-7777",
- :DoB => "01-01-1979"
+ income: "$40,000",
+ bonuses: "$10,000",
+ years_worked: 1,
+ SSN: "777-77-7777",
+ DoB: "01-01-1979"
},
{
- :income => "$60,000",
- :bonuses => "$12,000",
- :years_worked => 3,
- :SSN => "888-88-8888",
- :DoB => "01-01-1981"
+ income: "$60,000",
+ bonuses: "$12,000",
+ years_worked: 3,
+ SSN: "888-88-8888",
+ DoB: "01-01-1981"
},
{
- :income => "$30,000",
- :bonuses => "7,000",
- :years_worked => 1,
- :SSN => "999-99-9999",
- :DoB => "01-01-1982"
- }
+ income: "$30,000",
+ bonuses: "7,000",
+ years_worked: 1,
+ SSN: "999-99-9999",
+ DoB: "01-01-1982"
+ }
]
-
+
POPULATE_PERFORMANCE = [
{
- :reviewer => 1,
- :comments => "Great job! You are my hero",
- :date_submitted => Date.new(2012, 01, 01),
- :score => 5
+ reviewer: 1,
+ comments: "Great job! You are my hero",
+ date_submitted: Date.new(2012, 01, 01),
+ score: 5
},
{
- :reviewer => 1,
- :comments => "Once again, you've done a great job this year. We greatly appreciate your hard work.",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 5
+ reviewer: 1,
+ comments: "Once again, you've done a great job this year. We greatly appreciate your hard work.",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 5
},
{
- :reviewer => 1,
- :comments => "Great worker, great attitude for this newcomer!",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 5
+ reviewer: 1,
+ comments: "Great worker, great attitude for this newcomer!",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 5
},
{
- :reviewer => 1,
- :comments => "Wow, right out of the gate we've been very impressed but unfortunately, our system doesn't allow us to give you a full 5.0 because other ppl have gotten 5.0 ratings.",
- :date_submitted => Date.new(2011, 01, 01),
- :score => 4
+ reviewer: 1,
+ comments: "Wow, right out of the gate we've been very impressed but unfortunately, our system doesn't allow us to give you a full 5.0 because other ppl have gotten 5.0 ratings.",
+ date_submitted: Date.new(2011, 01, 01),
+ score: 4
},
{
- :reviewer => 1,
- :comments => "We highly recommend promotion for this employee! Consistent performer with proven leadership qualities.",
- :date_submitted => Date.new(2012, 01, 01),
- :score => 5
+ reviewer: 1,
+ comments: "We highly recommend promotion for this employee! Consistent performer with proven leadership qualities.",
+ date_submitted: Date.new(2012, 01, 01),
+ score: 5
},
{
- :reviewer => 1,
- :comments => "Right out of the gate has made incredible moves as a newly appointed leader. His only improvement would be more cowbell. Not enough of it.",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 4
+ reviewer: 1,
+ comments: "Right out of the gate has made incredible moves as a newly appointed leader. His only improvement would be more cowbell. Not enough of it.",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 4
},
{
- :reviewer => 1,
- :comments => "Ehh, you are okay, we will let you stay..... barely",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 2
+ reviewer: 1,
+ comments: "Ehh, you are okay, we will let you stay..... barely",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 2
}
- ]
\ No newline at end of file
+ ]
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index 6bae38e..bceabf3 100755
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -1,8 +1,9 @@
+# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
# Your secret key for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
-Railsgoat::Application.config.secret_token = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4'
-Railsgoat::Application.config.secret_key_base = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4'
+Railsgoat::Application.config.secret_token = "2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4"
+Railsgoat::Application.config.secret_key_base = "2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4"
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index caf4a5b..6c1cba4 100755
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
-Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session', httponly: false
+Railsgoat::Application.config.session_store :cookie_store, key: "_railsgoat_session", httponly: false
diff --git a/config/initializers/strong_parameters.rb b/config/initializers/strong_parameters.rb
index 394c1f5..95b4946 100644
--- a/config/initializers/strong_parameters.rb
+++ b/config/initializers/strong_parameters.rb
@@ -1 +1,2 @@
+# frozen_string_literal: true
ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
diff --git a/config/initializers/wrap_parameters.rb b/config/initializers/wrap_parameters.rb
index 6835995..6780279 100755
--- a/config/initializers/wrap_parameters.rb
+++ b/config/initializers/wrap_parameters.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
#
# This file contains settings for ActionController::ParamsWrapper which
diff --git a/config/routes.rb b/config/routes.rb
index 7fe93b7..4cd9f77 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
Railsgoat::Application.routes.draw do
get "login" => "sessions#new"
@@ -78,14 +79,14 @@ Railsgoat::Application.routes.draw do
end
end
- namespace :api, defaults: {format: 'json'} do
+ namespace :api, defaults: {format: "json"} do
namespace :v1 do
resources :users
resources :mobile
end
- end
+ end
- root :to => "sessions#new"
+ root to: "sessions#new"
end
diff --git a/db/migrate/20130424220355_create_users.rb b/db/migrate/20130424220355_create_users.rb
index 59967a0..fbf4b0e 100755
--- a/db/migrate/20130424220355_create_users.rb
+++ b/db/migrate/20130424220355_create_users.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateUsers < ActiveRecord::Migration
def change
create_table :users do |t|
diff --git a/db/migrate/20130524222129_create_retirements.rb b/db/migrate/20130524222129_create_retirements.rb
index 4da11ae..8ba371b 100644
--- a/db/migrate/20130524222129_create_retirements.rb
+++ b/db/migrate/20130524222129_create_retirements.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateRetirements < ActiveRecord::Migration
def change
create_table :retirements do |t|
diff --git a/db/migrate/20130525001150_create_paid_time_offs.rb b/db/migrate/20130525001150_create_paid_time_offs.rb
index 26d9844..71e0879 100644
--- a/db/migrate/20130525001150_create_paid_time_offs.rb
+++ b/db/migrate/20130525001150_create_paid_time_offs.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreatePaidTimeOffs < ActiveRecord::Migration
def change
create_table :paid_time_offs do |t|
diff --git a/db/migrate/20130527165832_create_schedules.rb b/db/migrate/20130527165832_create_schedules.rb
index 786cdc2..4f4d9aa 100644
--- a/db/migrate/20130527165832_create_schedules.rb
+++ b/db/migrate/20130527165832_create_schedules.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateSchedules < ActiveRecord::Migration
def change
create_table :schedules do |t|
diff --git a/db/migrate/20130531143853_create_work_infos.rb b/db/migrate/20130531143853_create_work_infos.rb
index c8ad97b..0b10c6b 100644
--- a/db/migrate/20130531143853_create_work_infos.rb
+++ b/db/migrate/20130531143853_create_work_infos.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateWorkInfos < ActiveRecord::Migration
def change
create_table :work_infos do |t|
diff --git a/db/migrate/20130531182058_create_performances.rb b/db/migrate/20130531182058_create_performances.rb
index a384964..d97fa80 100644
--- a/db/migrate/20130531182058_create_performances.rb
+++ b/db/migrate/20130531182058_create_performances.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreatePerformances < ActiveRecord::Migration
def change
create_table :performances do |t|
diff --git a/db/migrate/20130708202859_create_benefits.rb b/db/migrate/20130708202859_create_benefits.rb
index 39c63b6..1e329c4 100644
--- a/db/migrate/20130708202859_create_benefits.rb
+++ b/db/migrate/20130708202859_create_benefits.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateBenefits < ActiveRecord::Migration
def change
create_table :benefits do |t|
diff --git a/db/migrate/20131011180207_create_messages.rb b/db/migrate/20131011180207_create_messages.rb
index 3657a81..a92fd86 100644
--- a/db/migrate/20131011180207_create_messages.rb
+++ b/db/migrate/20131011180207_create_messages.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateMessages < ActiveRecord::Migration
def change
create_table :messages do |t|
diff --git a/db/migrate/20131112235256_add_encrypted_ssn_to_work_infos.rb b/db/migrate/20131112235256_add_encrypted_ssn_to_work_infos.rb
index 2c7935a..573dbd7 100644
--- a/db/migrate/20131112235256_add_encrypted_ssn_to_work_infos.rb
+++ b/db/migrate/20131112235256_add_encrypted_ssn_to_work_infos.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class AddEncryptedSsnToWorkInfos < ActiveRecord::Migration
def change
add_column :work_infos, :encrypted_ssn, :binary
diff --git a/db/migrate/20131113200708_create_key_managements.rb b/db/migrate/20131113200708_create_key_managements.rb
index 96ce247..fb31156 100644
--- a/db/migrate/20131113200708_create_key_managements.rb
+++ b/db/migrate/20131113200708_create_key_managements.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateKeyManagements < ActiveRecord::Migration
def change
create_table :key_managements do |t|
diff --git a/db/migrate/20140312002642_add_auth_token_to_users.rb b/db/migrate/20140312002642_add_auth_token_to_users.rb
index 2c83ac1..7e72720 100644
--- a/db/migrate/20140312002642_add_auth_token_to_users.rb
+++ b/db/migrate/20140312002642_add_auth_token_to_users.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class AddAuthTokenToUsers < ActiveRecord::Migration
def change
add_column :users, :auth_token, :string
diff --git a/db/migrate/20140315002730_create_pays.rb b/db/migrate/20140315002730_create_pays.rb
index 78a9b37..513ba3d 100644
--- a/db/migrate/20140315002730_create_pays.rb
+++ b/db/migrate/20140315002730_create_pays.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreatePays < ActiveRecord::Migration
def change
create_table :pays do |t|
diff --git a/db/migrate/20140408185601_create_analytics.rb b/db/migrate/20140408185601_create_analytics.rb
index 459db9d..b05d5e3 100644
--- a/db/migrate/20140408185601_create_analytics.rb
+++ b/db/migrate/20140408185601_create_analytics.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class CreateAnalytics < ActiveRecord::Migration
def change
create_table :analytics do |t|
diff --git a/db/schema.rb b/db/schema.rb
index da237a3..bef5c87 100755
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# This file is auto-generated from the current state of the database. Instead
# of editing this file, please use the migrations feature of Active Record to
# incrementally modify your database, and then regenerate this schema definition.
diff --git a/db/seeds.rb b/db/seeds.rb
index 2182f2c..3a04f34 100755
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -1,274 +1,275 @@
+# frozen_string_literal: true
# This file should contain all the record creation needed to seed the database with its default values.
# The data can then be loaded with the rails db:seed (or created alongside the db with db:setup).
#
users = [
{
- :email => "admin@metacorp.com",
- :admin => true,
- :password => "admin1234",
- :password_confirmation => "admin1234",
- :first_name => "Admin",
- :last_name => "",
- :user_id =>1
+ email: "admin@metacorp.com",
+ admin: true,
+ password: "admin1234",
+ password_confirmation: "admin1234",
+ first_name: "Admin",
+ last_name: "",
+ user_id: 1
},
{
- :email => "jmmastey@metacorp.com",
- :admin => false,
- :password => "railsgoat!",
- :password_confirmation => "railsgoat!",
- :first_name => "Joseph",
- :last_name => "Mastey",
- :user_id => 2
+ email: "jmmastey@metacorp.com",
+ admin: false,
+ password: "railsgoat!",
+ password_confirmation: "railsgoat!",
+ first_name: "Joseph",
+ last_name: "Mastey",
+ user_id: 2
},
{
- :email => "jim@metacorp.com",
- :admin => false,
- :password => "alohaowasp",
- :password_confirmation => "alohaowasp",
- :first_name => "Jim",
- :last_name => "Manico",
- :user_id =>3
+ email: "jim@metacorp.com",
+ admin: false,
+ password: "alohaowasp",
+ password_confirmation: "alohaowasp",
+ first_name: "Jim",
+ last_name: "Manico",
+ user_id: 3
},
{
- :email => "mike@metacorp.com",
- :admin => false,
- :password => "motocross1445",
- :password_confirmation => "motocross1445",
- :first_name => "Mike",
- :last_name => "McCabe",
- :user_id =>4
+ email: "mike@metacorp.com",
+ admin: false,
+ password: "motocross1445",
+ password_confirmation: "motocross1445",
+ first_name: "Mike",
+ last_name: "McCabe",
+ user_id: 4
},
{
- :email => "ken@metacorp.com",
- :admin => false,
- :password => "citrusblend",
- :password_confirmation => "citrusblend",
- :first_name => "Ken",
- :last_name => "Johnson",
- :user_id =>5
+ email: "ken@metacorp.com",
+ admin: false,
+ password: "citrusblend",
+ password_confirmation: "citrusblend",
+ first_name: "Ken",
+ last_name: "Johnson",
+ user_id: 5
},
{
- :email => "admin2@metacorp.com",
- :admin => false,
- :password => "adminadmin",
- :password_confirmation => "adminadmin",
- :first_name => "Admin2",
- :last_name => "",
- :user_id =>6
+ email: "admin2@metacorp.com",
+ admin: false,
+ password: "adminadmin",
+ password_confirmation: "adminadmin",
+ first_name: "Admin2",
+ last_name: "",
+ user_id: 6
}
]
retirements = [
{
- :user_id => 2,
- :employee_contrib => "1000",
- :employer_contrib => "2000",
- :total => "4500"
+ user_id: 2,
+ employee_contrib: "1000",
+ employer_contrib: "2000",
+ total: "4500"
},
{
- :user_id => 3,
- :employee_contrib => "8000",
- :employer_contrib => "16000",
- :total => "30000"
+ user_id: 3,
+ employee_contrib: "8000",
+ employer_contrib: "16000",
+ total: "30000"
},
{
- :user_id => 4,
- :employee_contrib => "10000",
- :employer_contrib => "20000",
- :total => "40000"
+ user_id: 4,
+ employee_contrib: "10000",
+ employer_contrib: "20000",
+ total: "40000"
},
{
- :user_id => 5,
- :employee_contrib => "3000",
- :employer_contrib => "6000",
- :total => "12500"
+ user_id: 5,
+ employee_contrib: "3000",
+ employer_contrib: "6000",
+ total: "12500"
}
]
paid_time_off = [
{
- :user_id => 2,
- :sick_days_taken => 2,
- :sick_days_earned => 5,
- :pto_taken => 5,
- :pto_earned => 30
+ user_id: 2,
+ sick_days_taken: 2,
+ sick_days_earned: 5,
+ pto_taken: 5,
+ pto_earned: 30
},
{
- :user_id => 3,
- :sick_days_taken => 3,
- :sick_days_earned => 6,
- :pto_taken => 3,
- :pto_earned => 20
+ user_id: 3,
+ sick_days_taken: 3,
+ sick_days_earned: 6,
+ pto_taken: 3,
+ pto_earned: 20
},
{
- :user_id => 4,
- :sick_days_taken => 2,
- :sick_days_earned => 5,
- :pto_taken => 5,
- :pto_earned => 30
+ user_id: 4,
+ sick_days_taken: 2,
+ sick_days_earned: 5,
+ pto_taken: 5,
+ pto_earned: 30
},
{
- :user_id => 5,
- :sick_days_taken => 1,
- :sick_days_earned => 5,
- :pto_taken => 10,
- :pto_earned => 30
+ user_id: 5,
+ sick_days_taken: 1,
+ sick_days_earned: 5,
+ pto_taken: 10,
+ pto_earned: 30
}
]
schedule = [
{
- :user_id => 2,
- :date_begin => Date.new(2014, 7, 30),
- :date_end => Date.new(2014, 8, 2),
- :event_type => "pto",
- :event_desc => "vacation to france",
- :event_name => "My 2014 Vacation"
+ user_id: 2,
+ date_begin: Date.new(2014, 7, 30),
+ date_end: Date.new(2014, 8, 2),
+ event_type: "pto",
+ event_desc: "vacation to france",
+ event_name: "My 2014 Vacation"
},
{
- :user_id => 3,
- :date_begin => Date.new(2013, 9, 1),
- :date_end => Date.new(2013, 9, 12),
- :event_type => "pto",
- :event_desc => "Going Home to see folks",
- :event_name => "Visit Parents"
+ user_id: 3,
+ date_begin: Date.new(2013, 9, 1),
+ date_end: Date.new(2013, 9, 12),
+ event_type: "pto",
+ event_desc: "Going Home to see folks",
+ event_name: "Visit Parents"
},
{
- :user_id => 4,
- :date_begin => Date.new(2013, 9, 13),
- :date_end => Date.new(2013, 9, 20),
- :event_type => "pto",
- :event_desc => "Taking kids to Grand Canyon",
- :event_name => "AZ Trip"
+ user_id: 4,
+ date_begin: Date.new(2013, 9, 13),
+ date_end: Date.new(2013, 9, 20),
+ event_type: "pto",
+ event_desc: "Taking kids to Grand Canyon",
+ event_name: "AZ Trip"
},
{
- :user_id => 5,
- :date_begin => Date.new(2013, 12, 20),
- :date_end => Date.new(2013, 12, 30),
- :event_type => "pto",
- :event_desc => "Xmas Staycation",
- :event_name => "Christmas Leave"
+ user_id: 5,
+ date_begin: Date.new(2013, 12, 20),
+ date_end: Date.new(2013, 12, 30),
+ event_type: "pto",
+ event_desc: "Xmas Staycation",
+ event_name: "Christmas Leave"
}
]
work_info = [
{
- :user_id => 2,
- :income => "$50,000",
- :bonuses => "$10,000",
- :years_worked => 2,
- :SSN => "555-55-5555",
- :DoB => "01-01-1980"
+ user_id: 2,
+ income: "$50,000",
+ bonuses: "$10,000",
+ years_worked: 2,
+ SSN: "555-55-5555",
+ DoB: "01-01-1980"
},
{
- :user_id => 3,
- :income => "$40,000",
- :bonuses => "$10,000",
- :years_worked => 1,
- :SSN => "333-33-3333",
- :DoB => "01-01-1979"
+ user_id: 3,
+ income: "$40,000",
+ bonuses: "$10,000",
+ years_worked: 1,
+ SSN: "333-33-3333",
+ DoB: "01-01-1979"
},
{
- :user_id => 4,
- :income => "$60,000",
- :bonuses => "$12,000",
- :years_worked => 3,
- :SSN => "444-44-4444",
- :DoB => "01-01-1981"
+ user_id: 4,
+ income: "$60,000",
+ bonuses: "$12,000",
+ years_worked: 3,
+ SSN: "444-44-4444",
+ DoB: "01-01-1981"
},
{
- :user_id => 5,
- :income => "$30,000",
- :bonuses => "7,000",
- :years_worked => 1,
- :SSN => "222-22-2222",
- :DoB => "01-01-1982"
+ user_id: 5,
+ income: "$30,000",
+ bonuses: "7,000",
+ years_worked: 1,
+ SSN: "222-22-2222",
+ DoB: "01-01-1982"
}
]
performance = [
{
- :user_id => 2,
- :reviewer => 1,
- :comments => "Great job! You are my hero",
- :date_submitted => Date.new(2012, 01, 01),
- :score => 5
+ user_id: 2,
+ reviewer: 1,
+ comments: "Great job! You are my hero",
+ date_submitted: Date.new(2012, 01, 01),
+ score: 5
},
{
- :user_id => 2,
- :reviewer => 1,
- :comments => "Once again, you've done a great job this year. We greatly appreciate your hard work.",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 5
+ user_id: 2,
+ reviewer: 1,
+ comments: "Once again, you've done a great job this year. We greatly appreciate your hard work.",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 5
},
{
- :user_id => 3,
- :reviewer => 1,
- :comments => "Great worker, great attitude for this newcomer!",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 5
+ user_id: 3,
+ reviewer: 1,
+ comments: "Great worker, great attitude for this newcomer!",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 5
},
{
- :user_id => 4,
- :reviewer => 1,
- :comments => "Wow, right out of the gate we've been very impressed but unfortunately, our system doesn't allow us to give you a full 5.0 because other ppl have gotten 5.0 ratings.",
- :date_submitted => Date.new(2011, 01, 01),
- :score => 4
+ user_id: 4,
+ reviewer: 1,
+ comments: "Wow, right out of the gate we've been very impressed but unfortunately, our system doesn't allow us to give you a full 5.0 because other ppl have gotten 5.0 ratings.",
+ date_submitted: Date.new(2011, 01, 01),
+ score: 4
},
{
- :user_id => 4,
- :reviewer => 1,
- :comments => "We highly recommend promotion for this employee! Consistent performer with proven leadership qualities.",
- :date_submitted => Date.new(2012, 01, 01),
- :score => 5
+ user_id: 4,
+ reviewer: 1,
+ comments: "We highly recommend promotion for this employee! Consistent performer with proven leadership qualities.",
+ date_submitted: Date.new(2012, 01, 01),
+ score: 5
},
{
- :user_id => 4,
- :reviewer => 1,
- :comments => "Right out of the gate, Mike has made incredible moves as a newly appointed leader. His only improvement would be more cowbell. Not enough of it.",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 4
+ user_id: 4,
+ reviewer: 1,
+ comments: "Right out of the gate, Mike has made incredible moves as a newly appointed leader. His only improvement would be more cowbell. Not enough of it.",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 4
},
{
- :user_id => 5,
- :reviewer => 1,
- :comments => "Ehh, you are okay, we will let you stay..... barely",
- :date_submitted => Date.new(2013, 01, 01),
- :score => 2
+ user_id: 5,
+ reviewer: 1,
+ comments: "Ehh, you are okay, we will let you stay..... barely",
+ date_submitted: Date.new(2013, 01, 01),
+ score: 2
}
]
messages = [
{
- :receiver_id => 2,
- :creator_id => 5,
- :message => "Your benefits have been updated.",
- :read => false
+ receiver_id: 2,
+ creator_id: 5,
+ message: "Your benefits have been updated.",
+ read: false
},
{
- :receiver_id => 3,
- :creator_id => 4,
- :message => "Please update your profile.",
- :read => false
+ receiver_id: 3,
+ creator_id: 4,
+ message: "Please update your profile.",
+ read: false
},
{
- :receiver_id => 4,
- :creator_id => 3,
- :message => "Welcome to Railsgoat.",
- :read => false
+ receiver_id: 4,
+ creator_id: 3,
+ message: "Welcome to Railsgoat.",
+ read: false
},
{
- :receiver_id => 5,
- :creator_id => 2,
- :message => "Hello friend.",
- :read => false
+ receiver_id: 5,
+ creator_id: 2,
+ message: "Hello friend.",
+ read: false
}
]
diff --git a/lib/encryption.rb b/lib/encryption.rb
index 31eeda3..3ec9fbe 100644
--- a/lib/encryption.rb
+++ b/lib/encryption.rb
@@ -1,16 +1,17 @@
+# frozen_string_literal: true
module Encryption
# Added a re-usable encryption routine, shouldn't be an issue!
- def self.encrypt_sensitive_value(val="")
+ def self.encrypt_sensitive_value(val = "")
aes = OpenSSL::Cipher.new(cipher_type)
aes.encrypt
aes.key = key[0..31]
aes.iv = iv[0..15] if iv != nil
new_val = aes.update("#{val}") + aes.final
- Base64.strict_encode64(new_val).encode('utf-8')
+ Base64.strict_encode64(new_val).encode("utf-8")
end
- def self.decrypt_sensitive_value(val="")
+ def self.decrypt_sensitive_value(val = "")
aes = OpenSSL::Cipher.new(cipher_type)
aes.decrypt
aes.key = key[0..31]
@@ -30,7 +31,7 @@ module Encryption
end
def self.cipher_type
- 'aes-256-cbc'
+ "aes-256-cbc"
end
end
diff --git a/lib/tasks/server.rake b/lib/tasks/server.rake
index a60c429..42d5105 100644
--- a/lib/tasks/server.rake
+++ b/lib/tasks/server.rake
@@ -1,19 +1,20 @@
+# frozen_string_literal: true
namespace :server do
-
+
desc "Start Rails"
task :start do
pid_file = "tmp/pids/server.pid"
- if !(File.exists?(pid_file))
+ if !(File.exist?(pid_file))
sh("rails s -d")
else
puts "[+] Server is already running"
end
end
-
+
desc "Stop Rails"
task :stop do
pid_file = "tmp/pids/server.pid"
- if File.exists?(pid_file)
+ if File.exist?(pid_file)
Process.kill("INT", File.read(pid_file).to_i)
else
puts "[-] Server isn't running"
diff --git a/lib/tasks/traning.rake b/lib/tasks/traning.rake
index 2a40c39..2eb8a11 100644
--- a/lib/tasks/traning.rake
+++ b/lib/tasks/traning.rake
@@ -1,4 +1,5 @@
-desc 'run training tests'
+# frozen_string_literal: true
+desc "run training tests"
task :training do
Rake::Task["spec:vulnerabilities"].invoke
-end
\ No newline at end of file
+end
diff --git a/script/rails b/script/rails
index f8da2cf..363bba2 100755
--- a/script/rails
+++ b/script/rails
@@ -1,6 +1,7 @@
#!/usr/bin/env ruby
+# frozen_string_literal: true
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
-APP_PATH = File.expand_path('../../config/application', __FILE__)
-require File.expand_path('../../config/boot', __FILE__)
-require 'rails/commands'
+APP_PATH = File.expand_path("../../config/application", __FILE__)
+require File.expand_path("../../config/boot", __FILE__)
+require "rails/commands"
diff --git a/spec/controllers/api/v1/users_controller_spec.rb b/spec/controllers/api/v1/users_controller_spec.rb
index 9b5309e..583a7e0 100644
--- a/spec/controllers/api/v1/users_controller_spec.rb
+++ b/spec/controllers/api/v1/users_controller_spec.rb
@@ -1,6 +1,6 @@
-=begin require 'spec_helper'
-
-describe Api::V1::UsersController do
-
-end
-=end
\ No newline at end of file
+# frozen_string_literal: true
+# require 'spec_helper'
+#
+# describe Api::V1::UsersController do
+#
+# end
diff --git a/spec/controllers/messages_controller_spec.rb b/spec/controllers/messages_controller_spec.rb
index 335cafc..5529a40 100644
--- a/spec/controllers/messages_controller_spec.rb
+++ b/spec/controllers/messages_controller_spec.rb
@@ -1 +1,2 @@
-require 'spec_helper'
\ No newline at end of file
+# frozen_string_literal: true
+require "spec_helper"
diff --git a/spec/controllers/password_resets_controller_spec.rb b/spec/controllers/password_resets_controller_spec.rb
index 335cafc..5529a40 100644
--- a/spec/controllers/password_resets_controller_spec.rb
+++ b/spec/controllers/password_resets_controller_spec.rb
@@ -1 +1,2 @@
-require 'spec_helper'
\ No newline at end of file
+# frozen_string_literal: true
+require "spec_helper"
diff --git a/spec/controllers/pay_controller_spec.rb b/spec/controllers/pay_controller_spec.rb
index 84b6475..5090e51 100644
--- a/spec/controllers/pay_controller_spec.rb
+++ b/spec/controllers/pay_controller_spec.rb
@@ -1,6 +1,6 @@
-=begin require 'spec_helper'
-
-describe PayController do
-
-end
-=end
+# frozen_string_literal: true
+# require 'spec_helper'
+#
+# describe PayController do
+#
+# end
diff --git a/spec/helpers/api/v1/users_helper_spec.rb b/spec/helpers/api/v1/users_helper_spec.rb
index ddaf80a..8bda71a 100644
--- a/spec/helpers/api/v1/users_helper_spec.rb
+++ b/spec/helpers/api/v1/users_helper_spec.rb
@@ -1,5 +1,6 @@
-=begin require 'spec_helper'
-
+# frozen_string_literal: true
+# require 'spec_helper'
+#
# Specs in this file have access to a helper object that includes
# the Api::V1::UsersHelper. For example:
#
@@ -10,7 +11,6 @@
# end
# end
# end
-describe Api::V1::UsersHelper do
- pending "add some examples to (or delete) #{__FILE__}"
-end
-=end
+# describe Api::V1::UsersHelper do
+# pending "add some examples to (or delete) #{__FILE__}"
+# end
diff --git a/spec/helpers/messages_helper_spec.rb b/spec/helpers/messages_helper_spec.rb
index f8ec369..5529a40 100644
--- a/spec/helpers/messages_helper_spec.rb
+++ b/spec/helpers/messages_helper_spec.rb
@@ -1 +1,2 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
diff --git a/spec/helpers/password_resets_helper_spec.rb b/spec/helpers/password_resets_helper_spec.rb
index 1e515dd..e1e5f1f 100644
--- a/spec/helpers/password_resets_helper_spec.rb
+++ b/spec/helpers/password_resets_helper_spec.rb
@@ -1,5 +1,6 @@
-=begin require 'spec_helper'
-
+# frozen_string_literal: true
+# require 'spec_helper'
+#
# Specs in this file have access to a helper object that includes
# the PasswordResetsHelper. For example:
#
@@ -10,7 +11,6 @@
# end
# end
# end
-describe PasswordResetsHelper do
- pending "add some examples to (or delete) #{__FILE__}"
-end
-=end
+# describe PasswordResetsHelper do
+# pending "add some examples to (or delete) #{__FILE__}"
+# end
diff --git a/spec/helpers/pay_helper_spec.rb b/spec/helpers/pay_helper_spec.rb
index b562100..a551f8d 100644
--- a/spec/helpers/pay_helper_spec.rb
+++ b/spec/helpers/pay_helper_spec.rb
@@ -1,5 +1,6 @@
-=begin require 'spec_helper'
-
+# frozen_string_literal: true
+# require 'spec_helper'
+#
# Specs in this file have access to a helper object that includes
# the PayHelper. For example:
#
@@ -10,7 +11,6 @@
# end
# end
# end
-describe PayHelper do
- pending "add some examples to (or delete) #{__FILE__}"
-end
-=end
+# describe PayHelper do
+# pending "add some examples to (or delete) #{__FILE__}"
+# end
diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb
index a79b75f..5529a40 100644
--- a/spec/mailers/user_mailer_spec.rb
+++ b/spec/mailers/user_mailer_spec.rb
@@ -1 +1,2 @@
-require "spec_helper"
\ No newline at end of file
+# frozen_string_literal: true
+require "spec_helper"
diff --git a/spec/models/benefits_spec.rb b/spec/models/benefits_spec.rb
index 5dd5d00..875b98f 100644
--- a/spec/models/benefits_spec.rb
+++ b/spec/models/benefits_spec.rb
@@ -1,4 +1,5 @@
-require 'spec_helper.rb'
+# frozen_string_literal: true
+require "spec_helper.rb"
describe User do
before(:all) do
diff --git a/spec/models/key_management_spec.rb b/spec/models/key_management_spec.rb
index 335cafc..5529a40 100644
--- a/spec/models/key_management_spec.rb
+++ b/spec/models/key_management_spec.rb
@@ -1 +1,2 @@
-require 'spec_helper'
\ No newline at end of file
+# frozen_string_literal: true
+require "spec_helper"
diff --git a/spec/models/message_spec.rb b/spec/models/message_spec.rb
index f8ec369..5529a40 100644
--- a/spec/models/message_spec.rb
+++ b/spec/models/message_spec.rb
@@ -1 +1,2 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
diff --git a/spec/models/pay_spec.rb b/spec/models/pay_spec.rb
index 40689ed..5b3ad29 100644
--- a/spec/models/pay_spec.rb
+++ b/spec/models/pay_spec.rb
@@ -1,6 +1,6 @@
-=begin require 'spec_helper'
-
-describe Pay do
- pending "add some examples to (or delete) #{__FILE__}"
-end
-=end
+# frozen_string_literal: true
+# require 'spec_helper'
+#
+# describe Pay do
+# pending "add some examples to (or delete) #{__FILE__}"
+# end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index ff4b60f..c97c4b1 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1,4 +1,5 @@
-require 'spec_helper.rb'
+# frozen_string_literal: true
+require "spec_helper.rb"
describe User do
before(:all) do
@@ -15,16 +16,16 @@ describe User do
end
it "should require a email" do
- expect(User.new(:email => "")).not_to be_valid
+ expect(User.new(email: "")).not_to be_valid
end
it "should require valid email" do
- expect(User.new(:email => "@gmail.com")).not_to be_valid
+ expect(User.new(email: "@gmail.com")).not_to be_valid
end
it "should require unique email" do
user = User.all.first
- expect(User.new(:email => user.email)).not_to be_valid
+ expect(User.new(email: user.email)).not_to be_valid
end
it "name can be updated" do
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 75e3560..3e79dbf 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,15 +1,16 @@
+# frozen_string_literal: true
# This file is copied to spec/ when you run 'rails generate rspec:install'
-ENV["RAILS_ENV"] ||= 'test'
+ENV["RAILS_ENV"] ||= "test"
# To use simplecov, do this: COVERAGE=true rake
-require 'simplecov'
+require "simplecov"
SimpleCov.start if ENV["COVERAGE"]
require File.expand_path("../../config/environment", __FILE__)
-require 'rspec/rails'
-require 'capybara/rails'
-require 'capybara/poltergeist'
-require 'database_cleaner'
+require "rspec/rails"
+require "capybara/rails"
+require "capybara/poltergeist"
+require "database_cleaner"
# Requires supporting ruby files with custom matchers and macros, etc,
# in spec/support/ and its subdirectories.
diff --git a/spec/support/capybara_shared.rb b/spec/support/capybara_shared.rb
index 132b50a..9a0ebe9 100644
--- a/spec/support/capybara_shared.rb
+++ b/spec/support/capybara_shared.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
# By default this will return true, and thus all of the Capybara specs will
# fail until a developer using the site for training has patched up all of
# the vulnerabilities.
@@ -8,7 +9,7 @@
$displayed_spec_notice = false
def verifying_fixed?
- maintainer_env_name = 'RAILSGOAT_MAINTAINER'
+ maintainer_env_name = "RAILSGOAT_MAINTAINER"
result = !ENV[maintainer_env_name]
if !$displayed_spec_notice && result
puts <<-NOTICE
@@ -35,13 +36,13 @@ def verifying_fixed?
end
def login(user)
- visit '/'
- within('.signup') do
- fill_in 'email', :with => user.email
- fill_in 'password', :with => user.clear_password
+ visit "/"
+ within(".signup") do
+ fill_in "email", with: user.email
+ fill_in "password", with: user.clear_password
end
- within('.actions') do
- click_on 'Login'
+ within(".actions") do
+ click_on "Login"
end
end
@@ -70,15 +71,30 @@ module Capybara::Poltergeist
end
class WarningSuppressor
- class << self
- def write(message)
- if message =~ /QFont::setPixelSize: Pixel size <= 0/ || message =~/CoreText performance note:/ || message =~/Method userSpaceScaleFactor in class NSView/ then 0 else puts(message);1;end
+ IGNORE_PATTERNS = [
+ /QFont::setPixelSize: Pixel size <= 0/,
+ /CoreText performance note:/,
+ /WARNING: Method userSpaceScaleFactor/
+ ]
+
+ def write(message)
+ if ignore?(message)
+ 0
+ else
+ puts(message)
+ 1
end
end
+
+ private
+
+ def ignore?(message)
+ IGNORE_PATTERNS.any? {|regexp| message =~ regexp }
+ end
end
Capybara.register_driver :poltergeist do |app|
- Capybara::Poltergeist::Driver.new(app, phantomjs_logger: WarningSuppressor, timeout: 60)
+ Capybara::Poltergeist::Driver.new(app, phantomjs_logger: WarningSuppressor.new, timeout: 60)
end
Capybara.javascript_driver = :poltergeist
diff --git a/spec/support/user_fixture.rb b/spec/support/user_fixture.rb
index f4f7e94..40cff53 100644
--- a/spec/support/user_fixture.rb
+++ b/spec/support/user_fixture.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
class UserFixture
def self.reset_all_users
User.delete_all
@@ -5,11 +6,11 @@ class UserFixture
end
def self.normal_user
- password = 'thi$ 1s cOmplExEr'
- user = User.new(:first_name => 'Joe', :last_name => 'Schmoe',
- :email => 'joe@schmoe.com', :password => password, :password_confirmation => password)
+ password = "thi$ 1s cOmplExEr"
+ user = User.new(first_name: "Joe", last_name: "Schmoe",
+ email: "joe@schmoe.com", password: password, password_confirmation: password)
def user.clear_password
- 'thi$ 1s cOmplExEr'
+ "thi$ 1s cOmplExEr"
end
user.save!
user
diff --git a/spec/views/password_resets/new.html.erb_spec.rb b/spec/views/password_resets/new.html.erb_spec.rb
index 36f35d4..d86c59d 100644
--- a/spec/views/password_resets/new.html.erb_spec.rb
+++ b/spec/views/password_resets/new.html.erb_spec.rb
@@ -1,6 +1,6 @@
-=begin require 'spec_helper'
-
-describe "password_resets/new.html.erb" do
- pending "add some examples to (or delete) #{__FILE__}"
-end
-=end
+# frozen_string_literal: true
+# require 'spec_helper'
+#
+# describe "password_resets/new.html.erb" do
+# pending "add some examples to (or delete) #{__FILE__}"
+# end
diff --git a/spec/vulnerabilities/broken_auth_spec.rb b/spec/vulnerabilities/broken_auth_spec.rb
index c9bf41c..5af2a7d 100644
--- a/spec/vulnerabilities/broken_auth_spec.rb
+++ b/spec/vulnerabilities/broken_auth_spec.rb
@@ -1,34 +1,35 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'broken_auth' do
+feature "broken_auth" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
- visit '/'
- within('.signup') do
- fill_in 'email', :with => @normal_user.email + 'not'
- fill_in 'password', :with => @normal_user.clear_password
+ visit "/"
+ within(".signup") do
+ fill_in "email", with: @normal_user.email + "not"
+ fill_in "password", with: @normal_user.clear_password
end
- within('.actions') do
- click_on 'Login'
+ within(".actions") do
+ click_on "Login"
end
pending if verifying_fixed?
- expect(find('div#flash_notice').text).to eq("#{@normal_user.email}not doesn't exist!")
+ expect(find("div#flash_notice").text).to eq("#{@normal_user.email}not doesn't exist!")
end
scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
- visit '/'
- within('.signup') do
- fill_in 'email', :with => @normal_user.email
- fill_in 'password', :with => @normal_user.clear_password + 'not'
+ visit "/"
+ within(".signup") do
+ fill_in "email", with: @normal_user.email
+ fill_in "password", with: @normal_user.clear_password + "not"
end
- within('.actions') do
- click_on 'Login'
+ within(".actions") do
+ click_on "Login"
end
pending if verifying_fixed?
- expect(find('div#flash_notice').text).to eq('Incorrect Password!')
+ expect(find("div#flash_notice").text).to eq("Incorrect Password!")
end
end
diff --git a/spec/vulnerabilities/command_injection_spec.rb b/spec/vulnerabilities/command_injection_spec.rb
index abef895..ad8a678 100644
--- a/spec/vulnerabilities/command_injection_spec.rb
+++ b/spec/vulnerabilities/command_injection_spec.rb
@@ -1,29 +1,30 @@
-require 'spec_helper'
-require 'tmpdir'
+# frozen_string_literal: true
+require "spec_helper"
+require "tmpdir"
-feature 'command injection' do
+feature "command injection" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
- scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection", :js => true do
+ scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection", js: true do
login @normal_user
- legit_file = File.join(Rails.root, 'public', 'data', 'legit.txt')
- File.open(legit_file, 'w') { |f| f.puts 'totes legit' }
+ legit_file = File.join(Rails.root, "public", "data", "legit.txt")
+ File.open(legit_file, "w") { |f| f.puts "totes legit" }
visit "/users/#{@normal_user.user_id}/benefit_forms"
Dir.mktmpdir do |dir|
- hackety_file = File.join(dir, 'test; cd public && cd data && rm -f * ;')
- File.open(hackety_file, 'w') { |f| f.print 'mwahaha' }
- within('.new_benefits') do
- attach_file 'benefits_upload', hackety_file
- find(:xpath, "//input[@id='benefits_backup']", :visible => false).set 'true'
+ hackety_file = File.join(dir, "test; cd public && cd data && rm -f * ;")
+ File.open(hackety_file, "w") { |f| f.print "mwahaha" }
+ within(".new_benefits") do
+ attach_file "benefits_upload", hackety_file
+ find(:xpath, "//input[@id='benefits_backup']", visible: false).set "true"
end
- click_on 'Start Upload'
+ click_on "Start Upload"
end
pending if verifying_fixed?
- expect(File.exists?(legit_file)).to be_falsey
+ expect(File.exist?(legit_file)).to be_falsey
end
end
diff --git a/spec/vulnerabilities/csrf_spec.rb b/spec/vulnerabilities/csrf_spec.rb
index 2b3914a..a8b68f7 100644
--- a/spec/vulnerabilities/csrf_spec.rb
+++ b/spec/vulnerabilities/csrf_spec.rb
@@ -1,23 +1,24 @@
-require 'spec_helper'
-require 'tmpdir'
+# frozen_string_literal: true
+require "spec_helper"
+require "tmpdir"
-feature 'csrf' do
+feature "csrf" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
- scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF", :js => true do
- visit '/'
+ scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF", js: true do
+ visit "/"
# TODO: is there a way to get this without visiting root first?
base_url = current_url
login @normal_user
Dir.mktmpdir do |dir|
- hackety_file = File.join(dir, 'form.on.bad.guy.site.html')
+ hackety_file = File.join(dir, "form.on.bad.guy.site.html")
post_url = "#{base_url}schedule.json"
- File.open(hackety_file, 'w') do |f|
+ File.open(hackety_file, "w") do |f|
f.print <<-HTML
@@ -34,12 +35,12 @@ feature 'csrf' do
end
page.driver.visit "file://#{hackety_file}"
- within('#submit_me') do
- click_on 'Submit request'
+ within("#submit_me") do
+ click_on "Submit request"
end
end
pending if verifying_fixed?
- expect(@normal_user.reload.paid_time_off.schedule.last.event_name).to eq('Bad Guy')
+ expect(@normal_user.reload.paid_time_off.schedule.last.event_name).to eq("Bad Guy")
end
end
diff --git a/spec/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb
index 9de485c..c990bef 100644
--- a/spec/vulnerabilities/insecure_dor_spec.rb
+++ b/spec/vulnerabilities/insecure_dor_spec.rb
@@ -1,32 +1,33 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'insecure direct object reference' do
+feature "insecure direct object reference" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
- scenario 'attack one' do
+ scenario "attack one" do
login(@normal_user)
visit "/users/#{@normal_user.user_id}/benefit_forms"
- download_url = first('.widget-body a')[:href]
- visit download_url.sub(/name=(.*?)&/, 'name=config/database.yml&')
+ download_url = first(".widget-body a")[:href]
+ visit download_url.sub(/name=(.*?)&/, "name=config/database.yml&")
pending if verifying_fixed?
expect(page.status_code).to eq(200)
- expect(page.response_headers['Content-Disposition']).to include('database.yml')
- expect(page.response_headers['Content-Length']).to eq('710')
+ expect(page.response_headers["Content-Disposition"]).to include("database.yml")
+ expect(page.response_headers["Content-Length"]).to eq("710")
end
scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do
login(@normal_user)
expect(@normal_user.user_id).not_to eq(2)
- visit '/users/2/work_info'
+ visit "/users/2/work_info"
pending if verifying_fixed?
- expect(first('td').text).to eq('Joseph Mastey')
+ expect(first("td").text).to eq("Joseph Mastey")
end
end
diff --git a/spec/vulnerabilities/mass_assignment_spec.rb b/spec/vulnerabilities/mass_assignment_spec.rb
index f7ab73d..b1cde1b 100644
--- a/spec/vulnerabilities/mass_assignment_spec.rb
+++ b/spec/vulnerabilities/mass_assignment_spec.rb
@@ -1,37 +1,38 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'mass assignment' do
+feature "mass assignment" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
- scenario 'attack one' do
+ scenario "attack one" do
expect(@normal_user.admin).to be_falsey
login(@normal_user)
- params = {:user => {:admin => 't',
- :user_id => @normal_user.user_id,
- :password => @normal_user.clear_password,
- :password_confirmation => @normal_user.clear_password}}
+ params = {user: {admin: "t",
+ user_id: @normal_user.user_id,
+ password: @normal_user.clear_password,
+ password_confirmation: @normal_user.clear_password}}
page.driver.put "/users/#{@normal_user.user_id}.json", params
pending if verifying_fixed?
expect(@normal_user.reload.admin).to be_truthy
end
- scenario 'attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role' do
- params = {:user => {:admin => 't',
- :email => 'hackety@h4x0rs.c0m',
- :first_name => 'hackety',
- :last_name => 'hax',
- :password => 'foobarewe',
- :password_confirmation => 'foobarewe'}}
- page.driver.post '/users', params
+ scenario "attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role" do
+ params = {user: {admin: "t",
+ email: "hackety@h4x0rs.c0m",
+ first_name: "hackety",
+ last_name: "hax",
+ password: "foobarewe",
+ password_confirmation: "foobarewe"}}
+ page.driver.post "/users", params
pending if verifying_fixed?
- expect(User.last.email).to eq('hackety@h4x0rs.c0m')
+ expect(User.last.email).to eq("hackety@h4x0rs.c0m")
expect(User.last.admin).to be_truthy
end
end
diff --git a/spec/vulnerabilities/password_complexity_spec.rb b/spec/vulnerabilities/password_complexity_spec.rb
index 7889510..5a2bf7c 100644
--- a/spec/vulnerabilities/password_complexity_spec.rb
+++ b/spec/vulnerabilities/password_complexity_spec.rb
@@ -1,22 +1,23 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'password complexity' do
+feature "password complexity" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity" do
- visit '/signup'
- within('.signup') do
- fill_in 'user_email', :with => @normal_user.email + 'not'
- fill_in 'user_first_name', :with => @normal_user.first_name
- fill_in 'user_last_name', :with => @normal_user.last_name + 'not'
- fill_in 'user_password', :with => 'password'
- fill_in 'user_password_confirmation', :with => 'password'
+ visit "/signup"
+ within(".signup") do
+ fill_in "user_email", with: @normal_user.email + "not"
+ fill_in "user_first_name", with: @normal_user.first_name
+ fill_in "user_last_name", with: @normal_user.last_name + "not"
+ fill_in "user_password", with: "password"
+ fill_in "user_password_confirmation", with: "password"
end
- click_on 'Submit'
+ click_on "Submit"
pending if verifying_fixed?
- expect(current_path).to eq('/dashboard/home')
+ expect(current_path).to eq("/dashboard/home")
end
end
diff --git a/spec/vulnerabilities/password_hashing_spec.rb b/spec/vulnerabilities/password_hashing_spec.rb
index ee54232..d438409 100644
--- a/spec/vulnerabilities/password_hashing_spec.rb
+++ b/spec/vulnerabilities/password_hashing_spec.rb
@@ -1,13 +1,14 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'improper password hashing' do
+feature "improper password hashing" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario "with just md5\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage" do
- new_pass = 'testPassw0rd!'
+ new_pass = "testPassw0rd!"
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
diff --git a/spec/vulnerabilities/sensitive_data_exposure.rb b/spec/vulnerabilities/sensitive_data_exposure.rb
index 1c5de0f..3811aef 100644
--- a/spec/vulnerabilities/sensitive_data_exposure.rb
+++ b/spec/vulnerabilities/sensitive_data_exposure.rb
@@ -1,10 +1,11 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'sensitive data exposure' do
+feature "sensitive data exposure" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
- @normal_user.work_info.update_attribute(:SSN, '999-99-9999')
+ @normal_user.work_info.update_attribute(:SSN, "999-99-9999")
end
# this won't work with javascript_driver, as it'll apply the javascript
@@ -14,6 +15,6 @@ feature 'sensitive data exposure' do
visit "/users/#{@normal_user.user_id}/work_info"
pending if verifying_fixed?
- expect(page.source).to include '999-99-9999'
+ expect(page.source).to include "999-99-9999"
end
end
diff --git a/spec/vulnerabilities/sql_injection_spec.rb b/spec/vulnerabilities/sql_injection_spec.rb
index 6426b13..326a970 100644
--- a/spec/vulnerabilities/sql_injection_spec.rb
+++ b/spec/vulnerabilities/sql_injection_spec.rb
@@ -1,6 +1,7 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'sql injection' do
+feature "sql injection" do
before(:each) do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
@@ -13,19 +14,19 @@ feature 'sql injection' do
login(@normal_user)
visit "/users/#{@normal_user.user_id}/account_settings"
- within('#account_edit') do
- fill_in 'Email', :with => 'joe.admin@schmoe.com'
- fill_in 'user_password', :with => 'H4cketyhack'
- fill_in 'user_password_confirmation', :with => 'H4cketyhack'
+ within("#account_edit") do
+ fill_in "Email", with: "joe.admin@schmoe.com"
+ fill_in "user_password", with: "H4cketyhack"
+ fill_in "user_password_confirmation", with: "H4cketyhack"
# this is a hidden field, so cannot use fill_in to access it.
- find(:xpath, "//input[@id='user_user_id']", :visible => false).set "8' OR admin='t') --"
+ find(:xpath, "//input[@id='user_user_id']", visible: false).set "8' OR admin='t') --"
end
- click_on 'Submit'
+ click_on "Submit"
pending if verifying_fixed?
@admin_user = User.where("admin='t'").first
- expect(@admin_user.email).to eq('joe.admin@schmoe.com')
+ expect(@admin_user.email).to eq("joe.admin@schmoe.com")
expect(@admin_user.admin).to eq(true)
end
@@ -35,8 +36,8 @@ feature 'sql injection' do
visit "/admin/1/analytics"
- within('#analytics_search') do
- fill_in 'ip', :with => '::1'
+ within("#analytics_search") do
+ fill_in "ip", with: "::1"
check "field_user_agent"
payload = "(select group_concat(password) from users where admin='t')"
diff --git a/spec/vulnerabilities/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb
index d36fd27..8e45a36 100644
--- a/spec/vulnerabilities/unvalidated_redirects_spec.rb
+++ b/spec/vulnerabilities/unvalidated_redirects_spec.rb
@@ -1,21 +1,22 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'unvalidated redirect' do
+feature "unvalidated redirect" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
- scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", :js => true do
- visit '/?url=http://example.com/do/evil/things'
- within('.signup') do
- fill_in 'email', :with => @normal_user.email
- fill_in 'password', :with => @normal_user.clear_password
+ scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", js: true do
+ visit "/?url=http://example.com/do/evil/things"
+ within(".signup") do
+ fill_in "email", with: @normal_user.email
+ fill_in "password", with: @normal_user.clear_password
end
- within('.actions') do
- click_on 'Login'
+ within(".actions") do
+ click_on "Login"
end
pending if verifying_fixed?
- expect(current_url).to eq('http://example.com/do/evil/things')
+ expect(current_url).to eq("http://example.com/do/evil/things")
end
end
diff --git a/spec/vulnerabilities/url_access_spec.rb b/spec/vulnerabilities/url_access_spec.rb
index 0a42d46..b8f73e9 100644
--- a/spec/vulnerabilities/url_access_spec.rb
+++ b/spec/vulnerabilities/url_access_spec.rb
@@ -1,16 +1,17 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'url access' do
+feature "url access" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
- scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)", :js => true do
+ scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)", js: true do
login @normal_user
- visit '/admin/1/dashboard'
+ visit "/admin/1/dashboard"
pending if verifying_fixed?
- expect(current_path).to eq('/admin/1/dashboard')
+ expect(current_path).to eq("/admin/1/dashboard")
end
end
diff --git a/spec/vulnerabilities/xss_spec.rb b/spec/vulnerabilities/xss_spec.rb
index 851a834..3a1ef4d 100644
--- a/spec/vulnerabilities/xss_spec.rb
+++ b/spec/vulnerabilities/xss_spec.rb
@@ -1,30 +1,31 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
-feature 'xss' do
+feature "xss" do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
- scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting", :js => true do
+ scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting", js: true do
login @normal_user
visit "/users/#{@normal_user.user_id}/account_settings"
- within('#account_edit') do
- fill_in 'First name', :with => ""
+ within("#account_edit") do
+ fill_in "First name", with: ""
# password gets screwed up if you don't re-submit - need to fix
- fill_in 'user_password', :with => @normal_user.clear_password
- fill_in 'user_password_confirmation', :with => @normal_user.clear_password
+ fill_in "user_password", with: @normal_user.clear_password
+ fill_in "user_password_confirmation", with: @normal_user.clear_password
end
- click_on 'Submit'
+ click_on "Submit"
sleep(1)
visit "/users/#{@normal_user.user_id}/account_settings"
pending if verifying_fixed?
- expect(find('#submit_button').value).to eq('RailsGoat h4x0r3d')
+ expect(find("#submit_button").value).to eq("RailsGoat h4x0r3d")
# might be nice to demonstrate posting cookie contents or somesuch, but
# this at least shows the vulnerability still exists.