Merge pull request #492 from OWASP/fix/remaining-css-selector-issues

Fix remaining CSS selector and form field issues from UI/UX overhaul

spec/support/capybara_shared.rb

@@ -39,7 +39,7 @@ def login(user)
   visit "/"
   fill_in "email", with: user.email
   fill_in "password", with: user.clear_password
-  click_button "Login"
+  find("input[type='submit'][value='Login']").click
 end
 
 # Configure Selenium with headless Chrome for JavaScript testing

spec/vulnerabilities/broken_auth_spec.rb

@@ -14,26 +14,18 @@ feature "broken_auth" do
     wrong_email = normal_user.email + "not"
 
     visit "/"
-    within(".signup") do
     fill_in "email", with: wrong_email
     fill_in "password", with: normal_user.clear_password
-    end
+    find("input[type='submit'][value='Login']").click
-    within(".actions") do
-      click_on "Login"
-    end
 
     expect(find("div#flash_notice").text).not_to include(wrong_email)
   end
 
   scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
     visit "/"
-    within(".signup") do
     fill_in "email", with: normal_user.email
     fill_in "password", with: normal_user.clear_password + "not"
-    end
+    find("input[type='submit'][value='Login']").click
-    within(".actions") do
-      click_on "Login"
-    end
 
     expect(find("div#flash_notice").text).not_to include("Incorrect Password!")
   end

spec/vulnerabilities/password_complexity_spec.rb

@@ -13,14 +13,12 @@ feature "password complexity" do
     new_user_email = normal_user.email + "two"
 
     visit "/signup"
-    within(".signup") do
+    fill_in "email", with: new_user_email
-      fill_in "user_email", with: new_user_email
+    fill_in "first_name", with: normal_user.first_name
-      fill_in "user_first_name", with: normal_user.first_name
+    fill_in "last_name", with: normal_user.last_name + "not"
-      fill_in "user_last_name", with: normal_user.last_name + "not"
+    fill_in "password", with: "password"
-      fill_in "user_password", with: "password"
+    fill_in "password_confirmation", with: "password"
-      fill_in "user_password_confirmation", with: "password"
+    click_on "Create Account"
-    end
-    click_on "Submit"
 
     expect(User.find_by(email: new_user_email)).to be_nil
     expect(current_path).to eq("/signup")

spec/vulnerabilities/unvalidated_redirects_spec.rb

@@ -12,13 +12,9 @@ feature "unvalidated redirect" do
 
   scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", js: true do
     visit "/?url=http://example.com/do/evil/things"
-    within(".signup") do
     fill_in "email", with: normal_user.email
     fill_in "password", with: normal_user.clear_password
-    end
+    find("input[type='submit'][value='Login']").click
-    within(".actions") do
-      click_on "Login"
-    end
 
     expect(current_url).to start_with("http://127.0.0.1")
     expect(current_path).to eq("/dashboard/home")