Merge branch 'rails4'

2014-12-28 17:23:08 -05:00
parent 77f9150387 80e1ede02b
commit a0330cd323
52 changed files with 380 additions and 209 deletions
@@ -10,3 +10,4 @@
 coverage
 .tags
 /.vagrant
 /vendor/ruby
@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 #don't upgrade
-gem 'rails', '3.2.21'
+gem 'rails', '4.0.10'
 ruby '2.1.5'
@@ -44,15 +44,14 @@ end
 # Gems used only for assets and not required
 # in production environments by default.
-group :assets do
+gem 'sass-rails'
-  gem 'sass-rails'
+gem 'coffee-rails'
-  gem 'coffee-rails'
+gem 'jquery-fileupload-rails'
-  gem 'jquery-fileupload-rails'
+gem 'uglifier'
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
+gem 'turbolinks' # New for Rails 4.0
  # gem 'therubyracer', :platforms => :ruby
-  gem 'uglifier'
+# See https://github.com/sstephenson/execjs#readme for more supported runtimes
-end
+# gem 'therubyracer', :platforms => :ruby
 gem 'jquery-rails'
@@ -84,3 +83,9 @@ gem 'therubyracer'
 # Add SMTP server support using MailCatcher
 gem 'mailcatcher'
 #For Rails 4.0
 #group :doc do
 #  # bundle exec rake doc:rails generates the API under doc/api.
 #  gem 'sdoc', require: false
 #end
@@ -1,35 +1,32 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    actionmailer (3.2.21)
+    actionmailer (4.0.10)
-      actionpack (= 3.2.21)
+      actionpack (= 4.0.10)
-      mail (~> 2.5.4)
+      mail (~> 2.5, >= 2.5.4)
-    actionpack (3.2.21)
+    actionpack (4.0.10)
-      activemodel (= 3.2.21)
+      activesupport (= 4.0.10)
-      activesupport (= 3.2.21)
+      builder (~> 3.1.0)
      builder (~> 3.0.0)
      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
+      rack (~> 1.5.2)
-      rack (~> 1.4.5)
+      rack-test (~> 0.6.2)
-      rack-cache (~> 1.2)
+    activemodel (4.0.10)
-      rack-test (~> 0.6.1)
+      activesupport (= 4.0.10)
-      sprockets (~> 2.2.1)
+      builder (~> 3.1.0)
-    activemodel (3.2.21)
+    activerecord (4.0.10)
-      activesupport (= 3.2.21)
+      activemodel (= 4.0.10)
-      builder (~> 3.0.0)
+      activerecord-deprecated_finders (~> 1.0.2)
-    activerecord (3.2.21)
+      activesupport (= 4.0.10)
-      activemodel (= 3.2.21)
+      arel (~> 4.0.0)
-      activesupport (= 3.2.21)
+    activerecord-deprecated_finders (1.0.3)
-      arel (~> 3.0.2)
+    activesupport (4.0.10)
-      tzinfo (~> 0.3.29)
+      i18n (~> 0.6, >= 0.6.9)
-    activeresource (3.2.21)
+      minitest (~> 4.2)
-      activemodel (= 3.2.21)
+      multi_json (~> 1.3)
-      activesupport (= 3.2.21)
+      thread_safe (~> 0.1)
-    activesupport (3.2.21)
+      tzinfo (~> 0.3.37)
      i18n (~> 0.6, >= 0.6.4)
      multi_json (~> 1.0)
    addressable (2.3.6)
-    arel (3.0.3)
+    arel (4.0.2)
    aruba (0.5.4)
      childprocess (>= 0.3.6)
      cucumber (>= 1.1.1)
@@ -52,7 +49,7 @@ GEM
      sass (~> 3.0)
      slim (>= 1.3.6, < 3.0)
      terminal-table (~> 1.4)
-    builder (3.0.4)
+    builder (3.1.4)
    bundler-audit (0.3.1)
      bundler (~> 1.2)
      thor (~> 0.18)
@@ -68,9 +65,9 @@ GEM
      ffi (~> 1.0, >= 1.0.11)
    cliver (0.3.2)
    coderay (1.1.0)
-    coffee-rails (3.2.2)
+    coffee-rails (4.1.0)
      coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
+      railties (>= 4.0.0, < 5.0)
    coffee-script (2.3.0)
      coffee-script-source
      execjs
@@ -134,7 +131,6 @@ GEM
    hitimes (1.2.2)
    http_parser.rb (0.6.0)
    i18n (0.7.0)
    journey (1.0.4)
    jquery-fileupload-rails (0.4.1)
      actionpack (>= 3.1)
      railties (>= 3.1)
@@ -151,21 +147,22 @@ GEM
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
    lumberjack (1.0.9)
-    mail (2.5.4)
+    mail (2.6.3)
-      mime-types (~> 1.16)
+      mime-types (>= 1.16, < 3)
-      treetop (~> 1.4.8)
+    mailcatcher (0.2.4)
-    mailcatcher (0.5.12)
+      eventmachine
-      activesupport (~> 3.0)
+      haml
-      eventmachine (~> 1.0.0)
+      i18n
-      haml (>= 3.1, < 5)
+      json
-      mail (~> 2.3)
+      mail
-      sinatra (~> 1.2)
+      sinatra
-      skinny (~> 0.2.3)
+      skinny (>= 0.1.2)
-      sqlite3 (~> 1.3)
+      sqlite3-ruby
-      thin (~> 1.5.0)
+      thin
    method_source (0.8.2)
-    mime-types (1.25.1)
+    mime-types (2.4.3)
    mini_portile (0.5.3)
    minitest (4.7.5)
    multi_json (1.10.1)
    multi_test (0.1.1)
    mysql2 (0.3.17)
@@ -177,46 +174,37 @@ GEM
      cliver (~> 0.3.1)
      multi_json (~> 1.0)
      websocket-driver (>= 0.2.0)
    polyglot (0.3.5)
    powder (0.3.0)
      thor (>= 0.11.5)
    pry (0.10.1)
      coderay (~> 1.1.0)
      method_source (~> 0.8.1)
      slop (~> 3.4)
-    rack (1.4.5)
+    rack (1.5.2)
    rack-cache (1.2)
      rack (>= 0.4)
    rack-livereload (0.3.15)
      rack
    rack-protection (1.5.3)
      rack
    rack-ssl (1.3.4)
      rack
    rack-test (0.6.2)
      rack (>= 1.0)
-    rails (3.2.21)
+    rails (4.0.10)
-      actionmailer (= 3.2.21)
+      actionmailer (= 4.0.10)
-      actionpack (= 3.2.21)
+      actionpack (= 4.0.10)
-      activerecord (= 3.2.21)
+      activerecord (= 4.0.10)
-      activeresource (= 3.2.21)
+      activesupport (= 4.0.10)
-      activesupport (= 3.2.21)
+      bundler (>= 1.3.0, < 2.0)
-      bundler (~> 1.0)
+      railties (= 4.0.10)
-      railties (= 3.2.21)
+      sprockets-rails (~> 2.0)
-    railties (3.2.21)
+    railties (4.0.10)
-      actionpack (= 3.2.21)
+      actionpack (= 4.0.10)
-      activesupport (= 3.2.21)
+      activesupport (= 4.0.10)
      rack-ssl (~> 1.3.2)
      rake (>= 0.8.7)
-      rdoc (~> 3.4)
+      thor (>= 0.18.1, < 2.0)
      thor (>= 0.14.6, < 2.0)
    raindrops (0.13.0)
    rake (10.4.2)
    rb-fsevent (0.9.4)
    rb-inotify (0.9.5)
      ffi (>= 0.5.0)
    rdoc (3.12.2)
      json (~> 1.4)
    ref (1.0.5)
    rspec (2.14.1)
      rspec-core (~> 2.14.0)
@@ -240,10 +228,12 @@ GEM
    ruby_parser (3.5.0)
      sexp_processor (~> 4.1)
    sass (3.4.9)
-    sass-rails (3.2.6)
+    sass-rails (5.0.0)
-      railties (~> 3.2.0)
+      railties (>= 4.0.0, < 5.0)
-      sass (>= 3.1.10)
+      sass (~> 3.1)
-      tilt (~> 1.3)
+      sprockets (>= 2.8, < 4.0)
      sprockets-rails (>= 2.0, < 4.0)
      tilt (~> 1.1)
    sexp_processor (4.4.4)
    simplecov (0.9.1)
      docile (~> 1.1.0)
@@ -261,12 +251,18 @@ GEM
      temple (~> 0.6.9)
      tilt (>= 1.3.3, < 2.1)
    slop (3.6.0)
-    sprockets (2.2.3)
+    sprockets (2.12.3)
      hike (~> 1.2)
      multi_json (~> 1.0)
      rack (~> 1.0)
      tilt (~> 1.1, != 1.3.0)
    sprockets-rails (2.2.2)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      sprockets (>= 2.8, < 4.0)
    sqlite3 (1.3.10)
    sqlite3-ruby (1.3.3)
      sqlite3 (>= 1.3.3)
    temple (0.6.10)
    terminal-table (1.4.5)
    therubyracer (0.12.1)
@@ -277,15 +273,15 @@ GEM
      eventmachine (>= 0.12.6)
      rack (>= 1.0.0)
    thor (0.19.1)
    thread_safe (0.3.4)
    tilt (1.4.1)
    timers (4.0.1)
      hitimes
    travis-lint (2.0.0)
      json
    treetop (1.4.15)
      polyglot
      polyglot (>= 0.3.1)
    trollop (2.0)
    turbolinks (2.5.3)
      coffee-rails
    tzinfo (0.3.42)
    uglifier (2.6.0)
      execjs (>= 0.3.0)
@@ -329,7 +325,7 @@ DEPENDENCIES
  powder
  pry
  rack-livereload
-  rails (= 3.2.21)
+  rails (= 4.0.10)
  rb-fsevent
  rspec-rails (= 2.14.2)
  sass-rails
@@ -337,5 +333,6 @@ DEPENDENCIES
  sqlite3
  therubyracer
  travis-lint
  turbolinks
  uglifier
  unicorn
@@ -12,6 +12,7 @@
 //
 //= require jquery
 //= require jquery_ujs
 //= require turbolinks
 //= require wysiwyg/wysihtml5-0.3.0.js
 //= require jquery.min.js
 //= require jquery.scrollUp.js
@@ -31,6 +32,7 @@
 //= require jsapi
 //= html5.js
 function rubyCodeFormat() {
@@ -1,5 +1,5 @@
 class AdminController < ApplicationController
-  before_filter :administrative, :if => :admin_param, :except => [:get_user]
+  before_action :administrative, :if => :admin_param, :except => [:get_user]
  skip_before_filter :has_info
  def dashboard
@@ -1,9 +1,11 @@
 class ApplicationController < ActionController::Base
-  before_filter :authenticated, :has_info, :create_analytic, :mailer_options
+  before_action :authenticated, :has_info, :create_analytic, :mailer_options
  helper_method :current_user, :is_admin?, :sanitize_font
  # Our security guy keep talking about sea-surfing, cool story bro.
-  # protect_from_forgery
+  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  #protect_from_forgery with: :exception
  private
@@ -33,4 +33,10 @@ class MessagesController < ApplicationController
      end
    end
  end
-end
+
  private
  def message_params
    params.require(:message).permit(:creator_id, :message, :read, :receiver_id)
  end
 end
@@ -4,7 +4,7 @@ class ScheduleController < ApplicationController
    message = false
      if params[:schedule][:event_type] == "pto"
-        sched = Schedule.new(params[:schedule])
+        sched = Schedule.new(schedule_params)
        sched.date_begin, sched.date_end = format_schedule_date(params[:date_range1])
        sched.user_id = current_user.user_id
        a = sched.date_end
@@ -56,4 +56,10 @@ class ScheduleController < ApplicationController
   end
     return vals
  end
  private
  def schedule_params
    params.require(:schedule).permit(:date_begin, :date_end, :event_desc, :event_name, :event_type)
  end
 end
@@ -7,7 +7,7 @@ class UsersController < ApplicationController
  end
  def create
-    user = User.new(params[:user])
+    user = User.new(user_params)
    user.build_benefits_data
    if user.save
      session[:user_id] = user.user_id
@@ -31,11 +31,12 @@ class UsersController < ApplicationController
    # Still an Insecure DoR vulnerability
    #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
-    user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+    # user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
    user = User.where("user_id = '#{params[:user][:user_id]}'").first
    if user
      user.skip_user_id_assign = true
      user.skip_hash_password = true
-      user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
+      user.update_attributes(user_params_without_password)
      if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
        user.skip_hash_password = false
        user.password = params[:user][:password]
@@ -50,4 +51,15 @@ class UsersController < ApplicationController
      redirect_to user_account_settings_path(:user_id => current_user.user_id)
    end
  end
  private
  def user_params
    params.require(:user).permit(:email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation)
  end
  # unpermitted attributes are ignored in production
  def user_params_without_password
    params.require(:user).permit(:email, :admin, :first_name, :last_name)
  end
 end
@@ -1,6 +1,4 @@
 class Analytics < ActiveRecord::Base
  attr_accessible :ip_address, :referrer, :user_agent
  scope :hits_by_ip, ->(ip,col="*") { select("#{col}").where(:ip_address => ip).order("id DESC")}
  def self.count_by_col(col)
@@ -1,5 +1,4 @@
 class Benefits < ActiveRecord::Base
  attr_accessor :backup
  def self.save(file, backup=false)
    data_path = Rails.root.join("public", "data")
@@ -1,5 +1,4 @@
 class KeyManagement < ActiveRecord::Base
  attr_accessible :iv, :user_id
  belongs_to :work_info
  belongs_to :user
 end
@@ -1,6 +1,5 @@
 class Message < ActiveRecord::Base
  belongs_to :user
  attr_accessible :creator_id, :message, :read, :receiver_id
  validates_presence_of :creator_id, :receiver_id, :message
  def creator_name
@@ -1,5 +1,4 @@
 class PaidTimeOff < ActiveRecord::Base
  attr_accessible :pto_earned, :pto_taken, :sick_days_earned, :sick_days_taken
  belongs_to :user
  has_many :schedule, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
@@ -1,7 +1,4 @@
 class Pay < ActiveRecord::Base
  # mass-assignable attributes
  attr_accessible :bank_account_num, :bank_routing_num, :percent_of_deposit
  # Associations
  belongs_to :user
@@ -1,5 +1,4 @@
 class Performance < ActiveRecord::Base
  attr_accessible :comments, :date_submitted, :reviewer, :score
  belongs_to :user
  def reviewer_name
@@ -1,4 +1,3 @@
 class Retirement < ActiveRecord::Base
  attr_accessible :employee_contrib, :employer_contrib, :total
  belongs_to :user
 end
@@ -1,5 +1,4 @@
 class Schedule < ActiveRecord::Base
  attr_accessible :date_begin, :date_end, :event_desc, :event_name, :event_type
  belongs_to :paid_time_off
  validates_presence_of :date_begin, :date_end, :event_desc, :event_name, :event_type
@@ -1,7 +1,6 @@
 require 'encryption'
 class User < ActiveRecord::Base
  attr_accessible :email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation
  validates :password, :presence => true,
                       :confirmation => true,
                       :length => {:within => 6..40},
@@ -1,5 +1,4 @@
 class WorkInfo < ActiveRecord::Base
  attr_accessible :DoB, :SSN, :bonuses, :income, :years_worked
  belongs_to :user
  has_one :key_management, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
  #before_save :encrypt_ssn
@@ -2,8 +2,8 @@
 <html>
 <head>
  <title>RailsGoat</title>
-  <%= stylesheet_link_tag    "application", :media => "all" %>
+  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
-  <%= javascript_include_tag "application" %>
+  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
  <%= csrf_meta_tags %> <!-- <~ What is this for? I hear it helps w/ JS and Sea-surfing.....whatevz -->
  <!-- bootstrap css -->
 <%
@@ -1,4 +1,4 @@
 # This file is used by Rack-based servers to start the application.
 require ::File.expand_path('../config/environment',  __FILE__)
-run Railsgoat::Application
+run Rails.application
@@ -2,12 +2,9 @@ require File.expand_path('../boot', __FILE__)
 require 'rails/all'
-if defined?(Bundler)
+# Require the gems listed in Gemfile, including any gems
-  # If you precompile assets before deploying to production, use this line
+# you've limited to :test, :development, or :production.
-  Bundler.require(*Rails.groups(:assets => %w(development test mysql)))
+Bundler.require(:default, Rails.env)
  # If you want your assets lazily compiled in production, use this line
  # Bundler.require(:default, :assets, Rails.env)
 end
 module Railsgoat
  class Application < Rails::Application
@@ -47,12 +44,6 @@ module Railsgoat
    # like if you have constraints or database-specific column types
    # config.active_record.schema_format = :sql
    # Enforce whitelist mode for mass assignment.
    # This will create an empty whitelist of attributes available for mass-assignment for all models
    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
    # parameters by using an attr_accessible or attr_protected declaration.
    config.active_record.whitelist_attributes = false
    # Enable the asset pipeline
    config.assets.enabled = true
@@ -1,5 +1,3 @@
 require 'rubygems'
 # Set up gems listed in the Gemfile.
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
@@ -1,5 +1,5 @@
-# Load the rails application
+# Load the Rails application.
 require File.expand_path('../application', __FILE__)
-# Initialize the rails application
+# Initialize the Rails application.
 Railsgoat::Application.initialize!
@@ -9,11 +9,11 @@ Railsgoat::Application.configure do
  # Log error messages when you accidentally call methods on nil.
  config.whiny_nils = true
-  # Show full error reports and disable caching
+  # Show full error reports and disable caching.
  config.consider_all_requests_local       = true
  config.action_controller.perform_caching = false
-  # Don't care if the mailer can't send
+  # Don't care if the mailer can't send.
  config.action_mailer.raise_delivery_errors = false
  # Print deprecation notices to the Rails logger
@@ -22,9 +22,6 @@ Railsgoat::Application.configure do
  # Only use best-standards-support built into browsers
  config.action_dispatch.best_standards_support = :builtin
  # Raise exception on mass assignment protection for Active Record models
  config.active_record.mass_assignment_sanitizer = :strict
  # Log the query plan for queries taking more than this (works
  # with SQLite, MySQL, and PostgreSQL)
  config.active_record.auto_explain_threshold_in_seconds = 0.5
@@ -35,7 +32,9 @@ Railsgoat::Application.configure do
  # Do not compress assets
  config.assets.compress = false
-  # Expands the lines which load the assets
+  # Debug mode disables concatenation and preprocessing of assets.
  # This option may cause significant delays in view rendering with a large
  # number of complex assets.
  config.assets.debug = true
  # ActionMailer settings for email support
@@ -50,4 +49,10 @@ Railsgoat::Application.configure do
       :host => 'railsgoat.dev',
       :ignore => [ %r{dont/modify\.html$} ]
  )
  # For Rails 4.0+: Do not eager load code on boot.
  config.eager_load = false
  # For Rails 4.0+: Raise an error on page load if there are pending migrations
  config.active_record.migration_error = :page_load
 end
@@ -22,9 +22,6 @@ Railsgoat::Application.configure do
  # Only use best-standards-support built into browsers
  config.action_dispatch.best_standards_support = :builtin
  # Raise exception on mass assignment protection for Active Record models
  config.active_record.mass_assignment_sanitizer = :strict
  # Log the query plan for queries taking more than this (works
  # with SQLite, MySQL, and PostgreSQL)
  config.active_record.auto_explain_threshold_in_seconds = 0.5
@@ -1,37 +1,50 @@
 Railsgoat::Application.configure do
  # Settings specified here will take precedence over those in config/application.rb
-  # Code is not reloaded between requests
+  # Code is not reloaded between requests.
  config.cache_classes = true
-  # Full error reports are disabled and caching is turned on
+  # Full error reports are disabled and caching is turned on.
  config.consider_all_requests_local       = false
  config.action_controller.perform_caching = true
-  # Disable Rails's static asset server (Apache or nginx will already do this)
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
  # Add `rack-cache` to your Gemfile before enabling this.
  # For large-scale production use, consider using a caching
  # reverse proxy like nginx, varnish or squid.
  # config.action_dispatch.rack_cache = true
  # Disable Rails's static asset server (Apache or nginx will already do this).
  config.serve_static_assets = false
  # Compress JavaScripts and CSS
  config.assets.compress = true
-  # Don't fallback to assets pipeline if a precompiled asset is missed
+  # Compress JavaScripts and CSS.
-  config.assets.compile = true
+  config.assets.js_compressor = :uglifier
  # config.assets.css_compressor = :sass
-  # Generate digests for assets URLs
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
  config.assets.compile = true # default is false
  # Generate digests for assets URLs.
  config.assets.digest = true
  # For Rails 4.0+: Version of your assets, change this if you want to expire all your assets.
  config.assets.version = '1.0'
  # Defaults to nil and saved in location specified by config.assets.prefix
  # config.assets.manifest = YOUR_PATH
-  # Specifies the header that your server uses for sending files
+  # Specifies the header that your server uses for sending files.
  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
  # config.force_ssl = true
-  # See everything in the log (default is :info)
+  # Set to :debug to see everything in the log.
-  # config.log_level = :debug
+  config.log_level = :info
  # Prepend all log lines with the following tags
  # config.log_tags = [ :subdomain, :uuid ]
@@ -55,13 +68,45 @@ Railsgoat::Application.configure do
  # config.threadsafe!
  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
-  # the I18n.default_locale when a translation can not be found)
+  # the I18n.default_locale when a translation can not be found).
  config.i18n.fallbacks = true
-  # Send deprecation notices to registered listeners
+  # Send deprecation notices to registered listeners.
  config.active_support.deprecation = :notify
  # Log the query plan for queries taking more than this (works
  # with SQLite, MySQL, and PostgreSQL)
  # config.active_record.auto_explain_threshold_in_seconds = 0.5
  # For Rails 4.0+: Eager load code on boot. This eager loads most of
  # Rails and your application in memory, allowing both thread web
  # servers and those relying on copy on write to perform better.
  # Rake tasks automatically ignore this option for performance.
  config.eager_load = true
  # For Rails 4.0+: Use default logging formatter so that PID and timestamp are not suppressed.
  config.log_formatter = ::Logger::Formatter.new
  # For Rails 4.0+: Disable automatic flushing of the log to improve performance.
  # config.autoflush_log = false
  # Prepend all log lines with the following tags.
  # config.log_tags = [ :subdomain, :uuid ]
  # Use a different logger for distributed setups.
  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
  # Use a different cache store in production.
  # config.cache_store = :mem_cache_store
  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
  # config.action_controller.asset_host = "http://assets.example.com"
  # Precompile additional assets.
  # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
  # config.assets.precompile += %w( search.js )
  # Ignore bad email addresses and do not raise email delivery errors.
  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
  # config.action_mailer.raise_delivery_errors = false
 end
@@ -7,21 +7,18 @@ Railsgoat::Application.configure do
  # and recreated between test runs. Don't rely on the data there!
  config.cache_classes = true
-  # Configure static asset server for tests with Cache-Control for performance
+  # Configure static asset server for tests with Cache-Control for performance.
  config.serve_static_assets = true
  config.static_cache_control = "public, max-age=3600"
-  # Log error messages when you accidentally call methods on nil
+  # Show full error reports and disable caching.
  config.whiny_nils = true
  # Show full error reports and disable caching
  config.consider_all_requests_local       = true
  config.action_controller.perform_caching = false
-  # Raise exceptions instead of rendering exception templates
+  # Raise exceptions instead of rendering exception templates.
  config.action_dispatch.show_exceptions = false
-  # Disable request forgery protection in test environment
+  # Disable request forgery protection in test environment.
  config.action_controller.allow_forgery_protection    = false
  # Tell Action Mailer not to deliver emails to the real world.
@@ -29,9 +26,12 @@ Railsgoat::Application.configure do
  # ActionMailer::Base.deliveries array.
  config.action_mailer.delivery_method = :test
-  # Raise exception on mass assignment protection for Active Record models
+  # Print deprecation notices to the stderr.
  config.active_record.mass_assignment_sanitizer = :strict
  # Print deprecation notices to the stderr
  config.active_support.deprecation = :stderr
  # For Rails 4.0+
  # Do not eager load code on boot. This avoids loading your whole application
  # just for the purpose of running a single test. If you are using a tool that
  # preloads Rails for running tests, you may have to set it to true.
  config.eager_load = false
 end
@@ -0,0 +1,4 @@
 # Be sure to restart your server when you modify this file.
 # Configure sensitive parameters which will be filtered from the log file.
 Rails.application.config.filter_parameters += [:password]
@@ -1,15 +1,16 @@
 # Be sure to restart your server when you modify this file.
-# Add new inflection rules using the following format
+# Add new inflection rules using the following format. Inflections
-# (all these examples are active by default):
+# are locale specific, and you may define rules for as many different
-# ActiveSupport::Inflector.inflections do |inflect|
+# locales as you wish. All of these examples are active by default:
 # ActiveSupport::Inflector.inflections(:en) do |inflect|
 #   inflect.plural /^(ox)$/i, '\1en'
 #   inflect.singular /^(ox)en/i, '\1'
 #   inflect.irregular 'person', 'people'
 #   inflect.uncountable %w( fish sheep )
 # end
-#
+
 # These inflection rules are supported but not enabled by default:
-# ActiveSupport::Inflector.inflections do |inflect|
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
 #   inflect.acronym 'RESTful'
 # end
@@ -5,3 +5,4 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 Railsgoat::Application.config.secret_token = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4'
 Railsgoat::Application.config.secret_key_base = '2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4'
@@ -1,8 +1,3 @@
 # Be sure to restart your server when you modify this file.
-Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session', httponly: false
+Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session'
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
 # (create the session table with "rails generate session_migration")
 # Railsgoat::Application.config.session_store :active_record_store
@@ -0,0 +1 @@
 ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
@@ -5,7 +5,7 @@
 # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
 ActiveSupport.on_load(:action_controller) do
-  wrap_parameters format: [:json]
+  wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
 end
 # Disable root element in JSON by default.
@@ -1,5 +1,23 @@
-# Sample localization file for English. Add more files in this directory for other locales.
+# Files in the config/locales directory are used for internationalization
-# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+# and are automatically loaded by Rails. If you want to use locales other
 # than English, add the necessary files in this directory.
 #
 # To use the locales, use `I18n.t`:
 #
 #     I18n.t 'hello'
 #
 # In views, this is aliased to just `t`:
 #
 #     <%= t('hello') %>
 #
 # To use a different locale, set it with `I18n.locale`:
 #
 #     I18n.locale = :es
 #
 # This would use the information in config/locales/es.yml.
 #
 # To learn more, please read the Rails Internationalization guide
 # available at http://guides.rubyonrails.org/i18n.html.
 en:
  hello: "Hello world"
@@ -3,7 +3,7 @@ Railsgoat::Application.routes.draw do
  get "login" => "sessions#new"
  get "signup" => "users#new"
  get "logout" => "sessions#destroy"
-  match "forgot_password" => "password_resets#forgot_password"
+  get "forgot_password" => "password_resets#forgot_password"
  get "password_resets" => "password_resets#confirm_token"
  post "password_resets" => "password_resets#reset_password"
@@ -80,7 +80,7 @@ Railsgoat::Application.routes.draw do
    get "dashboard"
    get "get_user"
    post "delete_user"
-    put "update_user"
+    patch "update_user"
    get "get_all_users"
    get "analytics"
  end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20140804171756) do
+ActiveRecord::Schema.define(:version => 20140408185601) do
  create_table "analytics", :force => true do |t|
    t.string   "ip_address"
@@ -2,17 +2,48 @@
 <html>
 <head>
  <title>The page you were looking for doesn't exist (404)</title>
-  <style type="text/css">
+  <style>
-    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+  body {
-    div.dialog {
+    background-color: #EFEFEF;
-      width: 25em;
+    color: #2E2F30;
-      padding: 0 4em;
+    text-align: center;
-      margin: 4em auto 0 auto;
+    font-family: arial, sans-serif;
-      border: 1px solid #ccc;
+  }
-      border-right-color: #999;
+
-      border-bottom-color: #999;
+  div.dialog {
-    }
+    width: 25em;
-    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+    margin: 4em auto 0 auto;
    border: 1px solid #CCC;
    border-right-color: #999;
    border-left-color: #999;
    border-bottom-color: #BBB;
    border-top: #B00100 solid 4px;
    border-top-left-radius: 9px;
    border-top-right-radius: 9px;
    background-color: white;
    padding: 7px 4em 0 4em;
  }
  h1 {
    font-size: 100%;
    color: #730E15;
    line-height: 1.5em;
  }
  body > p {
    width: 33em;
    margin: 0 auto 1em;
    padding: 1em 0;
    background-color: #F7F7F7;
    border: 1px solid #CCC;
    border-right-color: #999;
    border-bottom-color: #999;
    border-bottom-left-radius: 4px;
    border-bottom-right-radius: 4px;
    border-top-color: #DADADA;
    color: #666;
    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
  }
  </style>
 </head>
@@ -22,5 +53,6 @@
    <h1>The page you were looking for doesn't exist.</h1>
    <p>You may have mistyped the address or the page may have moved.</p>
  </div>
  <p>If you are the application owner check the logs for more information.</p>
 </body>
 </html>
@@ -2,17 +2,48 @@
 <html>
 <head>
  <title>The change you wanted was rejected (422)</title>
-  <style type="text/css">
+  <style>
-    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+  body {
-    div.dialog {
+    background-color: #EFEFEF;
-      width: 25em;
+    color: #2E2F30;
-      padding: 0 4em;
+    text-align: center;
-      margin: 4em auto 0 auto;
+    font-family: arial, sans-serif;
-      border: 1px solid #ccc;
+  }
-      border-right-color: #999;
+
-      border-bottom-color: #999;
+  div.dialog {
-    }
+    width: 25em;
-    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+    margin: 4em auto 0 auto;
    border: 1px solid #CCC;
    border-right-color: #999;
    border-left-color: #999;
    border-bottom-color: #BBB;
    border-top: #B00100 solid 4px;
    border-top-left-radius: 9px;
    border-top-right-radius: 9px;
    background-color: white;
    padding: 7px 4em 0 4em;
  }
  h1 {
    font-size: 100%;
    color: #730E15;
    line-height: 1.5em;
  }
  body > p {
    width: 33em;
    margin: 0 auto 1em;
    padding: 1em 0;
    background-color: #F7F7F7;
    border: 1px solid #CCC;
    border-right-color: #999;
    border-bottom-color: #999;
    border-bottom-left-radius: 4px;
    border-bottom-right-radius: 4px;
    border-top-color: #DADADA;
    color: #666;
    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
  }
  </style>
 </head>
@@ -22,5 +53,6 @@
    <h1>The change you wanted was rejected.</h1>
    <p>Maybe you tried to change something you didn't have access to.</p>
  </div>
  <p>If you are the application owner check the logs for more information.</p>
 </body>
 </html>
@@ -2,17 +2,48 @@
 <html>
 <head>
  <title>We're sorry, but something went wrong (500)</title>
-  <style type="text/css">
+  <style>
-    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+  body {
-    div.dialog {
+    background-color: #EFEFEF;
-      width: 25em;
+    color: #2E2F30;
-      padding: 0 4em;
+    text-align: center;
-      margin: 4em auto 0 auto;
+    font-family: arial, sans-serif;
-      border: 1px solid #ccc;
+  }
-      border-right-color: #999;
+
-      border-bottom-color: #999;
+  div.dialog {
-    }
+    width: 25em;
-    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+    margin: 4em auto 0 auto;
    border: 1px solid #CCC;
    border-right-color: #999;
    border-left-color: #999;
    border-bottom-color: #BBB;
    border-top: #B00100 solid 4px;
    border-top-left-radius: 9px;
    border-top-right-radius: 9px;
    background-color: white;
    padding: 7px 4em 0 4em;
  }
  h1 {
    font-size: 100%;
    color: #730E15;
    line-height: 1.5em;
  }
  body > p {
    width: 33em;
    margin: 0 auto 1em;
    padding: 1em 0;
    background-color: #F7F7F7;
    border: 1px solid #CCC;
    border-right-color: #999;
    border-bottom-color: #999;
    border-bottom-left-radius: 4px;
    border-bottom-right-radius: 4px;
    border-top-color: #DADADA;
    color: #666;
    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
  }
  </style>
 </head>
@@ -21,5 +52,6 @@
  <div class="dialog">
    <h1>We're sorry, but something went wrong.</h1>
  </div>
  <p>If you are the application owner check the logs for more information.</p>
 </body>
 </html>
@@ -1,5 +1,5 @@
 # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
 #
 # To ban all spiders from the entire site uncomment the next two lines:
-# User-Agent: *
+# User-agent: *
 # Disallow: /
@@ -28,4 +28,4 @@ feature 'insecure direct object reference' do
    pending(:if => verifying_fixed?) { first('td').text.should == 'Jack Mannino' }
  end
-end
+end
@@ -1,4 +1,4 @@
-ENV["RAILS_ENV"] = "test"
+ENV["RAILS_ENV"] ||= "test"
 # To use simplecov, do this: COVERAGE=true rake
 require 'simplecov'
@@ -8,6 +8,8 @@ require File.expand_path('../../config/environment', __FILE__)
 require 'rails/test_help'
 class ActiveSupport::TestCase
  # Maybe for Rails 4.0: ActiveRecord::Migration.check_pending!
  # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
  #
  # Note: You'll currently still have to declare fixtures explicitly in integration tests
		`@@ -0,0 +1 @@`
							`ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)`