team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
457 Commits 1 Branch 0 Tags
70b44b36ad2674a6d56fccc07661104e7a70dab8
Commit Graph

264 Commits

Author SHA1 Message Date
cktricky 7a89ae6f17 added the tutorial for the newest logic flaw 2014-03-16 22:10:19 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky d11617f272 while the pay page could use further refinement from a visual aspect, it is completely working and ready for a tutorial 2014-03-16 16:10:12 -04:00
cktricky 41a596aba0 added some necessary comments to the pay page 2014-03-16 15:37:47 -04:00
cktricky 87f9c825ba a function to decrypt has been added to the mix 2014-03-16 15:26:33 -04:00
cktricky 3a5818c493 the basics of a working remember-me-logic-flaw completed :-) 2014-03-15 22:30:31 -04:00
cktricky 1f922916d2 have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw 2014-03-15 21:58:42 -04:00
cktricky 9951af6170 added row, now working on deletion of a column 2014-03-15 15:46:01 -04:00
cktricky 16eaefefdf view portion of adding a column almost complete, then backend logic 2014-03-15 15:29:45 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 2c8781ebc1 added a pay controller and model 2014-03-14 20:29:14 -04:00
cktricky 7823eadf3c first round of tests look okay, now we can re-use this function :-) 2014-03-14 16:32:44 -04:00
cktricky 62920b535c Merge branch 'master' of github.com:OWASP/railsgoat into pr-96 2014-03-14 14:00:56 -04:00
cktricky d0e825fc17 making sure this is up to date 2014-03-14 14:00:51 -04:00
cktricky ec8a187833 fixed the checkbox layout, etc. 2014-03-14 12:50:45 -04:00
cktricky 8daeee09f2 working on cleaning up and testing if I can push changes to a PR 2014-03-14 09:07:52 -04:00
cktricky e49b43f899 added the verbose model attributes finding under the exposure section within the tutorials 2014-03-12 20:28:59 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky 48ddc99955 some basic api functionality with a few gotchas 2014-03-12 17:45:08 -04:00
cktricky 95eb5a56fd added vulnerable auth check for the API 2014-03-12 15:40:12 -04:00
cktricky f4f5d5744c working on the auth structure for the API 2014-03-12 13:24:37 -04:00
cktricky 932d2304f9 okay first run at making an API for railsgoat 2014-03-12 12:38:41 -04:00
relotnek b9f61b3686 stylistic elements 2014-03-11 21:18:48 -04:00
relotnek b101c286ce application controller edits 2014-03-11 20:54:38 -04:00
relotnek 6a4bc922bd added user lookup in application controller by auth_token 2014-03-11 20:40:10 -04:00
relotnek a5c4dc37a2 added logic in sessions controller for rememberme checkbox 2014-03-11 20:38:26 -04:00
relotnek 18a1e219b7 added rememberme checkbox to new session form 2014-03-11 20:34:47 -04:00
relotnek 015b36d379 added cookie delete to session destroy method 2014-03-11 20:32:12 -04:00
relotnek a707e75662 added cookies.permanent in replacement of session 2014-03-11 20:31:32 -04:00
relotnek 4e6006dcc8 added before_create generate token to user model 2014-03-11 20:29:43 -04:00
relotnek e7c30151d4 added token to users model and generate token method to users controller 2014-03-11 20:28:15 -04:00
cktricky c559bd5602 updated tutorial to reflect changes to the correct code listed within the user model 2014-03-09 20:16:54 -04:00
ecneladis 84fd9503ca Removed duplicated code from exemplary validations for password 2014-03-06 19:40:33 +01:00
cktricky 80e9fd11a8 minor UI improvements on the Forgot Password and Register pages 2013-12-24 08:46:43 -05:00
cktricky e757f33c0a UI improvements for the login page 2013-12-24 08:35:29 -05:00
Mike McCabe abe22b19e9 adding password rest method and changing some logic around 2013-12-11 22:25:02 -05:00
James Espinosa be0d8f7594 Remove unnecessary comment 2013-12-04 00:59:00 -06:00
James Espinosa da1845e8f9 Implement working mailer and controller 2013-12-04 00:57:32 -06:00
James Espinosa 1a3d6d690c Update SMTP settings for Mailcatcher 2013-12-03 21:16:44 -06:00
James Espinosa 26e04deb9f Implement basic password reset mailer 2013-11-25 19:36:33 -06:00
James Espinosa 93d7c2bd44 Add mailtrap.io SMTP settings 2013-11-24 23:57:52 -06:00
James Espinosa 9a5f04cefd Update button, for consistency 2013-11-24 20:48:07 -06:00
James Espinosa a9fad698e8 Minor code cleanup, for readability 2013-11-24 20:42:17 -06:00
James Espinosa 5db8eab564 Fix typo, should be password 2013-11-24 20:34:18 -06:00
Mike McCabe ce239e84be oops, maybe I should actually run the tests before committing 2013-11-23 17:59:41 -05:00
Mike McCabe c7515af6ab adding basic forgot password controller and views 2013-11-23 16:04:48 -05:00
cktricky 810c086130 Merge branch 'master' of github.com:OWASP/railsgoat 2013-11-14 15:05:14 -05:00
cktricky 53dcc75f74 I think there was a subtle bug in the intentional security bypass within the admin controller 2013-11-14 15:05:00 -05:00
Mike McCabe 4801dc518a fixing two A5 typos 2013-11-14 11:26:31 -05:00
Mike McCabe 3ec9765ca3 small update to A7 2013-11-14 11:24:15 -05:00