Ken Johnson
5dd05249ec
This addresses the remaining test failures @jasnow reported in issue #486. Fixes: 1. Ambiguous Login button - Changed from click_button "Login" to find("input[type='submit'][value='Login']").click to specifically target the form submit button and avoid the header Login button 2. Fixed password_complexity_spec field names: - user_email → email - user_first_name → first_name - user_last_name → last_name - user_password → password - user_password_confirmation → password_confirmation - Submit → Create Account (correct button text) 3. Applied same selector fix to login helper in capybara_shared.rb These changes complete the test suite fixes for the new UI that was introduced in the file upload UX improvements. Related: #486 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
33 lines
965 B
Ruby
33 lines
965 B
Ruby
# frozen_string_literal: true
|
|
require "spec_helper"
|
|
|
|
feature "broken_auth" do
|
|
let(:normal_user) { UserFixture.normal_user }
|
|
|
|
before do
|
|
UserFixture.reset_all_users
|
|
|
|
pending unless verifying_fixed?
|
|
end
|
|
|
|
scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
|
|
wrong_email = normal_user.email + "not"
|
|
|
|
visit "/"
|
|
fill_in "email", with: wrong_email
|
|
fill_in "password", with: normal_user.clear_password
|
|
find("input[type='submit'][value='Login']").click
|
|
|
|
expect(find("div#flash_notice").text).not_to include(wrong_email)
|
|
end
|
|
|
|
scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
|
|
visit "/"
|
|
fill_in "email", with: normal_user.email
|
|
fill_in "password", with: normal_user.clear_password + "not"
|
|
find("input[type='submit'][value='Login']").click
|
|
|
|
expect(find("div#flash_notice").text).not_to include("Incorrect Password!")
|
|
end
|
|
end
|