team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,924 Commits 1 Branch 0 Tags
2a4171daf323692d2c171f19263d722cf8aeb5d0
Commit Graph

50 Commits

Author SHA1 Message Date
Ken Johnson 5dd05249ec Fix remaining CSS selector and form field issues from UI/UX overhaul 
This addresses the remaining test failures @jasnow reported in issue #486.

Fixes:
1. Ambiguous Login button - Changed from click_button "Login" to
   find("input[type='submit'][value='Login']").click to specifically
   target the form submit button and avoid the header Login button

2. Fixed password_complexity_spec field names:
   - user_email → email
   - user_first_name → first_name
   - user_last_name → last_name
   - user_password → password
   - user_password_confirmation → password_confirmation
   - Submit → Create Account (correct button text)

3. Applied same selector fix to login helper in capybara_shared.rb

These changes complete the test suite fixes for the new UI that was
introduced in the file upload UX improvements.

Related: #486

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-05 08:21:46 -05:00
Ken Johnson 7afaabdb9b Remove confusing pending status from password_hashing_spec 
The password_hashing_spec was using 'pending unless verifying_fixed?' which caused
confusing output in maintainer mode:
- Before: "1 example, 0 failures, 1 pending" with "(compared using ==)" message
- After: "1 example, 0 failures" - clean output

The spec now uses conditional expectations:
- Training mode: expects password is NOT MD5 hashed (test fails, vulnerability exists)
- Maintainer mode: expects password IS MD5 hashed (test passes, verifies vulnerability)

This addresses the "(compared using ==)" error message that @jasnow reported in issue #486.

Related to #486
 2026-01-04 17:38:40 -05:00
Nicole Rifkin 5191409db6 validate root is localhost in redirect_spec 2019-11-21 09:07:38 -05:00
Nicole Rifkin 483112bb18 clean up mass_assignment_spec 2019-11-20 17:06:23 -05:00
Nicole Rifkin e72f4ca64f update tutorial links 2019-11-20 14:27:56 -05:00
Nicole Rifkin 02dcd42bc7 clean up unvalidated_redirects_spec 2019-11-20 09:57:58 -05:00
Nicole Rifkin d82ff9a66a clean up insecure_dor_spec 2019-11-20 09:24:24 -05:00
Nicole Rifkin 18433833d3 clean up url_access_spec 2019-11-20 07:53:25 -05:00
Nicole Rifkin 7eb0ddf229 clean up insecure_dor_spec 2019-11-20 07:49:52 -05:00
Al Snow 23d145129d Upgraded Ruby to 2.7.0-preview1 and Rails to 6.0.0 - fixed 1 spec 2019-09-09 15:13:29 -04:00
cktricky 00af8293b2 changed user_id to id 2017-12-19 08:26:02 -05:00
Joseph Mastey 33d2c46df5 please robot overlords, plus verbiage change 2017-12-13 08:37:23 -06:00
Joseph Mastey 5643edcc5d refactor vulnerabilities so that users can turn them from failing to passing 2017-12-13 08:33:50 -06:00
Joseph Mastey fb2254342e Changes tests to invert the logic, so that users can turn tests from red to green 2017-12-13 08:21:52 -06:00
Joseph Mastey bb863f5156 appease our new robot overlords. 
(I voted for Krang)
 2017-12-12 21:00:45 -06:00
Joseph Mastey 4587a5ff67 more fixes for tests post-merge 2017-12-12 15:25:37 -06:00
Joseph Mastey 6969322920 feat(tests): fix tests for change in user_id format 2017-12-12 15:22:39 -06:00
Joseph Mastey b6c2259b88 removes user_id column from User model to use idiomatic Rails automatic IDs 2017-12-12 15:19:22 -06:00
Joseph Mastey 9902345291 chore(rubocop): giganto rubocop commit. 
muahahahah
 2017-12-05 18:46:21 -06:00
Mike McCabe 39e8f75e2d fixing IDOR spec 2017-10-04 13:43:34 -04:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Joseph Mastey 9fc05eacde feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 19:50:23 -05:00
Joseph Mastey b934194ffe bug(passwords): fix situations where better password rules inadvertently break tests 
* use bang version of save methods in the seeds file, so that when you fix validation,
  it will at least explode, rather than silently failing to create users
* fix two tests where passwords are hardcoded so that they use stronger passwords,
  since password complexity is not the important bit of either of those tests.
 2017-09-18 12:58:26 -05:00
Joseph Mastey 563ada1e04 refer to Rails 5 wiki (to be created) 2017-01-29 19:04:48 -06:00
Joseph Mastey 8c38edd90b upgrade(rails-5): we updated the db/config, broke the test that extracts it 2017-01-19 15:53:24 -06:00
cktricky 79c1ddd45d Fixes #165 2016-06-09 22:33:53 -04:00
Al Snow 0cc4980c46 Upgraded rspec-rails from 2.99.0 to 3.4.0 2016-04-14 17:34:27 -04:00
Al Snow fb923baee4 Upgraded rspec 2.14.2 to 2.99.0 2016-03-19 18:33:01 -04:00
mccabe615 7e11dee133 trying to fix the broken specs. still doesn't pass but it may be due to changes in capybara 2015-11-22 14:55:54 -05:00
Al Snow b6d766329c Based on cane gem, removed tab indents and trailing blanks 2015-09-14 10:11:03 -04:00
cktricky a2c4f46c26 I have changed the second visit statement from the root path (/) to the account settings page. The reason is that the submit button is changed via JS but you need to be at the account settings page to see that change 2015-07-06 13:25:46 -04:00
Al Snow 890b77bdaf Upgraded 5 gems by rebuilding Gemfile.lock file 2015-03-28 10:46:52 -04:00
cktricky 48986b1bbb fixes xss spec failure 2015-03-27 15:04:31 -04:00
Al Snow 4bf596f95f Upgraded 1 gem by rebuilding Gemfile.lock file; Added sleep to try to fix fragile spec 2015-03-19 16:51:22 -04:00
Al Snow 0957033457 Upgraded to Ruby 2.1.3; Changed timeout value 2014-09-19 19:00:40 -04:00
Al Snow 74d047507a Changed timeout to 25000 for all envs 2014-09-19 11:12:32 -04:00
Al Snow 1ea0c2ddbb More Rails 4.0 upgrade changes 
1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb
 2014-09-13 13:44:07 -04:00
cktricky 4af22d952d fixed broken spec test 2014-04-18 09:25:07 -04:00
cktricky c157496b1e fixed broken spec test by changing the reference to an incorrect location when downloading the database.yml file 2014-04-17 20:17:33 -04:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky 11480ac853 tests are working again, I will work on surpressing the errors. Also merged @jasnow work 2013-10-27 21:46:12 -04:00
Mike McCabe b8c400b29d commenting out this test until I can get it to go into failure not pending 2013-10-23 18:28:24 -04:00
Mike McCabe 01458fb0f5 this reduces the error but we still need to rescue the file not found error. for another day. 2013-10-23 18:28:24 -04:00
cktricky 7c1d52320a does not fix the error that occurs (as it should, but that we want to obfuscate) when a command is injected into, however, it does pass the build and does not break the entire call 2013-10-23 17:11:28 -05:00
Mike McCabe a921f2118d minor fix 2013-10-22 17:08:27 -04:00
Mike McCabe 6fa175ac61 a little fix for the error running the command injection spec. basically capturing the error from cp and sending it to the gutter 2013-10-22 11:31:47 -04:00
Mike McCabe c9231233e5 make test go into pending unless salt attribute defined for travis 2013-10-09 14:24:10 -04:00
Mike McCabe 82387a1f92 updating spec to fail if salt is not defined 2013-10-09 13:18:32 -04:00
Mike McCabe e999c02506 adding password hashing spec 2013-10-09 12:55:00 -04:00
Mike McCabe a93159c9f2 adding launchy 2013-10-09 11:07:13 -04:00