Based on cane gem, removed tab indents and trailing blanks
This commit is contained in:
Al Snow
@@ -6,18 +6,18 @@ class DashboardController < ApplicationController
|
||||
|
||||
# See if the user has a font preference
|
||||
if params[:font]
|
||||
cookies[:font] = params[:font]
|
||||
cookies[:font] = params[:font]
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
def change_graph
|
||||
self.try(params[:graph])
|
||||
end
|
||||
|
||||
|
||||
def bar_graph
|
||||
render :partial => "layouts/dashboard/bar_graph"
|
||||
end
|
||||
|
||||
|
||||
def pie_charts
|
||||
@user = current_user
|
||||
render :partial => "layouts/dashboard/dashboard_stats"
|
||||
@@ -25,5 +25,5 @@ class DashboardController < ApplicationController
|
||||
|
||||
def doc
|
||||
render "../../doc/" + params[:doc]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
+7
-7
@@ -1,5 +1,5 @@
|
||||
module Encryption
|
||||
|
||||
|
||||
# Added a re-usable encryption routine, shouldn't be an issue!
|
||||
def self.encrypt_sensitive_value(val="")
|
||||
aes = OpenSSL::Cipher::Cipher.new(cipher_type)
|
||||
@@ -9,7 +9,7 @@ module Encryption
|
||||
new_val = aes.update("#{val}") + aes.final
|
||||
Base64.strict_encode64(new_val).encode('utf-8')
|
||||
end
|
||||
|
||||
|
||||
def self.decrypt_sensitive_value(val="")
|
||||
aes = OpenSSL::Cipher::Cipher.new(cipher_type)
|
||||
aes.decrypt
|
||||
@@ -18,19 +18,19 @@ module Encryption
|
||||
decoded = Base64.strict_decode64("#{val}")
|
||||
aes.update("#{decoded}") + aes.final
|
||||
end
|
||||
|
||||
|
||||
# Should be able to just re-use the same key we already have!
|
||||
def self.key
|
||||
raise "Key Missing" if !(KEY)
|
||||
KEY
|
||||
end
|
||||
|
||||
|
||||
def self.iv
|
||||
RG_IV
|
||||
end
|
||||
|
||||
|
||||
def self.cipher_type
|
||||
'aes-256-cbc'
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -10,16 +10,15 @@ describe User do
|
||||
DatabaseCleaner.strategy = :truncation
|
||||
end
|
||||
|
||||
it "can be instantiated" do
|
||||
Benefits.new.should be_an_instance_of(Benefits)
|
||||
end
|
||||
it "can be instantiated" do
|
||||
Benefits.new.should be_an_instance_of(Benefits)
|
||||
end
|
||||
|
||||
|
||||
it "name can be updated" do
|
||||
new_name = "Bobby"
|
||||
user = User.all.first
|
||||
user.first_name = new_name
|
||||
user.save!
|
||||
User.all.first.first_name.should == new_name
|
||||
end
|
||||
end
|
||||
it "name can be updated" do
|
||||
new_name = "Bobby"
|
||||
user = User.all.first
|
||||
user.first_name = new_name
|
||||
user.save!
|
||||
User.all.first.first_name.should == new_name
|
||||
end
|
||||
end
|
||||
|
||||
+21
-21
@@ -10,28 +10,28 @@ describe User do
|
||||
DatabaseCleaner.strategy = :truncation
|
||||
end
|
||||
|
||||
it "can be instantiated" do
|
||||
User.new.should be_an_instance_of(User)
|
||||
end
|
||||
it "can be instantiated" do
|
||||
User.new.should be_an_instance_of(User)
|
||||
end
|
||||
|
||||
it "should require a email" do
|
||||
User.new(:email => "").should_not be_valid
|
||||
end
|
||||
it "should require a email" do
|
||||
User.new(:email => "").should_not be_valid
|
||||
end
|
||||
|
||||
it "should require valid email" do
|
||||
User.new(:email => "@gmail.com").should_not be_valid
|
||||
end
|
||||
it "should require valid email" do
|
||||
User.new(:email => "@gmail.com").should_not be_valid
|
||||
end
|
||||
|
||||
it "should require unique email" do
|
||||
user = User.all.first
|
||||
User.new(:email => user.email).should_not be_valid
|
||||
end
|
||||
it "should require unique email" do
|
||||
user = User.all.first
|
||||
User.new(:email => user.email).should_not be_valid
|
||||
end
|
||||
|
||||
it "name can be updated" do
|
||||
new_name = "Bobby"
|
||||
user = User.all.first
|
||||
user.first_name = new_name
|
||||
user.save!
|
||||
User.all.first.first_name.should == new_name
|
||||
end
|
||||
end
|
||||
it "name can be updated" do
|
||||
new_name = "Bobby"
|
||||
user = User.all.first
|
||||
user.first_name = new_name
|
||||
user.save!
|
||||
User.all.first.first_name.should == new_name
|
||||
end
|
||||
end
|
||||
|
||||
+1
-1
@@ -1,7 +1,7 @@
|
||||
# This file is copied to spec/ when you run 'rails generate rspec:install'
|
||||
ENV["RAILS_ENV"] ||= 'test'
|
||||
|
||||
# To use simplecov, do this: COVERAGE=true rake
|
||||
# To use simplecov, do this: COVERAGE=true rake
|
||||
require 'simplecov'
|
||||
SimpleCov.start if ENV["COVERAGE"]
|
||||
|
||||
|
||||
@@ -18,13 +18,13 @@ feature 'xss' do
|
||||
fill_in 'user_password_confirmation', :with => @normal_user.clear_password
|
||||
end
|
||||
click_on 'Submit'
|
||||
|
||||
|
||||
sleep(1)
|
||||
|
||||
|
||||
visit "/users/#{@normal_user.user_id}/account_settings"
|
||||
|
||||
|
||||
pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' }
|
||||
|
||||
|
||||
# might be nice to demonstrate posting cookie contents or somesuch, but
|
||||
# this at least shows the vulnerability still exists.
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user