From 5dd05249ecb6667f3b7fa056b31e74a77093de7f Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@gmail.com>
Date: Mon, 5 Jan 2026 08:21:46 -0500
Subject: [PATCH] Fix remaining CSS selector and form field issues from UI/UX
 overhaul
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This addresses the remaining test failures @jasnow reported in issue #486.

Fixes:
1. Ambiguous Login button - Changed from click_button "Login" to
   find("input[type='submit'][value='Login']").click to specifically
   target the form submit button and avoid the header Login button

2. Fixed password_complexity_spec field names:
   - user_email → email
   - user_first_name → first_name
   - user_last_name → last_name
   - user_password → password
   - user_password_confirmation → password_confirmation
   - Submit → Create Account (correct button text)

3. Applied same selector fix to login helper in capybara_shared.rb

These changes complete the test suite fixes for the new UI that was
introduced in the file upload UX improvements.

Related: #486

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 spec/support/capybara_shared.rb               |  2 +-
 spec/vulnerabilities/broken_auth_spec.rb      | 20 ++++++-------------
 .../password_complexity_spec.rb               | 14 ++++++-------
 .../unvalidated_redirects_spec.rb             | 10 +++-------
 4 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/spec/support/capybara_shared.rb b/spec/support/capybara_shared.rb
index 1b8d218..c0c2082 100644
--- a/spec/support/capybara_shared.rb
+++ b/spec/support/capybara_shared.rb
@@ -39,7 +39,7 @@ def login(user)
   visit "/"
   fill_in "email", with: user.email
   fill_in "password", with: user.clear_password
-  click_button "Login"
+  find("input[type='submit'][value='Login']").click
 end
 
 # Configure Selenium with headless Chrome for JavaScript testing
diff --git a/spec/vulnerabilities/broken_auth_spec.rb b/spec/vulnerabilities/broken_auth_spec.rb
index 8a1f347..4a89b0f 100644
--- a/spec/vulnerabilities/broken_auth_spec.rb
+++ b/spec/vulnerabilities/broken_auth_spec.rb
@@ -14,26 +14,18 @@ feature "broken_auth" do
     wrong_email = normal_user.email + "not"
 
     visit "/"
-    within(".signup") do
-      fill_in "email", with: wrong_email
-      fill_in "password", with: normal_user.clear_password
-    end
-    within(".actions") do
-      click_on "Login"
-    end
+    fill_in "email", with: wrong_email
+    fill_in "password", with: normal_user.clear_password
+    find("input[type='submit'][value='Login']").click
 
     expect(find("div#flash_notice").text).not_to include(wrong_email)
   end
 
   scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
     visit "/"
-    within(".signup") do
-      fill_in "email", with: normal_user.email
-      fill_in "password", with: normal_user.clear_password + "not"
-    end
-    within(".actions") do
-      click_on "Login"
-    end
+    fill_in "email", with: normal_user.email
+    fill_in "password", with: normal_user.clear_password + "not"
+    find("input[type='submit'][value='Login']").click
 
     expect(find("div#flash_notice").text).not_to include("Incorrect Password!")
   end
diff --git a/spec/vulnerabilities/password_complexity_spec.rb b/spec/vulnerabilities/password_complexity_spec.rb
index 79da0a2..b1b4c6e 100644
--- a/spec/vulnerabilities/password_complexity_spec.rb
+++ b/spec/vulnerabilities/password_complexity_spec.rb
@@ -13,14 +13,12 @@ feature "password complexity" do
     new_user_email = normal_user.email + "two"
 
     visit "/signup"
-    within(".signup") do
-      fill_in "user_email", with: new_user_email
-      fill_in "user_first_name", with: normal_user.first_name
-      fill_in "user_last_name", with: normal_user.last_name + "not"
-      fill_in "user_password", with: "password"
-      fill_in "user_password_confirmation", with: "password"
-    end
-    click_on "Submit"
+    fill_in "email", with: new_user_email
+    fill_in "first_name", with: normal_user.first_name
+    fill_in "last_name", with: normal_user.last_name + "not"
+    fill_in "password", with: "password"
+    fill_in "password_confirmation", with: "password"
+    click_on "Create Account"
 
     expect(User.find_by(email: new_user_email)).to be_nil
     expect(current_path).to eq("/signup")
diff --git a/spec/vulnerabilities/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb
index 97b9627..724c256 100644
--- a/spec/vulnerabilities/unvalidated_redirects_spec.rb
+++ b/spec/vulnerabilities/unvalidated_redirects_spec.rb
@@ -12,13 +12,9 @@ feature "unvalidated redirect" do
 
   scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", js: true do
     visit "/?url=http://example.com/do/evil/things"
-    within(".signup") do
-      fill_in "email", with: normal_user.email
-      fill_in "password", with: normal_user.clear_password
-    end
-    within(".actions") do
-      click_on "Login"
-    end
+    fill_in "email", with: normal_user.email
+    fill_in "password", with: normal_user.clear_password
+    find("input[type='submit'][value='Login']").click
 
     expect(current_url).to start_with("http://127.0.0.1")
     expect(current_path).to eq("/dashboard/home")