Merge branch 'master' of github.com:OWASP/railsgoat
This commit is contained in:
Mike McCabe
@@ -12,6 +12,9 @@ gem 'sqlite3'
|
||||
gem 'foreman'
|
||||
gem 'crack', '0.3.1'
|
||||
|
||||
# Pry for Rails, not in dev group in case running via prod/staging @ a training
|
||||
gem 'pry-rails'
|
||||
|
||||
group :development, :mysql do
|
||||
gem 'brakeman'
|
||||
gem 'bundler-audit'
|
||||
|
||||
@@ -185,6 +185,8 @@ GEM
|
||||
coderay (~> 1.1.0)
|
||||
method_source (~> 0.8.1)
|
||||
slop (~> 3.4)
|
||||
pry-rails (0.3.3)
|
||||
pry (>= 0.9.10)
|
||||
rack (1.4.5)
|
||||
rack-cache (1.2)
|
||||
rack (>= 0.4)
|
||||
@@ -330,6 +332,7 @@ DEPENDENCIES
|
||||
poltergeist
|
||||
powder
|
||||
pry
|
||||
pry-rails
|
||||
rack-livereload
|
||||
rails (= 3.2.21)
|
||||
rb-fsevent
|
||||
|
||||
+5
-1
@@ -77,7 +77,11 @@ class User < ActiveRecord::Base
|
||||
def assign_user_id
|
||||
unless @skip_user_id_assign.present? || self.user_id.present?
|
||||
user = User.order("user_id").last
|
||||
uid = user.user_id.to_i + 1 if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}"))
|
||||
uid = if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}"))
|
||||
user.user_id.to_i + 1
|
||||
else
|
||||
1
|
||||
end
|
||||
self.user_id = uid.to_s if uid
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<footer>
|
||||
<p align="center">
|
||||
© The Open Web Application Security Project - OWASP, 2013
|
||||
© The Open Web Application Security Project - OWASP, 2015
|
||||
</p>
|
||||
</footer>
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ Railsgoat::Application.configure do
|
||||
config.action_dispatch.show_exceptions = false
|
||||
|
||||
# Disable request forgery protection in test environment
|
||||
config.action_controller.allow_forgery_protection = false
|
||||
config.action_controller.allow_forgery_protection = true
|
||||
|
||||
# Tell Action Mailer not to deliver emails to the real world.
|
||||
# The :test delivery method accumulates sent emails in the
|
||||
|
||||
-1606
File diff suppressed because it is too large
Load Diff
@@ -5,14 +5,14 @@ class UserFixture
|
||||
end
|
||||
|
||||
def self.normal_user
|
||||
password = 'aoeuaoeu'
|
||||
password = 'thi$ 1s cOmplExEr'
|
||||
user = User.new(:first_name => 'Joe', :last_name => 'Schmoe',
|
||||
:email => 'joe@schmoe.com', :password => password, :password_confirmation => password)
|
||||
def user.clear_password
|
||||
'aoeuaoeu'
|
||||
'thi$ 1s cOmplExEr'
|
||||
end
|
||||
user.build_benefits_data
|
||||
user.save!
|
||||
user
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user