team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,828 Commits 1 Branch 0 Tags
215116728d4a65a4db18c408d7d342a6dbdc62aa
Commit Graph

405 Commits

Author SHA1 Message Date
Arkadii Yakovets 215116728d Update OWASP backronym: Web -> Worldwide 2025-12-03 08:40:05 -08:00
Ken Johnson c1e8ff1e3b Merge pull request #406 from tdtds/improve_a11y 
improve accessibility
 2022-08-16 18:43:54 -04:00
Tada, Tadashi ad708f5546 fix api does not work 2021-04-30 17:39:10 +09:00
Tada, Tadashi 27f02c2dc9 improve accessibility 
* add 'aria-label' into some elements without the label
* add 'aris-label' into some visual elements
* replace some 'a' elements have a button action to 'button'
 2021-04-30 17:23:48 +09:00
Eli Block 5f15cabfd2 feat: add password minimum to placeholder text 2020-07-09 15:03:54 -07:00
Justin Collins a2aa0f1eb7 Center company name on login page 2020-05-13 17:26:33 -07:00
Justin Collins 8aebfbcc11 Center company name on password reset pages 2020-05-13 17:22:53 -07:00
Ken Johnson df1bae06b9 Merge pull request #379 from presidentbeef/strip_whitespace_email_at_login 
Strip whitespace from email when logging in
 2020-04-05 13:13:25 -04:00
Ken Johnson 55b4e21dc5 Merge pull request #380 from presidentbeef/fix_alert_box_profile_settings 
Fix alert box on account settings
 2020-04-05 13:12:51 -04:00
Ken Johnson e93e28d762 Merge pull request #381 from presidentbeef/fix_bonus_html 
Add missing < on bonus work info
 2020-04-05 13:12:03 -04:00
Justin Collins de04f0fff1 Fix missing < on bonus work info 
Plus some whitespace adjustment for clarity
 2020-03-27 09:43:51 -07:00
Justin Collins d25e62db1c Fix alert boxes on bank account settings page 2020-03-26 10:50:41 -07:00
Justin Collins fc77a98461 Fix alert box on account settings 
Remove unnecessary divs that were adding extra whitespace to top of page
 2020-03-25 11:57:59 -07:00
Justin Collins 6acf74aa35 Strip whitespace from email when logging in 
Makes it a little easier to copy-paste credentials
 2020-03-25 11:22:20 -07:00
Justin Collins 4c7286d088 Remove unused dashboard README link 2020-03-18 14:17:55 -07:00
Al Snow 93815c34d4 Upgraded [foreman, sprockets, zeitwerk] gems 2019-10-09 09:46:00 -04:00
Al Snow 23d145129d Upgraded Ruby to 2.7.0-preview1 and Rails to 6.0.0 - fixed 1 spec 2019-09-09 15:13:29 -04:00
Al Snow b8262ecb0a Fixed rubocop messages 2018-03-08 17:02:24 -05:00
Bharath 5097302bee Fixed a javascript file name in app/views/pay/index.html.erb 
The javascript file name in app/views/pay/index.html.erb
'jquery.dataTables.js' is not consistent with the actual
JS file in /app/assets/javascripts 'jquery.dataTables.min.js'
This commit fixes by renaming the erring line in index.html.erb
 2018-01-23 19:25:08 +05:30
Joseph Mastey bb863f5156 appease our new robot overlords. 
(I voted for Krang)
 2017-12-12 21:00:45 -06:00
Joseph Mastey 4587a5ff67 more fixes for tests post-merge 2017-12-12 15:25:37 -06:00
Joseph Mastey b6c2259b88 removes user_id column from User model to use idiomatic Rails automatic IDs 2017-12-12 15:19:22 -06:00
Joseph Mastey 6e0a0a8312 feat(cops): clean rubocop run 
1. ignoring one file because it's an intentional vuln
2. made a few small semantic changes, but verified that they're equivalent.
 2017-12-06 17:14:25 -06:00
Joseph Mastey 9902345291 chore(rubocop): giganto rubocop commit. 
muahahahah
 2017-12-05 18:46:21 -06:00
Ken Johnson 3b16f04edd Merge pull request #278 from jmmastey/updated-minified-js 
@jmmastey LGTM 👍 

Good call on removing the stock photos that shipped with this as well as updating libs and removing cruft. Thank you as always 🙇
 2017-11-16 09:47:08 -05:00
Ken Johnson b97d5f3976 Fixing an error... 
Incorrect credentials
 2017-11-13 14:44:37 -05:00
Joseph Mastey af0d229aa0 remove unused sparkline library, update jquery validation library 
which honestly is only used once, so we may want to drop that in favor of
html5-based validation anyway
 2017-10-23 21:49:32 -05:00
Joseph Mastey b27ad709a3 remove unused js libraries 2017-10-23 21:40:41 -05:00
Joseph Mastey 0ac072e7e8 update fullcalendar js library, plus styles etc 2017-10-23 21:10:22 -05:00
Joseph Mastey f5a8e0c6a8 upgrade jQuery dataTable library, with minified version 2017-10-23 20:53:55 -05:00
Ken Johnson b6d5fbbc3a Merge pull request #276 from jmmastey/fix-password-reset-path 
Awesome @jmmastey. I think we went with a match route, later changed it as match was *sorta-ish* deprecated in Rails 4+. Anyways, believe those changes might have caused some issues.

Either way, verified everything worked locally and performed PR. Thanks again!
 2017-10-11 11:20:15 -04:00
Joseph Mastey 97e8b82e0c bug(password): fixes URL for password reset 2017-10-06 19:52:37 -05:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Ken Johnson e139019c4c Merge pull request #271 from jmmastey/dont-reencrypt-password 
fix user password field to not accidentally re-encrypt itself on save
 2017-10-02 18:58:02 -04:00
Joseph Mastey d3fce41e60 change to idiomatic use of layouts versus regular views 
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code

there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
 2017-09-27 19:22:44 -05:00
Joseph Mastey 8b2f93516d fix user password field to not accidentally re-encrypt itself on save 
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
 2017-09-27 18:57:40 -05:00
Al Snow 20635993c8 Upgraded Ruby to 2.4.2, fixed OpenSSL warnings, and 3 gems 2017-09-25 12:58:06 -04:00
cktricky 1ead42626e I have moved the build_benefits_data invocation from the controller to the model using before_create. This has not affected behavior afaict. Tested by running rake db:drop db:setup and RAILSGOAT_MAINTAINER=yes rake (all tests passed). 2017-09-19 11:21:08 -04:00
Ken Johnson 4d17b3b2b0 Merge pull request #265 from jmmastey/fix-nil-check-in-work-info 
bug(work-info): raise more useful error when key_management is missing
 2017-09-19 10:57:38 -04:00
Joseph Mastey ca9ddb6a14 bug(rails): fix incompatibility with Rails 5 2017-09-18 20:08:02 -05:00
Joseph Mastey 9fc05eacde feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 19:50:23 -05:00
Joseph Mastey 722a2cebe7 bug(work-info): raise more useful error when work_info.key_management is missing 2017-09-18 16:28:05 -05:00
Joseph Mastey 11ab30eb90 bug(pto): fix issue where not having a PTO record causes the app to barf 
closes #187
 2017-09-18 12:43:47 -05:00
Tom Copeland e8da858e0e Comment out csrf_meta_tags 
Per https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF this line should
be commented out for the developer to fix (by uncommenting it).
 2017-07-21 09:16:20 -04:00
Joseph Mastey d51f48f2d9 Fixes several issues with version migration. 2017-01-29 18:08:44 -06:00
Joseph Mastey c310273606 upgrade(rails 5): change before_filter to before_action 2017-01-19 13:59:14 -06:00
Joseph Mastey 692fb99e51 upgrade(rails 5): add application record 2017-01-19 13:55:03 -06:00
cktricky 7f5af27478 removed comments and Fixed Issue #184 2016-04-19 08:43:18 -04:00
cktricky 8374026697 Resolves issue #229 2016-04-11 09:03:07 -04:00
yuji.matsunaga 2919d57945 fixed messages create error 2016-04-07 16:49:22 +09:00