diff --git a/.ruby-version b/.ruby-version index 57cf282..9c25013 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.6.5 +3.3.6 diff --git a/Gemfile b/Gemfile index 451dba6..2561a81 100644 --- a/Gemfile +++ b/Gemfile @@ -1,33 +1,31 @@ # frozen_string_literal: true source "https://rubygems.org" -#don't upgrade -gem "rails", "6.0.0" +gem "rails", "~> 8.0.0" -ruby "2.6.5" +ruby "3.3.6" gem "aruba" gem "bcrypt" -gem "coffee-rails" -gem "execjs" gem "foreman" gem "jquery-fileupload-rails" gem "jquery-rails" gem "minitest" -gem "powder" # Pow related gem gem "pry-rails" # not in dev group in case running via prod/staging @ a training -gem "puma" -gem "rails-perftest" +gem "puma", "~> 6.0" gem "rake" -gem "responders" #For Rails 4.2 # LOCKED DOWN +gem "responders" gem "ruby-prof" gem "sassc-rails" gem "simplecov", require: false, group: :test -gem "sqlite3" -gem "therubyracer" +gem "sqlite3", "~> 2.0" gem "turbolinks" -gem "uglifier" -gem "unicorn" + +# Asset pipeline +gem "sprockets-rails" +gem "importmap-rails" +gem "stimulus-rails" +gem "turbo-rails" # Add SMTP server support using MailCatcher # NOTE: https://github.com/sj26/mailcatcher#bundler @@ -43,16 +41,15 @@ group :development, :mysql do gem "pry" gem "rack-livereload" gem "rb-fsevent" - gem "rubocop-github" - gem "travis-lint" + gem "rubocop" end group :development, :test, :mysql do gem "capybara" gem "database_cleaner" gem "launchy" - gem "poltergeist" - gem "rspec-rails", '4.0.0.beta3' # 4/26/2019: LOCKED DOWN + gem "selenium-webdriver" + gem "rspec-rails" gem "test-unit" end diff --git a/Gemfile.lock b/Gemfile.lock index 16e1c4f..fbfed7c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,143 +1,181 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0) - actionpack (= 6.0.0) + actioncable (8.0.4) + actionpack (= 8.0.4) + activesupport (= 8.0.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0) - actionpack (= 6.0.0) - activejob (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) - mail (>= 2.7.1) - actionmailer (6.0.0) - actionpack (= 6.0.0) - actionview (= 6.0.0) - activejob (= 6.0.0) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.0.0) - actionview (= 6.0.0) - activesupport (= 6.0.0) - rack (~> 2.0) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.0) - actionpack (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) + zeitwerk (~> 2.6) + actionmailbox (8.0.4) + actionpack (= 8.0.4) + activejob (= 8.0.4) + activerecord (= 8.0.4) + activestorage (= 8.0.4) + activesupport (= 8.0.4) + mail (>= 2.8.0) + actionmailer (8.0.4) + actionpack (= 8.0.4) + actionview (= 8.0.4) + activejob (= 8.0.4) + activesupport (= 8.0.4) + mail (>= 2.8.0) + rails-dom-testing (~> 2.2) + actionpack (8.0.4) + actionview (= 8.0.4) + activesupport (= 8.0.4) nokogiri (>= 1.8.5) - actionview (6.0.0) - activesupport (= 6.0.0) + rack (>= 2.2.4) + rack-session (>= 1.0.1) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + useragent (~> 0.16) + actiontext (8.0.4) + actionpack (= 8.0.4) + activerecord (= 8.0.4) + activestorage (= 8.0.4) + activesupport (= 8.0.4) + globalid (>= 0.6.0) + nokogiri (>= 1.8.5) + actionview (8.0.4) + activesupport (= 8.0.4) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.0) - activesupport (= 6.0.0) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (8.0.4) + activesupport (= 8.0.4) globalid (>= 0.3.6) - activemodel (6.0.0) - activesupport (= 6.0.0) - activerecord (6.0.0) - activemodel (= 6.0.0) - activesupport (= 6.0.0) - activestorage (6.0.0) - actionpack (= 6.0.0) - activejob (= 6.0.0) - activerecord (= 6.0.0) - marcel (~> 0.3.1) - activesupport (6.0.0) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.1, >= 2.1.8) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) - aruba (0.14.12) - childprocess (>= 0.6.3, < 4.0.0) - contracts (~> 0.9) - cucumber (>= 1.3.19) - ffi (~> 1.9) - rspec-expectations (>= 2.99) - thor (~> 0.19) - ast (2.4.0) - backports (3.15.0) - bcrypt (3.1.13) - better_errors (2.5.1) - coderay (>= 1.0.0) + activemodel (8.0.4) + activesupport (= 8.0.4) + activerecord (8.0.4) + activemodel (= 8.0.4) + activesupport (= 8.0.4) + timeout (>= 0.4.0) + activestorage (8.0.4) + actionpack (= 8.0.4) + activejob (= 8.0.4) + activerecord (= 8.0.4) + activesupport (= 8.0.4) + marcel (~> 1.0) + activesupport (8.0.4) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + logger (>= 1.4.2) + minitest (>= 5.1) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) + addressable (2.8.8) + public_suffix (>= 2.0.2, < 8.0) + aruba (2.3.2) + bundler (>= 1.17, < 3.0) + contracts (>= 0.16.0, < 0.18.0) + cucumber (>= 8.0, < 11.0) + rspec-expectations (>= 3.4, < 5.0) + thor (~> 1.0) + ast (2.4.3) + base64 (0.3.0) + bcrypt (3.1.20) + benchmark (0.5.0) + better_errors (2.10.1) erubi (>= 1.0.0) rack (>= 0.9.0) - binding_of_caller (0.8.0) - debug_inspector (>= 0.0.1) - builder (3.2.3) - bundler-audit (0.6.1) - bundler (>= 1.2.0, < 3) - thor (~> 0.18) - capybara (3.29.0) + rouge (>= 1.0.0) + bigdecimal (3.3.1) + binding_of_caller (1.0.1) + debug_inspector (>= 1.2.0) + builder (3.3.0) + bundler-audit (0.9.3) + bundler (>= 1.2.0) + thor (~> 1.0) + capybara (3.40.0) addressable + matrix mini_mime (>= 0.1.3) - nokogiri (~> 1.8) + nokogiri (~> 1.11) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.5) + regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - childprocess (3.0.0) - cliver (0.3.2) - coderay (1.1.2) - coffee-rails (5.0.0) - coffee-script (>= 2.2.0) - railties (>= 5.2.0) - coffee-script (2.4.1) - coffee-script-source - execjs - coffee-script-source (1.12.2) - concurrent-ruby (1.1.5) - contracts (0.16.0) - crass (1.0.5) - cucumber (3.1.2) - builder (>= 2.1.2) - cucumber-core (~> 3.2.0) - cucumber-expressions (~> 6.0.1) - cucumber-wire (~> 0.0.1) - diff-lcs (~> 1.3) - gherkin (~> 5.1.0) - multi_json (>= 1.7.5, < 2.0) - multi_test (>= 0.1.2) - cucumber-core (3.2.1) - backports (>= 3.8.0) - cucumber-tag_expressions (~> 1.1.0) - gherkin (~> 5.0) - cucumber-expressions (6.0.1) - cucumber-tag_expressions (1.1.1) - cucumber-wire (0.0.1) - database_cleaner (1.7.0) - debug_inspector (0.0.3) - diff-lcs (1.3) - docile (1.3.2) - em-websocket (0.5.1) + childprocess (5.1.0) + logger (~> 1.5) + coderay (1.1.3) + concurrent-ruby (1.3.5) + connection_pool (3.0.1) + contracts (0.17.2) + crass (1.0.6) + cucumber (10.1.1) + base64 (~> 0.2) + builder (~> 3.2) + cucumber-ci-environment (> 9, < 11) + cucumber-core (> 15, < 17) + cucumber-cucumber-expressions (> 17, < 19) + cucumber-html-formatter (> 20.3, < 22) + diff-lcs (~> 1.5) + logger (~> 1.6) + mini_mime (~> 1.1) + multi_test (~> 1.1) + sys-uname (~> 1.3) + cucumber-ci-environment (10.0.1) + cucumber-core (15.3.0) + cucumber-gherkin (> 27, < 35) + cucumber-messages (> 26, < 30) + cucumber-tag-expressions (> 5, < 9) + cucumber-cucumber-expressions (18.0.1) + bigdecimal + cucumber-gherkin (34.0.0) + cucumber-messages (> 25, < 29) + cucumber-html-formatter (21.15.1) + cucumber-messages (> 19, < 28) + cucumber-messages (27.2.0) + cucumber-tag-expressions (8.1.0) + database_cleaner (2.1.0) + database_cleaner-active_record (>= 2, < 3) + database_cleaner-active_record (2.2.2) + activerecord (>= 5.a) + database_cleaner-core (~> 2.0) + database_cleaner-core (2.0.1) + date (3.5.0) + debug_inspector (1.2.0) + diff-lcs (1.6.2) + docile (1.4.1) + drb (2.2.3) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) - erubi (1.9.0) + http_parser.rb (~> 0) + erb (6.0.0) + erubi (1.13.1) eventmachine (1.2.7) - execjs (2.7.0) - ffi (1.11.1) - foreman (0.86.0) - formatador (0.2.5) - gherkin (5.1.0) - globalid (0.4.2) - activesupport (>= 4.2.0) - guard (2.16.1) + ffi (1.17.2-aarch64-linux-gnu) + ffi (1.17.2-aarch64-linux-musl) + ffi (1.17.2-arm-linux-gnu) + ffi (1.17.2-arm-linux-musl) + ffi (1.17.2-arm64-darwin) + ffi (1.17.2-x86_64-darwin) + ffi (1.17.2-x86_64-linux-gnu) + ffi (1.17.2-x86_64-linux-musl) + foreman (0.90.0) + thor (~> 1.4) + formatador (1.2.3) + reline + globalid (1.3.0) + activesupport (>= 6.1) + guard (2.19.1) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) + logger (~> 1.6) lumberjack (>= 1.0.12, < 2.0) nenv (~> 0.1) notiffany (~> 0.0) - pry (>= 0.9.12) + ostruct (~> 0.6) + pry (>= 0.13.0) shellany (~> 0.0) thor (>= 0.18.1) guard-compat (1.2.1) @@ -150,152 +188,216 @@ GEM guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - guard-shell (0.7.1) + guard-shell (0.7.2) guard (>= 2.0.0) guard-compat (~> 1.0) - http_parser.rb (0.6.0) - i18n (1.7.0) + http_parser.rb (0.8.0) + i18n (1.14.7) concurrent-ruby (~> 1.0) - jaro_winkler (1.5.4) + importmap-rails (2.2.2) + actionpack (>= 6.0.0) + activesupport (>= 6.0.0) + railties (>= 6.0.0) + io-console (0.8.1) + irb (1.15.3) + pp (>= 0.6.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) jquery-fileupload-rails (1.0.0) actionpack (>= 3.1) railties (>= 3.1) sassc - jquery-rails (4.3.5) + jquery-rails (4.6.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (2.3.1) - kgio (2.11.2) - launchy (2.4.3) - addressable (~> 2.3) - libv8 (3.16.14.19) - listen (3.2.0) + json (2.17.1) + language_server-protocol (3.17.0.5) + launchy (3.1.1) + addressable (~> 2.8) + childprocess (~> 5.0) + logger (~> 1.6) + lint_roller (1.1.0) + listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.3.1) + logger (1.7.0) + loofah (2.24.1) crass (~> 1.0.2) - nokogiri (>= 1.5.9) - lumberjack (1.0.13) - mail (2.7.1) + nokogiri (>= 1.12.0) + lumberjack (1.4.2) + mail (2.9.0) + logger mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - method_source (0.9.2) - mimemagic (0.3.9) - nokogiri (~> 1) - rake - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.13.0) - multi_json (1.14.1) - multi_test (0.1.2) - mysql2 (0.5.2) + net-imap + net-pop + net-smtp + marcel (1.1.0) + matrix (0.4.3) + memoist3 (1.0.0) + method_source (1.1.0) + mini_mime (1.1.5) + minitest (5.26.2) + multi_json (1.18.0) + multi_test (1.1.0) + mysql2 (0.5.7) + bigdecimal nenv (0.3.0) - nio4r (2.5.2) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) + net-imap (0.5.12) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.1) + net-protocol + nio4r (2.7.5) + nokogiri (1.18.10-aarch64-linux-gnu) + racc (~> 1.4) + nokogiri (1.18.10-aarch64-linux-musl) + racc (~> 1.4) + nokogiri (1.18.10-arm-linux-gnu) + racc (~> 1.4) + nokogiri (1.18.10-arm-linux-musl) + racc (~> 1.4) + nokogiri (1.18.10-arm64-darwin) + racc (~> 1.4) + nokogiri (1.18.10-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.18.10-x86_64-linux-gnu) + racc (~> 1.4) + nokogiri (1.18.10-x86_64-linux-musl) + racc (~> 1.4) notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - parallel (1.18.0) - parser (2.6.5.0) - ast (~> 2.4.0) - pg (1.2.3) - poltergeist (1.18.1) - capybara (>= 2.1, < 4) - cliver (~> 0.3.1) - websocket-driver (>= 0.2.0) - powder (0.4.0) - thor (>= 0.11.5) - power_assert (1.1.5) - pry (0.12.2) - coderay (~> 1.1.0) - method_source (~> 0.9.0) - pry-rails (0.3.9) - pry (>= 0.10.4) - public_suffix (4.0.1) - puma (4.3.5) + ostruct (0.6.3) + parallel (1.27.0) + parser (3.3.10.0) + ast (~> 2.4.1) + racc + pg (1.6.2) + pg (1.6.2-aarch64-linux) + pg (1.6.2-aarch64-linux-musl) + pg (1.6.2-arm64-darwin) + pg (1.6.2-x86_64-darwin) + pg (1.6.2-x86_64-linux) + pg (1.6.2-x86_64-linux-musl) + power_assert (3.0.1) + pp (0.6.3) + prettyprint + prettyprint (0.2.0) + prism (1.6.0) + pry (0.15.2) + coderay (~> 1.1) + method_source (~> 1.0) + pry-rails (0.3.11) + pry (>= 0.13.0) + psych (5.2.6) + date + stringio + public_suffix (7.0.0) + puma (6.6.1) nio4r (~> 2.0) - rack (2.2.3) - rack-livereload (0.3.17) - rack - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (6.0.0) - actioncable (= 6.0.0) - actionmailbox (= 6.0.0) - actionmailer (= 6.0.0) - actionpack (= 6.0.0) - actiontext (= 6.0.0) - actionview (= 6.0.0) - activejob (= 6.0.0) - activemodel (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) - bundler (>= 1.3.0) - railties (= 6.0.0) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + racc (1.8.1) + rack (3.1.19) + rack-livereload (0.6.1) + rack (>= 3.0, < 3.2) + rack-session (2.1.1) + base64 (>= 0.1.0) + rack (>= 3.0.0) + rack-test (2.2.0) + rack (>= 1.3) + rackup (2.2.1) + rack (>= 3) + rails (8.0.4) + actioncable (= 8.0.4) + actionmailbox (= 8.0.4) + actionmailer (= 8.0.4) + actionpack (= 8.0.4) + actiontext (= 8.0.4) + actionview (= 8.0.4) + activejob (= 8.0.4) + activemodel (= 8.0.4) + activerecord (= 8.0.4) + activestorage (= 8.0.4) + activesupport (= 8.0.4) + bundler (>= 1.15.0) + railties (= 8.0.4) + rails-dom-testing (2.3.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - rails-perftest (0.0.7) - railties (6.0.0) - actionpack (= 6.0.0) - activesupport (= 6.0.0) - method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) - rainbow (3.0.0) - raindrops (0.19.0) - rake (13.0.0) - rb-fsevent (0.10.3) - rb-inotify (0.10.0) + rails-html-sanitizer (1.6.2) + loofah (~> 2.21) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + railties (8.0.4) + actionpack (= 8.0.4) + activesupport (= 8.0.4) + irb (~> 1.13) + rackup (>= 1.0.0) + rake (>= 12.2) + thor (~> 1.0, >= 1.2.2) + tsort (>= 0.2) + zeitwerk (~> 2.6) + rainbow (3.1.1) + rake (13.3.1) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) ffi (~> 1.0) - ref (2.0.0) - regexp_parser (1.6.0) - responders (3.0.0) - actionpack (>= 5.0) - railties (>= 5.0) - rspec (3.9.0) - rspec-core (~> 3.9.0) - rspec-expectations (~> 3.9.0) - rspec-mocks (~> 3.9.0) - rspec-core (3.9.0) - rspec-support (~> 3.9.0) - rspec-expectations (3.9.0) + rdoc (6.16.1) + erb + psych (>= 4.0.0) + tsort + regexp_parser (2.11.3) + reline (0.6.3) + io-console (~> 0.5) + responders (3.2.0) + actionpack (>= 7.0) + railties (>= 7.0) + rexml (3.4.4) + rouge (4.6.1) + rspec (3.13.2) + rspec-core (~> 3.13.0) + rspec-expectations (~> 3.13.0) + rspec-mocks (~> 3.13.0) + rspec-core (3.13.6) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.5) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-mocks (3.9.0) + rspec-support (~> 3.13.0) + rspec-mocks (3.13.7) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-rails (4.0.0.beta3) - actionpack (>= 4.2) - activesupport (>= 4.2) - railties (>= 4.2) - rspec-core (~> 3.8) - rspec-expectations (~> 3.8) - rspec-mocks (~> 3.8) - rspec-support (~> 3.8) - rspec-support (3.9.0) - rubocop (0.76.0) - jaro_winkler (~> 1.5.1) + rspec-support (~> 3.13.0) + rspec-rails (8.0.2) + actionpack (>= 7.2) + activesupport (>= 7.2) + railties (>= 7.2) + rspec-core (~> 3.13) + rspec-expectations (~> 3.13) + rspec-mocks (~> 3.13) + rspec-support (~> 3.13) + rspec-support (3.13.6) + rubocop (1.81.7) + json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) parallel (~> 1.10) - parser (>= 2.6) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.47.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 1.7) - rubocop-github (0.13.0) - rubocop (~> 0.70) - rubocop-performance (~> 1.3.0) - rubocop-performance (1.3.0) - rubocop (>= 0.68.0) - ruby-prof (1.0.0) - ruby-progressbar (1.10.1) - sassc (2.2.1) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.48.0) + parser (>= 3.3.7.2) + prism (~> 1.4) + ruby-prof (1.7.2) + base64 + ruby-progressbar (1.13.0) + rubyzip (3.2.2) + sassc (2.4.0) ffi (~> 1.9) sassc-rails (2.1.2) railties (>= 4.0.0) @@ -303,50 +405,81 @@ GEM sprockets (> 3.0) sprockets-rails tilt + securerandom (0.4.1) + selenium-webdriver (4.38.0) + base64 (~> 0.2) + logger (~> 1.4) + rexml (~> 3.2, >= 3.2.5) + rubyzip (>= 1.2.2, < 4.0) + websocket (~> 1.0) shellany (0.0.1) - simplecov (0.17.1) + simplecov (0.22.0) docile (~> 1.1) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.2) - sprockets (4.0.0) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.13.2) + simplecov_json_formatter (0.1.4) + sprockets (4.2.2) concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) + logger + rack (>= 2.2.4, < 4) + sprockets-rails (3.5.2) + actionpack (>= 6.1) + activesupport (>= 6.1) sprockets (>= 3.0.0) - sqlite3 (1.4.1) - test-unit (3.3.4) + sqlite3 (2.8.1-aarch64-linux-gnu) + sqlite3 (2.8.1-aarch64-linux-musl) + sqlite3 (2.8.1-arm-linux-gnu) + sqlite3 (2.8.1-arm-linux-musl) + sqlite3 (2.8.1-arm64-darwin) + sqlite3 (2.8.1-x86_64-darwin) + sqlite3 (2.8.1-x86_64-linux-gnu) + sqlite3 (2.8.1-x86_64-linux-musl) + stimulus-rails (1.3.4) + railties (>= 6.0.0) + stringio (3.1.9) + sys-uname (1.4.1) + ffi (~> 1.1) + memoist3 (~> 1.0.0) + test-unit (3.7.3) power_assert - therubyracer (0.12.3) - libv8 (~> 3.16.14.15) - ref - thor (0.20.3) - thread_safe (0.3.6) - tilt (2.0.10) - travis-lint (2.0.0) - json + thor (1.4.0) + tilt (2.6.1) + timeout (0.4.4) + tsort (0.2.0) + turbo-rails (2.0.20) + actionpack (>= 7.1.0) + railties (>= 7.1.0) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.5) - thread_safe (~> 0.1) - uglifier (4.2.0) - execjs (>= 0.3.0, < 3) - unicode-display_width (1.6.0) - unicorn (5.5.1) - kgio (~> 2.6) - raindrops (~> 0.7) - websocket-driver (0.7.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + unicode-display_width (3.2.0) + unicode-emoji (~> 4.1) + unicode-emoji (4.1.0) + uri (1.1.1) + useragent (0.16.11) + websocket (1.2.11) + websocket-driver (0.8.0) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.2.1) + zeitwerk (2.7.3) PLATFORMS - ruby + aarch64-linux + aarch64-linux-gnu + aarch64-linux-musl + arm-linux-gnu + arm-linux-musl + arm64-darwin + x86_64-darwin + x86_64-linux + x86_64-linux-gnu + x86_64-linux-musl DEPENDENCIES aruba @@ -355,45 +488,41 @@ DEPENDENCIES binding_of_caller bundler-audit capybara - coffee-rails database_cleaner - execjs foreman guard-livereload guard-rspec guard-shell + importmap-rails jquery-fileupload-rails jquery-rails launchy minitest mysql2 pg - poltergeist - powder pry pry-rails - puma + puma (~> 6.0) rack-livereload - rails (= 6.0.0) - rails-perftest + rails (~> 8.0.0) rake rb-fsevent responders - rspec-rails (= 4.0.0.beta3) - rubocop-github + rspec-rails + rubocop ruby-prof sassc-rails + selenium-webdriver simplecov - sqlite3 + sprockets-rails + sqlite3 (~> 2.0) + stimulus-rails test-unit - therubyracer - travis-lint + turbo-rails turbolinks - uglifier - unicorn RUBY VERSION - ruby 2.6.5p114 + ruby 3.3.6p108 BUNDLED WITH - 1.17.3 + 2.5.22 diff --git a/app/assets/javascripts/password_resets.js b/app/assets/javascripts/password_resets.js new file mode 100644 index 0000000..dee720f --- /dev/null +++ b/app/assets/javascripts/password_resets.js @@ -0,0 +1,2 @@ +// Place all the behaviors and hooks related to the matching controller here. +// All this logic will automatically be available in application.js. diff --git a/app/assets/javascripts/password_resets.js.coffee b/app/assets/javascripts/password_resets.js.coffee deleted file mode 100644 index 7615679..0000000 --- a/app/assets/javascripts/password_resets.js.coffee +++ /dev/null @@ -1,3 +0,0 @@ -# Place all the behaviors and hooks related to the matching controller here. -# All this logic will automatically be available in application.js. -# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 8e1d7a0..9680942 100755 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -2,7 +2,7 @@ class AdminController < ApplicationController before_action :administrative, if: :admin_param, except: [:get_user] skip_before_action :has_info - layout false, only: [:get_all_users, :get_user] + layout false, only: [:get_all_users] def dashboard end @@ -38,10 +38,11 @@ class AdminController < ApplicationController pass = params[:user][:password] user.password = pass if !(pass.blank?) user.save! - message = true - end - respond_to do |format| - format.json { render json: { msg: message ? "success" : "failure"} } + flash[:success] = "User updated successfully" + redirect_to admin_get_all_users_path(current_user.id) + else + flash[:error] = "User not found" + redirect_to admin_get_all_users_path(current_user.id) end end @@ -51,11 +52,11 @@ class AdminController < ApplicationController # Call destroy here so that all association records w/ id are destroyed as well # Example user.retirement records would be destroyed user.destroy - message = true - end - respond_to do |format| - format.json { render json: { msg: message ? "success" : "failure"} } + flash[:success] = "User deleted successfully" + else + flash[:error] = "Cannot delete this user" end + redirect_to admin_get_all_users_path(current_user.id) end private diff --git a/app/controllers/tutorials_controller.rb b/app/controllers/tutorials_controller.rb index 039200f..d6eeaab 100755 --- a/app/controllers/tutorials_controller.rb +++ b/app/controllers/tutorials_controller.rb @@ -3,5 +3,190 @@ class TutorialsController < ApplicationController skip_before_action :has_info skip_before_action :authenticated - layout false, only: [:credentials] + def credentials + # Render credentials page with layout + end + + # VULNERABILITY: Regular Expression Denial of Service (ReDoS) + # This endpoint demonstrates how malicious input can cause catastrophic backtracking + # in regular expressions, potentially hanging the application. + # + # In Rails 8, Regexp.timeout is set to 1 second by default, which prevents + # infinite hangs but still allows attackers to consume server resources. + # + # Tutorial: See wiki R8-A1-ReDoS for exploitation details + def redos_email + email = params[:email] + + # VULNERABLE: Complex email regex with nested quantifiers + # This pattern is susceptible to catastrophic backtracking + email_pattern = /^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/ + + begin + start_time = Time.now + is_valid = email =~ email_pattern + elapsed_time = Time.now - start_time + + render json: { + valid: is_valid.present?, + time_elapsed: elapsed_time, + message: "Email validation completed" + } + rescue Regexp::TimeoutError => e + elapsed_time = Time.now - start_time + Rails.logger.warn "[SECURITY] ReDoS attempt detected - pattern: email validation, elapsed: #{elapsed_time}s" + + render json: { + error: "Timeout", + message: "Email validation timed out - possible ReDoS attack", + time_elapsed: elapsed_time + }, status: :bad_request + end + end + + # VULNERABILITY: ReDoS with nested quantifiers + # Even worse than the email example - this demonstrates pure nested quantifiers + # which cause exponential backtracking. + # + # Tutorial: See wiki R8-A1-ReDoS for exploitation details + def redos_username + username = params[:username] + + # EXTREMELY VULNERABLE: Nested quantifiers (a+)+ + # This is the canonical ReDoS example + username_pattern = /^(a+)+$/ + + begin + start_time = Time.now + is_valid = username =~ username_pattern + elapsed_time = Time.now - start_time + + render json: { + valid: is_valid.present?, + time_elapsed: elapsed_time, + message: "Username validation completed" + } + rescue Regexp::TimeoutError => e + elapsed_time = Time.now - start_time + Rails.logger.warn "[SECURITY] ReDoS attempt detected - pattern: username validation, elapsed: #{elapsed_time}s" + + render json: { + error: "Timeout", + message: "Username validation timed out - possible ReDoS attack", + time_elapsed: elapsed_time + }, status: :bad_request + end + end + + # SECURE: Fixed version using simpler regex + # This shows the proper way to validate without ReDoS risk + def redos_email_safe + email = params[:email] + + # SAFE: Use Ruby's built-in URI email regex or simple validation + begin + start_time = Time.now + is_valid = email =~ URI::MailTo::EMAIL_REGEXP + elapsed_time = Time.now - start_time + + render json: { + valid: is_valid.present?, + time_elapsed: elapsed_time, + message: "Email validation completed (safe method)" + } + rescue Regexp::TimeoutError => e + # This should never happen with the built-in regex, but handle it anyway + elapsed_time = Time.now - start_time + render json: { + error: "Timeout", + message: "Validation timed out", + time_elapsed: elapsed_time + }, status: :bad_request + end + end + + # VULNERABILITY A03:2025 - Software Supply Chain Failures + # This endpoint demonstrates various supply chain security issues + # + # Tutorial: See wiki for A03 exploitation details + def supply_chain + render json: { + vulnerabilities: [ + { + type: "Missing Subresource Integrity (SRI)", + location: "app/views/layouts/application.html.erb", + description: "CDN assets loaded without integrity checks", + impact: "If CDN is compromised, malicious code can be injected", + cve_example: "Similar to British Airways breach (2018) via Magecart" + }, + { + type: "Outdated Dependencies", + location: "Gemfile.lock", + description: "Application may use gems with known vulnerabilities", + impact: "Exploitable CVEs in dependencies", + mitigation: "Run 'bundle audit' to check for known vulnerabilities" + }, + { + type: "No Dependency Integrity Validation", + location: "Gemfile / bundler configuration", + description: "Gemfile.lock can be modified without detection", + impact: "Malicious dependencies could be injected", + mitigation: "Use checksums, verify signatures, implement SBOM" + }, + { + type: "Insecure Gem Sources", + location: "Gemfile (if misconfigured)", + description: "Using HTTP instead of HTTPS for gem sources", + impact: "Man-in-the-middle attacks during bundle install", + note: "RailsGoat correctly uses HTTPS, but many apps don't" + }, + { + type: "No Software Bill of Materials (SBOM)", + location: "Project root", + description: "Missing SBOM documentation", + impact: "Cannot track supply chain components or vulnerabilities", + mitigation: "Generate SBOM using CycloneDX or SPDX formats" + } + ], + demo: "Check application.html.erb for CDN assets without SRI", + secure_example: { + vulnerable: '', + secure: '' + } + } + end + + # Demonstrate checking for vulnerable dependencies + def check_dependencies + begin + # In a real scenario, this would run bundle-audit or similar + # For demo purposes, we'll return example vulnerability data + render json: { + status: "scan_complete", + message: "This endpoint simulates dependency vulnerability scanning", + note: "Run 'bundle audit' or 'bundle-audit check' in your terminal", + example_vulnerabilities: [ + { + gem: "rails", + version: "8.0.4", + advisory: "Check https://rubysec.com for any advisories", + severity: "varies" + }, + { + gem: "nokogiri", + note: "Commonly has CVEs, check current version against advisories", + resources: "https://github.com/sparklemotion/nokogiri/security/advisories" + } + ], + recommended_tools: [ + "bundle-audit - https://github.com/rubysec/bundler-audit", + "Dependabot - https://github.com/dependabot", + "Snyk - https://snyk.io", + "OWASP Dependency-Check" + ] + } + rescue => e + render json: { error: e.message }, status: :internal_server_error + end + end end diff --git a/app/views/admin/dashboard.html.erb b/app/views/admin/dashboard.html.erb index ddad53c..4ffa26a 100755 --- a/app/views/admin/dashboard.html.erb +++ b/app/views/admin/dashboard.html.erb @@ -1,54 +1,70 @@ -
-
-
-
- -
-
- -
-
- -
-
- -
-
-
-
-
- Manage Users -
+
+
+
+ + -
-
-
+ + + + +
+
+

+ Manage Users +

+
+ +
+ +
+ +

Loading user data...

+
+
-<%= javascript_include_tag "jquery.dataTables.min.js"%> +<%= javascript_include_tag "jquery.dataTables.min.js" %> diff --git a/app/views/admin/get_all_users.html.erb b/app/views/admin/get_all_users.html.erb index bf092ea..d262be1 100755 --- a/app/views/admin/get_all_users.html.erb +++ b/app/views/admin/get_all_users.html.erb @@ -29,27 +29,18 @@ <%= u.admin ? %{ - <%= link_to "Edit", "#", {:onClick => "javascript:openEditModal(#{u.id});", :role => "button", :style => "width:70px", :class => "btn btn-inverse", "data-toggle" => "modal"}%> + <%= link_to "Edit", admin_get_user_path(u.id), {:style => "width:70px", :class => "btn btn-inverse"}%> <% end %> -
+
+
diff --git a/app/views/benefit_forms/index.html.erb b/app/views/benefit_forms/index.html.erb index 818ab08..14920ad 100644 --- a/app/views/benefit_forms/index.html.erb +++ b/app/views/benefit_forms/index.html.erb @@ -1,108 +1,137 @@ -
-
- -
- -
-
-
-
- Health Insurance -
-
- -
- Click on PDF to download

- <%= link_to download_path(:type => "File", :name => "public/docs/Health_n_Stuff.pdf") do %> -
-
- - - PDF - -
- -
- <% end %> -
- -
-
- -
-
-
-
- Dental Insurance -
-
- -
- Click on PDF to download

- <%= link_to download_path(:type => "File", :name => "public/docs/Dental_n_Stuff.pdf") do %> -
-
- - - PDF - -
- -
- <% end %> -
- -
-
+
+
+
+

+ Benefit Forms +

+

Download benefit documents and upload completed forms

-
-
-
-
-
- Health Insurance -
-
- -
-
-

Upload file

- <%= form_for @benefits, :url => upload_path, :html => { :action => "upload", :multipart => true, :id => "fi" } do |f| %> - -
-
- <%= hidden_field "benefits", "backup", :value => false %> - - - - Add file - <%= f.file_field :upload %> - - -

Nothing selected -
-
- -
-
+
+ + +
+ +
+
+
+
+ +
+

Health Insurance

+

Download your health insurance benefit forms and information

+ <%= link_to download_path(type: "File", name: "public/docs/Health_n_Stuff.pdf"), class: "btn btn-primary btn-lg" do %> + Download PDF + <% end %> +
+
+
+ + +
+
+
+
+ +
+

Dental Insurance

+

Download your dental insurance benefit forms and information

+ <%= link_to download_path(type: "File", name: "public/docs/Dental_n_Stuff.pdf"), class: "btn btn-success btn-lg" do %> + Download PDF + <% end %> +
+
+
+
+ + +
+
+
+
+

+ Upload Completed Forms +

+
+
+ <%= form_for @benefits, url: upload_path, html: { multipart: true, id: "fi", class: "needs-validation" } do |f| %> + <%= hidden_field "benefits", "backup", value: false %> + +
+
+
+ +
Select File to Upload
+

Choose a file from your computer

+ +
+ + <%= f.file_field :upload, class: "d-none", id: "benefits_upload" %> +
+ +
+ + No file selected +
- -
-
- - -
- <% end %> -
-
-
-
+
+
+ + +
+
+ +
+ + +
+ +
+ + + + + + + + + + +
File NameSizeStatus
+
+
+ <% end %> +
+
+
+
+ + +
+
+ @@ -111,16 +140,91 @@
\ No newline at end of file + // Show progress bar + $("#upload-progress").show(); + + // Simulate upload progress (in real implementation, this would be handled by the server) + var progress = 0; + var interval = setInterval(function() { + progress += 10; + $("#progress-bar").css('width', progress + '%'); + $("#progress-text").text(progress + '%'); + + if (progress >= 100) { + clearInterval(interval); + } + }, 200); + }); +}); + +// Handle Turbolinks page loads +$(document).on('turbolinks:load', function() { + makeActive(); +}); + + + diff --git a/app/views/dashboard/bar_graph.html.erb b/app/views/dashboard/bar_graph.html.erb index ed8c550..7be7cd1 100644 --- a/app/views/dashboard/bar_graph.html.erb +++ b/app/views/dashboard/bar_graph.html.erb @@ -1,54 +1,94 @@ -
- - +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
YearVisitorsOrdersIncomeExpenses
2007300800900300
20081,1708601,220564
20092601,1202,8702,340
20101,0305403,4301,200
20112007001,700770
20121,1702,1603,920800
+
- \ No newline at end of file +
+
+
+
+
Total Visitors
+

3,130

+
+
+
+
+
+
+
Total Orders
+

6,180

+
+
+
+
+
+
+
Total Income
+

14,040

+
+
+
+
+
+
+
Total Expenses
+

5,174

+
+
+
+
+
diff --git a/app/views/dashboard/home.html.erb b/app/views/dashboard/home.html.erb index c923c49..baa1acb 100644 --- a/app/views/dashboard/home.html.erb +++ b/app/views/dashboard/home.html.erb @@ -1,56 +1,90 @@ -
-
-
-
-
-
-
- Current Statistics -
- -
-
- - -
-
- -
-
- <%#= render partial: "dashboard_stats" %> -
-
+
+
+
+
+
+

+ Current Statistics +

+ +
+ +
-
+
+ +
+ +

Loading statistics...

+
+
+
+ + diff --git a/app/views/dashboard/pie_charts.html.erb b/app/views/dashboard/pie_charts.html.erb index e4059da..eb98bcb 100755 --- a/app/views/dashboard/pie_charts.html.erb +++ b/app/views/dashboard/pie_charts.html.erb @@ -48,8 +48,18 @@ <% end %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 960c521..8ecd6a0 100755 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -1,43 +1,438 @@ - + - RailsGoat - <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %> - <%= javascript_include_tag "application", "data-turbolinks-track" => true %> + + + RailsGoat - OWASP Security Training + <%#= csrf_meta_tags %> - + + + + + + + + + + + + <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => "reload" %> + <%= javascript_include_tag "application", "data-turbolinks-track" => "reload" %> + + + + + + + + + + + + body { font-size:<%= raw cookies[:font] %> !important;} <% end %> + <%= render "layouts/shared/header" %> <%= render "layouts/shared/sidebar" %> -
- <% if current_user %> -
- <%= render "layouts/shared/messages" %> - <%= yield %> -
- <% else %> - - <% end %> -
+ <%= yield %> + + <%= render "layouts/shared/footer" %> - - - diff --git a/app/views/layouts/shared/_footer.html.erb b/app/views/layouts/shared/_footer.html.erb index f2a9c18..a197612 100755 --- a/app/views/layouts/shared/_footer.html.erb +++ b/app/views/layouts/shared/_footer.html.erb @@ -1,22 +1,56 @@ -
-

- © The Open Worldwide Application Security Project - OWASP, 2015 -

-
+<% if current_user %> + +<% end %> - \ No newline at end of file + diff --git a/app/views/layouts/shared/_header.html.erb b/app/views/layouts/shared/_header.html.erb index 24b39ca..a97f595 100755 --- a/app/views/layouts/shared/_header.html.erb +++ b/app/views/layouts/shared/_header.html.erb @@ -1,88 +1,115 @@ <% if current_user %> -
- - - Font Size: - A - A - - -