**Password Reset Pages**:
Forgot Password (password_resets/forgot_password.html.erb):
- Complete rewrite with modern card-based layout
- Icon-enhanced form with email validation
- Helpful info box with reset instructions
- "Back to Login" link for easy navigation
- Gradient background matching login page style
Reset Password (password_resets/reset_password.html.erb):
- Modern shield-lock icon header
- Password strength guidance with form text
- Confirmation field with proper validation
- Security tips info box with gradient styling
- Consistent with overall auth page design
**Admin Dashboard (admin/dashboard.html.erb)**:
- Replaced Bootstrap 2 classes with Bootstrap 5
- Modern alert design with icons and close buttons
- Card-based layout with subtle shadow
- Loading spinner state for user table
- Icon-enhanced header (people icon)
- Turbolinks compatibility
- Improved accessibility with ARIA labels
All pages now feature:
- Bootstrap 5 modern components
- Bootstrap Icons integration
- Rounded corners and gradient accents
- Smooth transitions and hover states
- Proper loading states and feedback
- Consistent design language across the app
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Transformed key user-facing pages with modern UI patterns:
**Login Page (sessions/new.html.erb)**:
- Enhanced warning box with gradient background and backdrop blur
- Added arrow indicator to "Learn more" link
- Improved visual hierarchy with better icon sizing
**Signup Page (users/new.html.erb)**:
- Complete rewrite from Bootstrap 2 to Bootstrap 5
- Modern card-based layout matching login page aesthetic
- Icon-enhanced form inputs with proper labels
- Side-by-side first/last name fields
- Gradient info box with training environment notice
- Proper form validation attributes
**Dashboard Home (dashboard/home.html.erb)**:
- Replaced old .span12/.row-fluid with modern grid
- Clean card-based layout with shadow
- Icon-enhanced header and buttons
- Loading spinner states during chart transitions
- Active button state indicators for chart type toggle
- Turbolinks compatibility
- Improved accessibility with ARIA labels
All pages now feature:
- Bootstrap 5 components and utilities
- Bootstrap Icons integration
- Rounded corners and modern spacing
- Gradient accents and visual depth
- Smooth transitions and hover states
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This major upgrade brings RailsGoat up to date with the latest versions:
- Ruby 2.6.5 → 3.3.6
- Rails 6.0.0 → 8.0.4
## Key Changes
### Dependencies
- Upgraded all gems to Rails 8-compatible versions
- Removed deprecated gems: therubyracer, coffee-rails, poltergeist,
travis-lint, rails-perftest, unicorn, powder, rubocop-github
- Updated puma to 6.6.1, sqlite3 to 2.8.1, rspec-rails to 8.0.2
- Added modern Rails 8 features: importmap-rails, stimulus-rails, turbo-rails
- Replaced poltergeist with selenium-webdriver for integration tests
### Code Changes
- Converted CoffeeScript files to plain JavaScript
- Updated test configuration to use Selenium headless driver
- Updated database schema to Rails 8 format
## Testing
- Application starts successfully and responds to requests
- Test suite runs with 23 examples (14 intentional vulnerability failures)
- Database migrations applied successfully
## Notes
This upgrade maintains all intentional security vulnerabilities that make
RailsGoat an effective training tool. The failing tests are expected and
demonstrate the vulnerabilities the application is designed to teach.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* use bang version of save methods in the seeds file, so that when you fix validation,
it will at least explode, rather than silently failing to create users
* fix two tests where passwords are hardcoded so that they use stronger passwords,
since password complexity is not the important bit of either of those tests.
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
Ken Johnson