clean up insecure_dor_spec
This commit is contained in:
Nicole Rifkin
@@ -22,11 +22,13 @@ feature "insecure direct object reference" do
|
||||
end
|
||||
|
||||
scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do
|
||||
login(normal_user)
|
||||
|
||||
expect(normal_user.id).not_to eq(another_user.id)
|
||||
|
||||
visit "/users/#{another_user.id}/work_info"
|
||||
|
||||
expect(first("td").text).not_to include(another_user.name)
|
||||
expect(first("td").text).to include(normal_user.name)
|
||||
expect(first("td").text).not_to include(another_user.full_name)
|
||||
expect(first("td").text).to include(normal_user.full_name)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user