Just had a quick look.
Not one test in the whole codebase.
You can't judge an app on that, tests mean you're protecting yourself against regressions.Not one test in the whole codebase.
The app was written in 4 days, I think it is an impressive piece of work despite a couple major security flaws I identified by simply having a quick look.
aren't unit tests a default part of rails these days?
or is that some other kind of test?
Rails gives you the infrastructure to easily write them since day one. But they don't just write themselves or is that some other kind of test?
The real facepalm flaw is the fact that production passwords are stored in the code itself. This is plain wrong.
You're effectively giving the github (or whatever source control system you use) access to all funds at all times.
And it's fucking trivial to get right, just make a deploy hook to copy the production configuration files from the production server, to the production server.