diff --git a/.gitignore b/.gitignore
index faea331..86eb146 100755
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@
coverage
.tags
/.vagrant
+/vendor/ruby
diff --git a/Gemfile b/Gemfile
index 3539b41..92e07c0 100755
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
source 'https://rubygems.org'
#don't upgrade
-gem 'rails', '3.2.21'
+gem 'rails', '4.0.10'
ruby '2.1.5'
@@ -44,15 +44,14 @@ end
# Gems used only for assets and not required
# in production environments by default.
-group :assets do
- gem 'sass-rails'
- gem 'coffee-rails'
- gem 'jquery-fileupload-rails'
- # See https://github.com/sstephenson/execjs#readme for more supported runtimes
- # gem 'therubyracer', :platforms => :ruby
+gem 'sass-rails'
+gem 'coffee-rails'
+gem 'jquery-fileupload-rails'
+gem 'uglifier'
+gem 'turbolinks' # New for Rails 4.0
- gem 'uglifier'
-end
+# See https://github.com/sstephenson/execjs#readme for more supported runtimes
+# gem 'therubyracer', :platforms => :ruby
gem 'jquery-rails'
@@ -84,3 +83,9 @@ gem 'therubyracer'
# Add SMTP server support using MailCatcher
gem 'mailcatcher'
+
+#For Rails 4.0
+#group :doc do
+# # bundle exec rake doc:rails generates the API under doc/api.
+# gem 'sdoc', require: false
+#end
diff --git a/Gemfile.lock b/Gemfile.lock
index 06e1b20..b7d279e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,35 +1,32 @@
GEM
remote: https://rubygems.org/
specs:
- actionmailer (3.2.21)
- actionpack (= 3.2.21)
- mail (~> 2.5.4)
- actionpack (3.2.21)
- activemodel (= 3.2.21)
- activesupport (= 3.2.21)
- builder (~> 3.0.0)
+ actionmailer (4.0.10)
+ actionpack (= 4.0.10)
+ mail (~> 2.5, >= 2.5.4)
+ actionpack (4.0.10)
+ activesupport (= 4.0.10)
+ builder (~> 3.1.0)
erubis (~> 2.7.0)
- journey (~> 1.0.4)
- rack (~> 1.4.5)
- rack-cache (~> 1.2)
- rack-test (~> 0.6.1)
- sprockets (~> 2.2.1)
- activemodel (3.2.21)
- activesupport (= 3.2.21)
- builder (~> 3.0.0)
- activerecord (3.2.21)
- activemodel (= 3.2.21)
- activesupport (= 3.2.21)
- arel (~> 3.0.2)
- tzinfo (~> 0.3.29)
- activeresource (3.2.21)
- activemodel (= 3.2.21)
- activesupport (= 3.2.21)
- activesupport (3.2.21)
- i18n (~> 0.6, >= 0.6.4)
- multi_json (~> 1.0)
+ rack (~> 1.5.2)
+ rack-test (~> 0.6.2)
+ activemodel (4.0.10)
+ activesupport (= 4.0.10)
+ builder (~> 3.1.0)
+ activerecord (4.0.10)
+ activemodel (= 4.0.10)
+ activerecord-deprecated_finders (~> 1.0.2)
+ activesupport (= 4.0.10)
+ arel (~> 4.0.0)
+ activerecord-deprecated_finders (1.0.3)
+ activesupport (4.0.10)
+ i18n (~> 0.6, >= 0.6.9)
+ minitest (~> 4.2)
+ multi_json (~> 1.3)
+ thread_safe (~> 0.1)
+ tzinfo (~> 0.3.37)
addressable (2.3.6)
- arel (3.0.3)
+ arel (4.0.2)
aruba (0.5.4)
childprocess (>= 0.3.6)
cucumber (>= 1.1.1)
@@ -52,7 +49,7 @@ GEM
sass (~> 3.0)
slim (>= 1.3.6, < 3.0)
terminal-table (~> 1.4)
- builder (3.0.4)
+ builder (3.1.4)
bundler-audit (0.3.1)
bundler (~> 1.2)
thor (~> 0.18)
@@ -68,9 +65,9 @@ GEM
ffi (~> 1.0, >= 1.0.11)
cliver (0.3.2)
coderay (1.1.0)
- coffee-rails (3.2.2)
+ coffee-rails (4.1.0)
coffee-script (>= 2.2.0)
- railties (~> 3.2.0)
+ railties (>= 4.0.0, < 5.0)
coffee-script (2.3.0)
coffee-script-source
execjs
@@ -134,7 +131,6 @@ GEM
hitimes (1.2.2)
http_parser.rb (0.6.0)
i18n (0.7.0)
- journey (1.0.4)
jquery-fileupload-rails (0.4.1)
actionpack (>= 3.1)
railties (>= 3.1)
@@ -151,21 +147,22 @@ GEM
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
lumberjack (1.0.9)
- mail (2.5.4)
- mime-types (~> 1.16)
- treetop (~> 1.4.8)
- mailcatcher (0.5.12)
- activesupport (~> 3.0)
- eventmachine (~> 1.0.0)
- haml (>= 3.1, < 5)
- mail (~> 2.3)
- sinatra (~> 1.2)
- skinny (~> 0.2.3)
- sqlite3 (~> 1.3)
- thin (~> 1.5.0)
+ mail (2.6.3)
+ mime-types (>= 1.16, < 3)
+ mailcatcher (0.2.4)
+ eventmachine
+ haml
+ i18n
+ json
+ mail
+ sinatra
+ skinny (>= 0.1.2)
+ sqlite3-ruby
+ thin
method_source (0.8.2)
- mime-types (1.25.1)
+ mime-types (2.4.3)
mini_portile (0.5.3)
+ minitest (4.7.5)
multi_json (1.10.1)
multi_test (0.1.1)
mysql2 (0.3.17)
@@ -177,46 +174,37 @@ GEM
cliver (~> 0.3.1)
multi_json (~> 1.0)
websocket-driver (>= 0.2.0)
- polyglot (0.3.5)
powder (0.3.0)
thor (>= 0.11.5)
pry (0.10.1)
coderay (~> 1.1.0)
method_source (~> 0.8.1)
slop (~> 3.4)
- rack (1.4.5)
- rack-cache (1.2)
- rack (>= 0.4)
+ rack (1.5.2)
rack-livereload (0.3.15)
rack
rack-protection (1.5.3)
rack
- rack-ssl (1.3.4)
- rack
rack-test (0.6.2)
rack (>= 1.0)
- rails (3.2.21)
- actionmailer (= 3.2.21)
- actionpack (= 3.2.21)
- activerecord (= 3.2.21)
- activeresource (= 3.2.21)
- activesupport (= 3.2.21)
- bundler (~> 1.0)
- railties (= 3.2.21)
- railties (3.2.21)
- actionpack (= 3.2.21)
- activesupport (= 3.2.21)
- rack-ssl (~> 1.3.2)
+ rails (4.0.10)
+ actionmailer (= 4.0.10)
+ actionpack (= 4.0.10)
+ activerecord (= 4.0.10)
+ activesupport (= 4.0.10)
+ bundler (>= 1.3.0, < 2.0)
+ railties (= 4.0.10)
+ sprockets-rails (~> 2.0)
+ railties (4.0.10)
+ actionpack (= 4.0.10)
+ activesupport (= 4.0.10)
rake (>= 0.8.7)
- rdoc (~> 3.4)
- thor (>= 0.14.6, < 2.0)
+ thor (>= 0.18.1, < 2.0)
raindrops (0.13.0)
rake (10.4.2)
rb-fsevent (0.9.4)
rb-inotify (0.9.5)
ffi (>= 0.5.0)
- rdoc (3.12.2)
- json (~> 1.4)
ref (1.0.5)
rspec (2.14.1)
rspec-core (~> 2.14.0)
@@ -240,10 +228,12 @@ GEM
ruby_parser (3.5.0)
sexp_processor (~> 4.1)
sass (3.4.9)
- sass-rails (3.2.6)
- railties (~> 3.2.0)
- sass (>= 3.1.10)
- tilt (~> 1.3)
+ sass-rails (5.0.0)
+ railties (>= 4.0.0, < 5.0)
+ sass (~> 3.1)
+ sprockets (>= 2.8, < 4.0)
+ sprockets-rails (>= 2.0, < 4.0)
+ tilt (~> 1.1)
sexp_processor (4.4.4)
simplecov (0.9.1)
docile (~> 1.1.0)
@@ -261,12 +251,18 @@ GEM
temple (~> 0.6.9)
tilt (>= 1.3.3, < 2.1)
slop (3.6.0)
- sprockets (2.2.3)
+ sprockets (2.12.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
+ sprockets-rails (2.2.2)
+ actionpack (>= 3.0)
+ activesupport (>= 3.0)
+ sprockets (>= 2.8, < 4.0)
sqlite3 (1.3.10)
+ sqlite3-ruby (1.3.3)
+ sqlite3 (>= 1.3.3)
temple (0.6.10)
terminal-table (1.4.5)
therubyracer (0.12.1)
@@ -277,15 +273,15 @@ GEM
eventmachine (>= 0.12.6)
rack (>= 1.0.0)
thor (0.19.1)
+ thread_safe (0.3.4)
tilt (1.4.1)
timers (4.0.1)
hitimes
travis-lint (2.0.0)
json
- treetop (1.4.15)
- polyglot
- polyglot (>= 0.3.1)
trollop (2.0)
+ turbolinks (2.5.3)
+ coffee-rails
tzinfo (0.3.42)
uglifier (2.6.0)
execjs (>= 0.3.0)
@@ -329,7 +325,7 @@ DEPENDENCIES
powder
pry
rack-livereload
- rails (= 3.2.21)
+ rails (= 4.0.10)
rb-fsevent
rspec-rails (= 2.14.2)
sass-rails
@@ -337,5 +333,6 @@ DEPENDENCIES
sqlite3
therubyracer
travis-lint
+ turbolinks
uglifier
unicorn
diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
index 902f1e8..f58ec86 100755
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -12,6 +12,7 @@
//
//= require jquery
//= require jquery_ujs
+//= require turbolinks
//= require wysiwyg/wysihtml5-0.3.0.js
//= require jquery.min.js
//= require jquery.scrollUp.js
@@ -31,6 +32,7 @@
//= require jsapi
//= html5.js
+
function rubyCodeFormat() {
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 055e9c5..62c228a 100755
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -1,5 +1,5 @@
class AdminController < ApplicationController
- before_filter :administrative, :if => :admin_param, :except => [:get_user]
+ before_action :administrative, :if => :admin_param, :except => [:get_user]
skip_before_filter :has_info
def dashboard
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 3a58ed4..c8393dd 100755
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,9 +1,11 @@
class ApplicationController < ActionController::Base
- before_filter :authenticated, :has_info, :create_analytic, :mailer_options
+ before_action :authenticated, :has_info, :create_analytic, :mailer_options
helper_method :current_user, :is_admin?, :sanitize_font
# Our security guy keep talking about sea-surfing, cool story bro.
- # protect_from_forgery
+ # Prevent CSRF attacks by raising an exception.
+ # For APIs, you may want to use :null_session instead.
+ #protect_from_forgery with: :exception
private
diff --git a/vendor/plugins/.gitkeep b/app/controllers/concerns/.keep
old mode 100755
new mode 100644
similarity index 100%
rename from vendor/plugins/.gitkeep
rename to app/controllers/concerns/.keep
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index 83b992c..e657297 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -33,4 +33,10 @@ class MessagesController < ApplicationController
end
end
end
-end
\ No newline at end of file
+
+ private
+
+ def message_params
+ params.require(:message).permit(:creator_id, :message, :read, :receiver_id)
+ end
+end
diff --git a/app/controllers/schedule_controller.rb b/app/controllers/schedule_controller.rb
index 65caa2e..d940a9d 100644
--- a/app/controllers/schedule_controller.rb
+++ b/app/controllers/schedule_controller.rb
@@ -4,7 +4,7 @@ class ScheduleController < ApplicationController
message = false
if params[:schedule][:event_type] == "pto"
- sched = Schedule.new(params[:schedule])
+ sched = Schedule.new(schedule_params)
sched.date_begin, sched.date_end = format_schedule_date(params[:date_range1])
sched.user_id = current_user.user_id
a = sched.date_end
@@ -56,4 +56,10 @@ class ScheduleController < ApplicationController
end
return vals
end
+
+ private
+
+ def schedule_params
+ params.require(:schedule).permit(:date_begin, :date_end, :event_desc, :event_name, :event_type)
+ end
end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1fb5d4a..5d812df 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -7,7 +7,7 @@ class UsersController < ApplicationController
end
def create
- user = User.new(params[:user])
+ user = User.new(user_params)
user.build_benefits_data
if user.save
session[:user_id] = user.user_id
@@ -31,11 +31,12 @@ class UsersController < ApplicationController
# Still an Insecure DoR vulnerability
#user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
- user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+ # user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+ user = User.where("user_id = '#{params[:user][:user_id]}'").first
if user
user.skip_user_id_assign = true
user.skip_hash_password = true
- user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
+ user.update_attributes(user_params_without_password)
if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
user.skip_hash_password = false
user.password = params[:user][:password]
@@ -50,4 +51,15 @@ class UsersController < ApplicationController
redirect_to user_account_settings_path(:user_id => current_user.user_id)
end
end
+
+ private
+
+ def user_params
+ params.require(:user).permit(:email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation)
+ end
+
+ # unpermitted attributes are ignored in production
+ def user_params_without_password
+ params.require(:user).permit(:email, :admin, :first_name, :last_name)
+ end
end
diff --git a/app/models/analytics.rb b/app/models/analytics.rb
index 2d9fbe5..d84e777 100644
--- a/app/models/analytics.rb
+++ b/app/models/analytics.rb
@@ -1,6 +1,4 @@
class Analytics < ActiveRecord::Base
- attr_accessible :ip_address, :referrer, :user_agent
-
scope :hits_by_ip, ->(ip,col="*") { select("#{col}").where(:ip_address => ip).order("id DESC")}
def self.count_by_col(col)
diff --git a/app/models/benefits.rb b/app/models/benefits.rb
index 144a2f4..4deae64 100644
--- a/app/models/benefits.rb
+++ b/app/models/benefits.rb
@@ -1,5 +1,4 @@
class Benefits < ActiveRecord::Base
- attr_accessor :backup
def self.save(file, backup=false)
data_path = Rails.root.join("public", "data")
diff --git a/app/models/concerns/.keep b/app/models/concerns/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/app/models/key_management.rb b/app/models/key_management.rb
index 70adbd1..7188efa 100644
--- a/app/models/key_management.rb
+++ b/app/models/key_management.rb
@@ -1,5 +1,4 @@
class KeyManagement < ActiveRecord::Base
- attr_accessible :iv, :user_id
belongs_to :work_info
belongs_to :user
end
diff --git a/app/models/message.rb b/app/models/message.rb
index 12aaaba..7de4c26 100644
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -1,6 +1,5 @@
class Message < ActiveRecord::Base
belongs_to :user
- attr_accessible :creator_id, :message, :read, :receiver_id
validates_presence_of :creator_id, :receiver_id, :message
def creator_name
diff --git a/app/models/paid_time_off.rb b/app/models/paid_time_off.rb
index 409d355..c398f77 100644
--- a/app/models/paid_time_off.rb
+++ b/app/models/paid_time_off.rb
@@ -1,5 +1,4 @@
class PaidTimeOff < ActiveRecord::Base
- attr_accessible :pto_earned, :pto_taken, :sick_days_earned, :sick_days_taken
belongs_to :user
has_many :schedule, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
diff --git a/app/models/pay.rb b/app/models/pay.rb
index 2218d11..7a35563 100644
--- a/app/models/pay.rb
+++ b/app/models/pay.rb
@@ -1,7 +1,4 @@
class Pay < ActiveRecord::Base
- # mass-assignable attributes
- attr_accessible :bank_account_num, :bank_routing_num, :percent_of_deposit
-
# Associations
belongs_to :user
diff --git a/app/models/performance.rb b/app/models/performance.rb
index 73f25c1..5dfad88 100644
--- a/app/models/performance.rb
+++ b/app/models/performance.rb
@@ -1,5 +1,4 @@
class Performance < ActiveRecord::Base
- attr_accessible :comments, :date_submitted, :reviewer, :score
belongs_to :user
def reviewer_name
diff --git a/app/models/retirement.rb b/app/models/retirement.rb
index 47048a0..c3c981c 100644
--- a/app/models/retirement.rb
+++ b/app/models/retirement.rb
@@ -1,4 +1,3 @@
class Retirement < ActiveRecord::Base
- attr_accessible :employee_contrib, :employer_contrib, :total
belongs_to :user
end
diff --git a/app/models/schedule.rb b/app/models/schedule.rb
index fc66df7..6692c27 100644
--- a/app/models/schedule.rb
+++ b/app/models/schedule.rb
@@ -1,5 +1,4 @@
class Schedule < ActiveRecord::Base
- attr_accessible :date_begin, :date_end, :event_desc, :event_name, :event_type
belongs_to :paid_time_off
validates_presence_of :date_begin, :date_end, :event_desc, :event_name, :event_type
diff --git a/app/models/user.rb b/app/models/user.rb
index 9c5cc7f..263b56d 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,7 +1,6 @@
require 'encryption'
class User < ActiveRecord::Base
- attr_accessible :email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation
validates :password, :presence => true,
:confirmation => true,
:length => {:within => 6..40},
diff --git a/app/models/work_info.rb b/app/models/work_info.rb
index 2816dfa..9484803 100644
--- a/app/models/work_info.rb
+++ b/app/models/work_info.rb
@@ -1,5 +1,4 @@
class WorkInfo < ActiveRecord::Base
- attr_accessible :DoB, :SSN, :bonuses, :income, :years_worked
belongs_to :user
has_one :key_management, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
#before_save :encrypt_ssn
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 03fed5d..cd37348 100755
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -2,8 +2,8 @@
RailsGoat
- <%= stylesheet_link_tag "application", :media => "all" %>
- <%= javascript_include_tag "application" %>
+ <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %>
+ <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
<%= csrf_meta_tags %>
<%
diff --git a/config.ru b/config.ru
index bee68f6..5bc2a61 100755
--- a/config.ru
+++ b/config.ru
@@ -1,4 +1,4 @@
# This file is used by Rack-based servers to start the application.
require ::File.expand_path('../config/environment', __FILE__)
-run Railsgoat::Application
+run Rails.application
diff --git a/config/application.rb b/config/application.rb
index 25ef3f4..ce5141a 100755
--- a/config/application.rb
+++ b/config/application.rb
@@ -2,12 +2,9 @@ require File.expand_path('../boot', __FILE__)
require 'rails/all'
-if defined?(Bundler)
- # If you precompile assets before deploying to production, use this line
- Bundler.require(*Rails.groups(:assets => %w(development test mysql)))
- # If you want your assets lazily compiled in production, use this line
- # Bundler.require(:default, :assets, Rails.env)
-end
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(:default, Rails.env)
module Railsgoat
class Application < Rails::Application
@@ -47,12 +44,6 @@ module Railsgoat
# like if you have constraints or database-specific column types
# config.active_record.schema_format = :sql
- # Enforce whitelist mode for mass assignment.
- # This will create an empty whitelist of attributes available for mass-assignment for all models
- # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
- # parameters by using an attr_accessible or attr_protected declaration.
- config.active_record.whitelist_attributes = false
-
# Enable the asset pipeline
config.assets.enabled = true
diff --git a/config/boot.rb b/config/boot.rb
index 4489e58..3596736 100755
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,5 +1,3 @@
-require 'rubygems'
-
# Set up gems listed in the Gemfile.
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
diff --git a/config/environment.rb b/config/environment.rb
index 64c26bc..e3ae560 100755
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -1,5 +1,5 @@
-# Load the rails application
+# Load the Rails application.
require File.expand_path('../application', __FILE__)
-# Initialize the rails application
+# Initialize the Rails application.
Railsgoat::Application.initialize!
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 1c25474..45fc75d 100755
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -9,11 +9,11 @@ Railsgoat::Application.configure do
# Log error messages when you accidentally call methods on nil.
config.whiny_nils = true
- # Show full error reports and disable caching
+ # Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
- # Don't care if the mailer can't send
+ # Don't care if the mailer can't send.
config.action_mailer.raise_delivery_errors = false
# Print deprecation notices to the Rails logger
@@ -22,9 +22,6 @@ Railsgoat::Application.configure do
# Only use best-standards-support built into browsers
config.action_dispatch.best_standards_support = :builtin
- # Raise exception on mass assignment protection for Active Record models
- config.active_record.mass_assignment_sanitizer = :strict
-
# Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL)
config.active_record.auto_explain_threshold_in_seconds = 0.5
@@ -35,7 +32,9 @@ Railsgoat::Application.configure do
# Do not compress assets
config.assets.compress = false
- # Expands the lines which load the assets
+ # Debug mode disables concatenation and preprocessing of assets.
+ # This option may cause significant delays in view rendering with a large
+ # number of complex assets.
config.assets.debug = true
# ActionMailer settings for email support
@@ -50,4 +49,10 @@ Railsgoat::Application.configure do
:host => 'railsgoat.dev',
:ignore => [ %r{dont/modify\.html$} ]
)
+
+ # For Rails 4.0+: Do not eager load code on boot.
+ config.eager_load = false
+
+ # For Rails 4.0+: Raise an error on page load if there are pending migrations
+ config.active_record.migration_error = :page_load
end
diff --git a/config/environments/mysql.rb b/config/environments/mysql.rb
index 9ff11cf..04ffd34 100755
--- a/config/environments/mysql.rb
+++ b/config/environments/mysql.rb
@@ -22,9 +22,6 @@ Railsgoat::Application.configure do
# Only use best-standards-support built into browsers
config.action_dispatch.best_standards_support = :builtin
- # Raise exception on mass assignment protection for Active Record models
- config.active_record.mass_assignment_sanitizer = :strict
-
# Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL)
config.active_record.auto_explain_threshold_in_seconds = 0.5
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 5917335..69cf20b 100755
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -1,37 +1,50 @@
Railsgoat::Application.configure do
# Settings specified here will take precedence over those in config/application.rb
- # Code is not reloaded between requests
+ # Code is not reloaded between requests.
config.cache_classes = true
- # Full error reports are disabled and caching is turned on
+ # Full error reports are disabled and caching is turned on.
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
- # Disable Rails's static asset server (Apache or nginx will already do this)
+ # Enable Rack::Cache to put a simple HTTP cache in front of your application
+ # Add `rack-cache` to your Gemfile before enabling this.
+ # For large-scale production use, consider using a caching
+ # reverse proxy like nginx, varnish or squid.
+ # config.action_dispatch.rack_cache = true
+
+ # Disable Rails's static asset server (Apache or nginx will already do this).
config.serve_static_assets = false
# Compress JavaScripts and CSS
config.assets.compress = true
- # Don't fallback to assets pipeline if a precompiled asset is missed
- config.assets.compile = true
+ # Compress JavaScripts and CSS.
+ config.assets.js_compressor = :uglifier
+ # config.assets.css_compressor = :sass
- # Generate digests for assets URLs
+ # Do not fallback to assets pipeline if a precompiled asset is missed.
+ config.assets.compile = true # default is false
+
+ # Generate digests for assets URLs.
config.assets.digest = true
+ # For Rails 4.0+: Version of your assets, change this if you want to expire all your assets.
+ config.assets.version = '1.0'
+
# Defaults to nil and saved in location specified by config.assets.prefix
# config.assets.manifest = YOUR_PATH
- # Specifies the header that your server uses for sending files
+ # Specifies the header that your server uses for sending files.
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
- # See everything in the log (default is :info)
- # config.log_level = :debug
+ # Set to :debug to see everything in the log.
+ config.log_level = :info
# Prepend all log lines with the following tags
# config.log_tags = [ :subdomain, :uuid ]
@@ -55,13 +68,45 @@ Railsgoat::Application.configure do
# config.threadsafe!
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
- # the I18n.default_locale when a translation can not be found)
+ # the I18n.default_locale when a translation can not be found).
config.i18n.fallbacks = true
- # Send deprecation notices to registered listeners
+ # Send deprecation notices to registered listeners.
config.active_support.deprecation = :notify
# Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL)
# config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+ # For Rails 4.0+: Eager load code on boot. This eager loads most of
+ # Rails and your application in memory, allowing both thread web
+ # servers and those relying on copy on write to perform better.
+ # Rake tasks automatically ignore this option for performance.
+ config.eager_load = true
+
+ # For Rails 4.0+: Use default logging formatter so that PID and timestamp are not suppressed.
+ config.log_formatter = ::Logger::Formatter.new
+
+ # For Rails 4.0+: Disable automatic flushing of the log to improve performance.
+ # config.autoflush_log = false
+
+ # Prepend all log lines with the following tags.
+ # config.log_tags = [ :subdomain, :uuid ]
+
+ # Use a different logger for distributed setups.
+ # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+ # Use a different cache store in production.
+ # config.cache_store = :mem_cache_store
+
+ # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+ # config.action_controller.asset_host = "http://assets.example.com"
+
+ # Precompile additional assets.
+ # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
+ # config.assets.precompile += %w( search.js )
+
+ # Ignore bad email addresses and do not raise email delivery errors.
+ # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+ # config.action_mailer.raise_delivery_errors = false
end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 71d265d..f63436d 100755
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -7,21 +7,18 @@ Railsgoat::Application.configure do
# and recreated between test runs. Don't rely on the data there!
config.cache_classes = true
- # Configure static asset server for tests with Cache-Control for performance
+ # Configure static asset server for tests with Cache-Control for performance.
config.serve_static_assets = true
config.static_cache_control = "public, max-age=3600"
- # Log error messages when you accidentally call methods on nil
- config.whiny_nils = true
-
- # Show full error reports and disable caching
+ # Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
- # Raise exceptions instead of rendering exception templates
+ # Raise exceptions instead of rendering exception templates.
config.action_dispatch.show_exceptions = false
- # Disable request forgery protection in test environment
+ # Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
# Tell Action Mailer not to deliver emails to the real world.
@@ -29,9 +26,12 @@ Railsgoat::Application.configure do
# ActionMailer::Base.deliveries array.
config.action_mailer.delivery_method = :test
- # Raise exception on mass assignment protection for Active Record models
- config.active_record.mass_assignment_sanitizer = :strict
-
- # Print deprecation notices to the stderr
+ # Print deprecation notices to the stderr.
config.active_support.deprecation = :stderr
+
+ # For Rails 4.0+
+ # Do not eager load code on boot. This avoids loading your whole application
+ # just for the purpose of running a single test. If you are using a tool that
+ # preloads Rails for running tests, you may have to set it to true.
+ config.eager_load = false
end
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
new file mode 100644
index 0000000..4a994e1
--- /dev/null
+++ b/config/initializers/filter_parameter_logging.rb
@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Rails.application.config.filter_parameters += [:password]
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
index 5d8d9be..ac033bf 100755
--- a/config/initializers/inflections.rb
+++ b/config/initializers/inflections.rb
@@ -1,15 +1,16 @@
# Be sure to restart your server when you modify this file.
-# Add new inflection rules using the following format
-# (all these examples are active by default):
-# ActiveSupport::Inflector.inflections do |inflect|
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
# inflect.plural /^(ox)$/i, '\1en'
# inflect.singular /^(ox)en/i, '\1'
# inflect.irregular 'person', 'people'
# inflect.uncountable %w( fish sheep )
# end
-#
+
# These inflection rules are supported but not enabled by default:
-# ActiveSupport::Inflector.inflections do |inflect|
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
# inflect.acronym 'RESTful'
# end
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index 1d9d83c..6bae38e 100755
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -5,3 +5,4 @@
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
Railsgoat::Application.config.secret_token = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4'
+Railsgoat::Application.config.secret_key_base = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4'
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 045db16..a60be40 100755
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,8 +1,3 @@
# Be sure to restart your server when you modify this file.
-Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session', httponly: false
-
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# Railsgoat::Application.config.session_store :active_record_store
+Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session'
diff --git a/config/initializers/strong_parameters.rb b/config/initializers/strong_parameters.rb
new file mode 100644
index 0000000..394c1f5
--- /dev/null
+++ b/config/initializers/strong_parameters.rb
@@ -0,0 +1 @@
+ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
diff --git a/config/initializers/wrap_parameters.rb b/config/initializers/wrap_parameters.rb
index 999df20..6835995 100755
--- a/config/initializers/wrap_parameters.rb
+++ b/config/initializers/wrap_parameters.rb
@@ -5,7 +5,7 @@
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
ActiveSupport.on_load(:action_controller) do
- wrap_parameters format: [:json]
+ wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
end
# Disable root element in JSON by default.
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 179c14c..0653957 100755
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1,5 +1,23 @@
-# Sample localization file for English. Add more files in this directory for other locales.
-# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+# I18n.t 'hello'
+#
+# In views, this is aliased to just `t`:
+#
+# <%= t('hello') %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+# I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# To learn more, please read the Rails Internationalization guide
+# available at http://guides.rubyonrails.org/i18n.html.
en:
hello: "Hello world"
diff --git a/config/routes.rb b/config/routes.rb
index 35ef733..7c1212a 100755
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,7 +3,7 @@ Railsgoat::Application.routes.draw do
get "login" => "sessions#new"
get "signup" => "users#new"
get "logout" => "sessions#destroy"
- match "forgot_password" => "password_resets#forgot_password"
+ get "forgot_password" => "password_resets#forgot_password"
get "password_resets" => "password_resets#confirm_token"
post "password_resets" => "password_resets#reset_password"
@@ -80,7 +80,7 @@ Railsgoat::Application.routes.draw do
get "dashboard"
get "get_user"
post "delete_user"
- put "update_user"
+ patch "update_user"
get "get_all_users"
get "analytics"
end
diff --git a/db/schema.rb b/db/schema.rb
index 705f2a3..a51d0db 100755
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20140804171756) do
+ActiveRecord::Schema.define(:version => 20140408185601) do
create_table "analytics", :force => true do |t|
t.string "ip_address"
diff --git a/public/404.html b/public/404.html
index 9a48320..a0daa0c 100755
--- a/public/404.html
+++ b/public/404.html
@@ -2,17 +2,48 @@
The page you were looking for doesn't exist (404)
-
@@ -22,5 +53,6 @@
The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.
+ If you are the application owner check the logs for more information.
diff --git a/public/422.html b/public/422.html
index 83660ab..fbb4b84 100755
--- a/public/422.html
+++ b/public/422.html
@@ -2,17 +2,48 @@
The change you wanted was rejected (422)
-
@@ -22,5 +53,6 @@
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
+ If you are the application owner check the logs for more information.
diff --git a/public/500.html b/public/500.html
index f3648a0..e9052d3 100755
--- a/public/500.html
+++ b/public/500.html
@@ -2,17 +2,48 @@
We're sorry, but something went wrong (500)
-
@@ -21,5 +52,6 @@
We're sorry, but something went wrong.
+ If you are the application owner check the logs for more information.