team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,883 Commits 1 Branch 0 Tags
fe53d38da00eea6468451da48be6892b8e676209
Commit Graph

33 Commits

Author SHA1 Message Date
Ken Johnson decf82962d Simplify admin user editing - remove modal, use regular CRUD pages 
Remove complex modal implementation and replace with simple page navigation:
- Convert get_user view from modal partial to full edit page
- Add proper form with Bootstrap 5 styling
- Link directly from users list to edit page
- Update controller actions to redirect instead of returning JSON
- Add flash messages for success/error feedback
- Remove all modal JavaScript and markup
- Remove modal CSS and backdrop handling

Benefits:
- Much simpler and more maintainable
- No JavaScript errors or complexity
- Standard Rails CRUD pattern
- Better user experience with proper navigation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-07 22:26:17 +00:00
Al Snow 23d145129d Upgraded Ruby to 2.7.0-preview1 and Rails to 6.0.0 - fixed 1 spec 2019-09-09 15:13:29 -04:00
Joseph Mastey b6c2259b88 removes user_id column from User model to use idiomatic Rails automatic IDs 2017-12-12 15:19:22 -06:00
Joseph Mastey 6e0a0a8312 feat(cops): clean rubocop run 
1. ignoring one file because it's an intentional vuln
2. made a few small semantic changes, but verified that they're equivalent.
 2017-12-06 17:14:25 -06:00
Joseph Mastey 9902345291 chore(rubocop): giganto rubocop commit. 
muahahahah
 2017-12-05 18:46:21 -06:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Joseph Mastey d3fce41e60 change to idiomatic use of layouts versus regular views 
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code

there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
 2017-09-27 19:22:44 -05:00
Joseph Mastey ca9ddb6a14 bug(rails): fix incompatibility with Rails 5 2017-09-18 20:08:02 -05:00
Joseph Mastey c310273606 upgrade(rails 5): change before_filter to before_action 2017-01-19 13:59:14 -06:00
cktricky 7f5af27478 removed comments and Fixed Issue #184 2016-04-19 08:43:18 -04:00
Al Snow 23513cf8d2 Initial Rails 4.0.x upgrade 2014-09-07 13:00:54 -04:00
cktricky b5c202ef40 Resolves issue #138 2014-07-11 06:38:36 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
John Poulin 5bb9c75f06 Added fix for Analytics SQLi 2014-04-17 20:05:07 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
cktricky 53dcc75f74 I think there was a subtle bug in the intentional security bypass within the admin controller 2013-11-14 15:05:00 -05:00
Mike McCabe 235b6418d0 A7 adding before filter to see if admin or admin_id is 1 2013-11-13 19:35:12 -05:00
cktricky 4be667b606 working 2013-11-13 19:02:37 -05:00
Mike McCabe 91e6797b40 adding broken functionality for A7 2013-11-13 18:23:38 -05:00
Ken Johnson 089e9540ac finished admin filter and write-up for issue #6 2013-06-04 11:49:59 -04:00
Ken Johnson 06dce1f8b2 I believe this has resolved the dependent destruction and we can close issue #18 2013-06-02 13:08:56 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson 6199beb780 we are going to fix this by automatically generating data for ppl that register HOWEVER, just in case that fails for some reason, I have applied a filter that ensures if some data is not associated with a person they cannot navigate to all aspects of the application. This is a preventive measure 2013-05-31 19:02:00 -04:00
Ken Johnson 0d841124f5 assigned a user id, does not "appear" to have screwed anything up 2013-05-24 15:25:06 -04:00
Ken Johnson 31ce6ab1b5 test 2013-05-24 13:19:44 -04:00
Ken Johnson b2e2a1b4b0 moved delete button away from submit button (duh), and changed delete a user to a POST request after realizing a spider might wreak havoc on that and delete all users 2013-05-21 00:42:56 -04:00
Ken Johnson bd95958f17 added delete button 2013-05-20 22:21:00 -04:00
Ken Johnson 4337cb9a46 made sure the table refreshes after an update 2013-05-20 17:35:24 -04:00
Ken Johnson 5fd72fcd6f update users info via ajax is working, yay. Next thing is we need to move the datatables into an ajax call and so that we can refresh the table upon any changes occuring 2013-05-20 16:31:59 -04:00
Ken Johnson f7dbc482bb added a table to manage users 2013-05-17 14:08:18 -04:00
Ken Johnson a279d06b4c created admin controller 2013-05-17 10:25:56 -04:00