This addresses the remaining test failures @jasnow reported in issue #486.
Fixes:
1. Ambiguous Login button - Changed from click_button "Login" to
find("input[type='submit'][value='Login']").click to specifically
target the form submit button and avoid the header Login button
2. Fixed password_complexity_spec field names:
- user_email → email
- user_first_name → first_name
- user_last_name → last_name
- user_password → password
- user_password_confirmation → password_confirmation
- Submit → Create Account (correct button text)
3. Applied same selector fix to login helper in capybara_shared.rb
These changes complete the test suite fixes for the new UI that was
introduced in the file upload UX improvements.
Related: #486🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes test suite to run cleanly across different platforms (macOS, Linux, Windows)
after the Rails 5→8 upgrade and UI/UX overhaul.
## Issues Fixed
1. **Firefox/Selenium driver errors**: Removed deprecated Poltergeist/PhantomJS
configuration and properly configured Selenium with headless Chrome. This
works across all platforms without requiring Firefox.
2. **CSS selector errors** ('Unable to find css ".signup"'): The UI/UX overhaul
removed the .signup CSS class. Updated the login helper to work with the
new login form structure.
3. **Ambiguous Login button**: The new UI has both a Login button and Login link.
Changed from `click_on "Login"` to `click_button "Login"` to be specific.
4. **Deprecation warning**: Opted into Rails 8.1 behavior for to_time timezone
preservation to eliminate deprecation warnings.
## Changes
- spec/support/capybara_shared.rb:
* Removed deprecated Poltergeist/PhantomJS configuration
* Configured Selenium with headless Chrome
* Updated login helper to work with new UI (removed .signup/.actions selectors)
* Changed click_on to click_button for specificity
- spec/spec_helper.rb:
* Removed conflicting Capybara.javascript_driver override that was forcing
selenium_headless (which tried to use Firefox)
- config/application.rb:
* Added config.active_support.to_time_preserves_timezone = :zone to opt into
Rails 8.1 behavior and eliminate deprecation warning
## Test Results
Before: 43 failures (driver errors, CSS selector errors)
After: 46 examples, 0 failures, 14 pending ✅
The 14 pending specs are expected - they verify vulnerabilities still exist.
## Platform Requirements
JavaScript tests now require Chrome/Chromium to be installed:
- macOS: Chrome is usually installed
- Ubuntu: `sudo apt-get install chromium-browser chromium-chromedriver`
- Windows: Chrome is usually installed
Fixes#486🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.
UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
This isn't the cleanest approach, but should be good for now.
Obviously, there are two contexts for these specs: one is from the
maintainer's standpoint, the other is from the trainee who is using
RailsGoat for training.
The maintainer wants all of these specs to pass, to ensure the
vulnerabilities are still functional as vulnerabilities.
The trainee could potentially use these specs (though reading the specs
contains spoilers) to track and verify their fixes.
I've wired in a pending block around each assertion that checks a method
to see what the result of the pending call would be. You can see
examples of how this works with conditions here:
https://www.relishapp.com/rspec/rspec-core/v/2-14/docs/pending/pending-examples
This means these specs will all fail now by default (the trainee
context), but will pass, when vulnerable, if the RAILSGOAT_MAINTAINER
env var is set.
The only flaw at the moment is that in the trainee context, fixing the
vulnerabilities will result in the specs going from failing to
_pending_, not passing (which makes sense, given how we're using RSpec's
pending functionality).
Maybe it'd be simpler/better to have a boolean toggle of our own somehow
wrap the assertions in blocks to do explicitly what we want (flip-flop
the result based on the context).
shiva chetan reddy