Insecure Password Storage

OWASP / railsgoat

A vulnerable version of Rails that follows the OWASP Top 10

railsgoat.cktricky.com

MIT License

858 stars 666 forks source link

Insecure Password Storage #319

Open nvisium-john-poulin opened 6 years ago

nvisium-john-poulin commented 6 years ago

If you follow the documentation, you will be left in a situation where loading the seed data / running spec tests will throw the following error:

rake aborted!
ActiveModel::UnknownAttributeError: unknown attribute 'password' for User.
/Users/jpoulin/.rvm/gems/ruby-2.4.3/gems/activemodel-5.1.5/lib/active_model/attribute_assignment.rb:48:in `_assign_attribute'

This is likely due to the fact that we remove the password column, and AR no longer sees the attribute password.

nvisium-john-poulin commented 6 years ago

I was able to get this to work through adding attr_accessor :password to the User model.