team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
419 Commits 1 Branch 0 Tags
4e6006dcc88049a3fbcb45bc6ed96d74371b3f41
Commit Graph

41 Commits

Author SHA1 Message Date
relotnek 4e6006dcc8 added before_create generate token to user model 2014-03-11 20:29:43 -04:00
relotnek e7c30151d4 added token to users model and generate token method to users controller 2014-03-11 20:28:15 -04:00
ecneladis 84fd9503ca Removed duplicated code from exemplary validations for password 2014-03-06 19:40:33 +01:00
cktricky b84c8d4cc7 finished write-up for broken auth 2013-11-14 10:47:27 -05:00
cktricky b605a42812 got the code kicked off so we can encrypt SSN(s) in the database 2013-11-13 19:51:42 -05:00
cktricky a65a20a647 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-10-14 08:29:39 -04:00
Mike McCabe 8c17a3df0e adding messaging function, needs tests... 2013-10-13 21:49:17 -04:00
Mike McCabe dbd0c2548d making full_name method public 2013-10-11 16:03:37 -04:00
cktricky e2c4fb4bd8 change to the user model based on a merge with master. Master is the correct code 2013-10-11 12:04:19 -04:00
cktricky da061c79b6 intended to remove some of the weirdness when updating a users account. A blank password basically ends up causing the previously existing password to be hashed twice. Probably move to has_secure_password at some point although that may end up screwing up the intent of the particular tutorial item 2013-09-30 13:03:03 -04:00
cktricky ef8a9c1a46 merged with master 2013-09-27 21:55:50 -04:00
chrismo e0bca0139e Added command injection Capybara spec. 2013-09-27 14:59:30 -05:00
cktricky c56dbe54a7 no change really 2013-09-11 10:58:46 -04:00
cktricky d5801f0684 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-09-10 13:31:48 -04:00
Michael McCabe 69c180e845 minor changes to spec_helper and user model 2013-09-06 15:54:06 -04:00
cktricky bc74edf28d lastest work towards the secure_compare tutorial 2013-08-18 20:10:36 -04:00
cktricky 3c7a3fc9e4 still working on the timing attack prevention tutorial 2013-08-18 17:39:13 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky 65eb2caeaf made a suggestion based on digininjas comment on Rails tutorials blog post. Better to change method name to hash_password than encrypt_password 2013-08-08 16:57:58 -04:00
Ken Johnson e1dfb8309c finished the write-up for crytpo vuln, close issue #5 2013-06-03 18:08:21 -04:00
Ken Johnson 0b09e0d4c1 added the primary insecure crypto storage vuln 2013-06-03 12:52:24 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson 06dce1f8b2 I believe this has resolved the dependent destruction and we can close issue #18 2013-06-02 13:08:56 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson 4813ba9349 added visualization chart for performance history 2013-05-31 15:20:58 -04:00
Ken Johnson 379c442049 I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page 2013-05-31 14:45:31 -04:00
Ken Johnson 97ca13632d removed mass assignment of user_id in the users model 2013-05-31 11:08:38 -04:00
Ken Johnson 08a8c60276 added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data 2013-05-31 10:48:20 -04:00
Ken Johnson af763d40bf added the PTO section 2013-05-24 20:54:07 -04:00
Ken Johnson b59c85fade I feel like this is fairly important to make sure we avoid causing headaches, lol 2013-05-24 19:19:37 -04:00
Ken Johnson 471c5851c7 okay, so, we have associations rocking 2013-05-24 19:15:36 -04:00
Ken Johnson 0d841124f5 assigned a user id, does not "appear" to have screwed anything up 2013-05-24 15:25:06 -04:00
Ken Johnson dbbb2ce651 finished the first instance of broken auth and sess mgmt 2013-05-23 20:06:24 -04:00
Ken Johnson 671095e030 added a vuln for broken auth and session mgmt, issue #2 2013-05-21 00:58:11 -04:00
Ken Johnson 5fd72fcd6f update users info via ajax is working, yay. Next thing is we need to move the datatables into an ajax call and so that we can refresh the table upon any changes occuring 2013-05-20 16:31:59 -04:00
Ken Johnson 30c5736413 caused too much unexpected weirdness although would have been fun as a bug, had to remove 2013-04-28 15:23:43 -04:00
Ken Johnson 713e28b753 might have added a subtle bug ;-) 2013-04-28 02:58:24 -04:00
Ken Johnson d01e508bc3 added email validation and tthen saved any params they were entering during signup in an @user object 2013-04-28 02:49:02 -04:00
Ken Johnson 68acfe3803 added something :-) 2013-04-25 01:24:59 -04:00
Ken Johnson 47ce08bb20 working login, signup, and logout 2013-04-25 00:19:00 -04:00
Ken Johnson 5a992c3c1f made some changes to the application controller, added a user controller, and am now about to start working on the login piece 2013-04-24 18:09:43 -04:00