team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes issue #24

Browse Source
This commit is contained in:
Ken Johnson
2013-06-10 16:25:14 -04:00
parent 56381fe318
commit 7b900bda2d
5 changed files with 120 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/tutorials_controller.rb
+4
View File
@@ -6,6 +6,10 @@ class TutorialsController < ApplicationController
def index def index
end end
def credentials
render :partial => "layouts/tutorial/credentials/creds"
end
def show def show
render "injection" render "injection"
end end
app/views/layouts/tutorial/_header.html.erb
+17 -2
View File
@@ -1,6 +1,5 @@
<!-- Want to use this template whether auth'd or not so I've got some code to determine how to render below --> <!-- Want to use this template whether auth'd or not so I've got some code to determine how to render below -->
<header> <header>
<% if not current_user %> <% if not current_user %>
<ul class="mini-nav"> <ul class="mini-nav">
<li> <li>
@@ -19,5 +18,21 @@
</li> </li>
</ul> </ul>
<% end %> <% end %>
<ul class="mini-nav">
<li>
<%= button_to "Tutorial Credentials", "#", {:id => "show_creds_btn", :class => "btn btn-danger", :method => "get"} %>
</li>
</ul>
</header> </header>
<div id="modal_div" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myAlert" aria-hidden="true">
</div>
<script type="text/javascript">
$('#show_creds_btn').click(function() {
$("#modal_div").load(<%= credentials_tutorials_path.inspect.html_safe %>);
$("#modal_div").modal("show");
});
</script>
app/views/layouts/tutorial/credentials/_creds.html.erb
+96
View File
@@ -0,0 +1,96 @@
<!-- Begin Modal -->
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">
×
</button>
<h4 id="myModalLabel1">
Application Credentials (Spoiler)
</h4>
</div>
<div class="modal-body">
<div class="row-fluid">
<div class="span8">
<p>Warning, this is a spoiler</p>
<p>Are you sure you want to see the credentials?</p>
<div id="creds_hidden" style="display:none">
<table class="table table-striped table-hover table-bordered pull-left" id="data-table">
<thead>
<tr>
<th>
Email
</th>
<th>
Password
</th>
</tr>
</thead>
<tbody>
<tr>
<td style="word-wrap:break-word;">
admin@metacorp.com
</td>
<td>
admin1234
</td>
</tr>
<tr>
<td style="word-wrap:break-word;">
jack@metacorp.com
</td>
<td>
yankeessuck
</td>
</tr>
<tr>
<td style="word-wrap:break-word;">
jim@metacorp.com
</td>
<td>
alohaowasp
</td>
</tr>
<tr>
<td style="word-wrap:break-word;">
mike@metacorp.com
</td>
<td>
motorcross1445
</td>
</tr>
<tr>
<td style="word-wrap:break-word;">
ken@metacorp.com
</td>
<td>
citrusblend
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="row-fluid">
</div>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">
Close
</button>
<button id="understood" class="btn btn-primary" aria-hidden="true">
I understand
</button>
</div>
<!-- End Modal -->
<script type="text/javascript">
$('#understood').click(function() {
$("#creds_hidden").show();
});
</script>
config/routes.rb
+1
View File
@@ -34,6 +34,7 @@ get "download" => "benefit_forms#download"
resources :tutorials do resources :tutorials do
collection do collection do
get "credentials"
get "injection" get "injection"
get "xss" get "xss"
get "broken_auth" get "broken_auth"
db/seeds.rb
+2 -1
View File
@@ -5,7 +5,8 @@
users = [ users = [
{ {
:email => "admin@metacorp.com", :email => "admin@metacorp.com",
:admin => true, :password => "admin1234", :admin => true,
:password => "admin1234",
:first_name => "Admin", :first_name => "Admin",
:last_name => "", :last_name => "",
:user_id =>1 :user_id =>1