6a4ecb27e0
Upgraded power_assert and rake gems
2017-10-25 07:53:29 -04:00
d47a0a4745
Upgraded globalid gem
2017-10-24 16:38:29 -04:00
66e9de21bc
Upgraded binding_of_caller gem
2017-10-21 21:13:18 -04:00
a6386d5563
Upgraded pry gem
2017-10-19 08:49:02 -04:00
7f64aaafb9
Upgraded rspec-rails gem; Removed un-needed puma gem
2017-10-18 09:03:47 -04:00
b3961670c6
Upgraded rspec gem; Added puma gem
2017-10-17 14:40:57 -04:00
47317f854a
Upgraded backports gem
2017-10-17 08:46:11 -04:00
e4e6ab38e0
Upgraded i18n gem
2017-10-16 09:35:45 -04:00
64511f505b
Upgraded better_errors gem
2017-10-13 16:45:13 -04:00
93f1a2403d
Merge branch 'master' of https://github.com/OWASP/railsgoat
2017-10-13 16:44:20 -04:00
058b4e08e7
Merge pull request #275 from jmmastey/remove-unused-test-suite
...
chore(tests): remove unused TestUnit suite, plus fixtures included in it
2017-10-11 11:40:36 -04:00
c8fc8a57b0
Merge branch 'master' of https://github.com/OWASP/railsgoat
2017-10-11 11:34:26 -04:00
b6d5fbbc3a
Merge pull request #276 from jmmastey/fix-password-reset-path
...
Awesome @jmmastey. I think we went with a match route, later changed it as match was *sorta-ish* deprecated in Rails 4+. Anyways, believe those changes might have caused some issues.
Either way, verified everything worked locally and performed PR. Thanks again!
2017-10-11 11:20:15 -04:00
d8eb813d83
Upgraded backports gem
2017-10-11 10:43:25 -04:00
033cf1b8cf
Upgraded erubi gem
2017-10-10 20:59:23 -04:00
36a812a87c
Upgraded [backports, cucumber-expressions, capybara] gems
2017-10-07 08:27:11 -04:00
a6802aee5c
chore(tests): remove unused TestUnit suite, plus fixtures included in it
2017-10-06 19:58:12 -05:00
97e8b82e0c
bug(password): fixes URL for password reset
2017-10-06 19:52:37 -05:00
9a3e2f3938
Upgraded sass and bundler gems
2017-10-05 08:40:26 -04:00
b8c6fc15f8
Merge branch 'master' of https://github.com/OWASP/railsgoat
2017-10-04 14:48:42 -04:00
5920596c73
Merge pull request #274 from mccabe615/master
...
Cleaning up seeds file
2017-10-04 14:27:43 -04:00
39e8f75e2d
fixing IDOR spec
2017-10-04 13:43:34 -04:00
e60fbb6399
cleaning up seeds file
2017-10-04 13:39:31 -04:00
7f010cf7a8
updating seeds adding new admin
2017-10-04 13:21:52 -04:00
86e7fedc53
Upgraded [capybara, unicorn] gems
2017-10-04 09:58:12 -04:00
f93483029f
Merge branch 'jmmastey-add-test-case-for-a1-field-injection'
2017-10-02 19:07:15 -04:00
f5cfec3bf4
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection
2017-10-02 19:06:11 -04:00
e139019c4c
Merge pull request #271 from jmmastey/dont-reencrypt-password
...
fix user password field to not accidentally re-encrypt itself on save
2017-10-02 18:58:02 -04:00
b70e6e7b5e
Merge pull request #272 from jmmastey/idiomatic-use-of-layouts
...
change to idiomatic use of layouts versus regular views
2017-10-02 18:36:54 -04:00
8dc2d0c79f
Merge pull request #273 from jasnow/master
...
Upgraded 5 gems
2017-10-02 16:08:00 -04:00
1529c8c6e2
Merge branch 'master' of https://github.com/jasnow/railsgoat
2017-10-02 15:47:02 -04:00
68e475efd7
Upgraded cucumber gem
2017-10-02 15:46:38 -04:00
8fc08425f0
Upgraded cucumber gem
2017-09-29 11:23:19 -04:00
d3fce41e60
change to idiomatic use of layouts versus regular views
...
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code
there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
2017-09-27 19:22:44 -05:00
8b2f93516d
fix user password field to not accidentally re-encrypt itself on save
...
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
2017-09-27 18:57:40 -05:00
145fdcd03c
Upgraded to cucumber and backports gems
2017-09-27 19:22:58 -04:00
935dd6b3ea
Upgraded to latest edge rails + [method-source, pry, bundler] gems
2017-09-26 09:00:36 -04:00
b7db890f51
Merge pull request #269 from jasnow/master
...
Upgraded to Ruby 2.4.2 plus misc gems
2017-09-25 13:46:41 -04:00
20635993c8
Upgraded Ruby to 2.4.2, fixed OpenSSL warnings, and 3 gems
2017-09-25 12:58:06 -04:00
c242fb27e3
Upgraded test-unit gem
2017-09-21 07:45:21 -04:00
5627f5d783
Upgraded [pry, slop] gems
2017-09-20 13:51:21 -04:00
d653743746
Merge branch 'master' of https://github.com/OWASP/railsgoat
2017-09-20 13:49:17 -04:00
87e8ebc8e5
Merge pull request #263 from jmmastey/fixing-password-vuln-makes-seeds-invalid
...
Fixing password vuln makes seeds invalid
2017-09-19 19:32:50 -04:00
d101564608
Upgraded [mini_portile2, nokogiri] gems
2017-09-19 14:38:06 -04:00
59857671f1
Merge pull request #267 from cktricky/switch_build_user_info_from_controller_to_model
...
Relocated build_benefits_data invocation
2017-09-19 11:47:54 -04:00
3322441ba4
whoops. Good catch @jmmastey
2017-09-19 11:38:03 -04:00
1ead42626e
I have moved the build_benefits_data invocation from the controller to the model using before_create. This has not affected behavior afaict. Tested by running rake db:drop db:setup and RAILSGOAT_MAINTAINER=yes rake (all tests passed).
2017-09-19 11:21:08 -04:00
4d17b3b2b0
Merge pull request #265 from jmmastey/fix-nil-check-in-work-info
...
bug(work-info): raise more useful error when key_management is missing
2017-09-19 10:57:38 -04:00
585f566f88
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into add-test-case-for-a1-field-injection
2017-09-18 20:10:34 -05:00
ca9ddb6a14
bug(rails): fix incompatibility with Rails 5
2017-09-18 20:08:02 -05:00
Al Snow