bartt-ssl_requirement 1.2.0

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/README

@@ -0,0 +1,138 @@
+SSL Requirement
+===============
+
+SSL requirement adds a declarative way of specifying that certain actions
+should only be allowed to run under SSL, and if they're accessed without it,
+they should be redirected.
+
+Example:
+
+    class ApplicationController < ActionController::Base
+      include SslRequirement
+    end
+
+    class AccountController < ApplicationController
+      ssl_required :signup, :payment 
+      ssl_allowed :index
+      
+      def signup
+        # Non-SSL access will be redirected to SSL
+      end
+      
+      def payment
+        # Non-SSL access will be redirected to SSL
+      end
+
+      def index
+        # This action will work either with or without SSL
+      end
+
+      def other
+        # SSL access will be redirected to non-SSL
+      end
+    end
+  
+If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
+You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without 
+any actions listed will make ALL actions SSL protected. 
+ 
+You can overwrite the protected method ssl_required? to rely on other things
+than just the declarative specification. Say, only premium accounts get SSL.
+
+For SSL domains that differ from the domain of the redirecting site, add the 
+following code to development.rb / test.rb / production.rb:
+
+    # Redirects to https://secure.example.com instead of the default 
+    # https://www.example.com.
+    config.after_initialize do
+      SslRequirement.ssl_host = 'secure.example.com'
+    end
+
+For non-SSL domains that differ from domain of redirecting site, add the
+following code to development.rb / test.rb / production.rb:
+
+	# Redirects to http://nonsecure.example.com instead of the default 
+	# http://www.example.com.
+	config.after_initialize do
+	  SslRequirement.non_ssl_host = 'nonsecure.example.com'
+	end
+
+You can also use a Proc to determine the ssl_host or non_ssl_host on the fly:
+
+	config.after_initialize do
+      SslRequirement.ssl_host = Proc.new do
+		'secure.example.com'
+	  end
+    end
+
+You are able to turn disable ssl redirects by adding the following environment configuration file:
+
+    SslRequirement.disable_ssl_check = true
+  
+P.S.: Beware when you include the SslRequirement module. At the time of
+inclusion, it'll add the before_filter that validates the declarations. Some
+times you'll want to run other before_filters before that. They should then be
+declared ahead of including this module.
+  
+SSL URL Helper
+==============
+This plugin also adds a helper a :secure option to url_for and named_routes. This property
+allows you to set a url as secure or not secure. It uses the disable_ssl_check to determine
+if the option should be ignored or not so you can develop as normal. It also
+will obey if you override SslRequirement.ssl_host or 
+SslRequirement.non_ssl_host (see above)
+
+Here is an example of creating a secure url:
+
+    <%= url_for(:controller => "c", :action => "a", :secure => true) %>
+
+If disable_ssl_check returns false url_for will return the following:
+
+    https://yoursite.com/c/a
+
+Furthermore, you can use the secure option in a named route to create a secure form as follows:
+
+    <% form_tag session_path(:secure => true), :class => 'home_login' do -%>
+      <p>
+        <label for="name">Email</label>
+        <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
+      </p>
+      <p>
+        <label for="password">Password</label>
+        <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
+      </p>
+      <p>
+        <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
+      </p>
+    <% end -%>
+
+Testing with Shoulda
+====================
+
+If you are using Shoulda, a few contexts and macros are provided:
+
+    class RegistrationsControllerTest < ActionController::TestCase
+      without_ssl_context do
+        context "GET to :new" do
+          setup do
+            get :new
+          end
+          should_redirect_to_ssl
+        end
+      end
+
+      with_ssl_context do
+        context "GET to :new" do
+          setup do
+            get :new
+          end
+          # your usual testing goes here
+        end
+      end
+    end
+    
+
+Copyright
+=========
+
+Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license

data/Rakefile

@@ -0,0 +1,26 @@
+require 'rake'
+require 'rake/testtask'
+
+desc "Run the unit tests"
+task :default => 'test'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "bartt-ssl_requirement"
+    gemspec.summary = "Allow controller actions to force SSL on specific parts of the site."
+    gemspec.description = "SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected."
+    gemspec.email = 'bartt@vurve.com'
+    gemspec.homepage = 'http://github.com/bartt/ssl_requirement'
+    gemspec.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy','revo','nathany', 'bartt']
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: gem install jeweler"
+end
+
+Rake::TestTask.new(:test) do |t|
+  t.pattern = 'test/**/*_test.rb'
+  t.ruby_opts << '-rubygems'
+  t.libs << 'test'
+  t.verbose = true
+end

data/VERSION

@@ -0,0 +1 @@
+1.2.0

data/bartt-ssl_requirement.gemspec

@@ -0,0 +1,52 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{bartt-ssl_requirement}
+  s.version = "1.2.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["RailsJedi", "David Heinemeier Hansson", "jcnetdev", "bcurren", "bmpercy", "revo", "nathany", "bartt"]
+  s.date = %q{2010-04-26}
+  s.description = %q{SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.}
+  s.email = %q{bartt@vurve.com}
+  s.extra_rdoc_files = [
+    "README"
+  ]
+  s.files = [
+    ".gitignore",
+     "README",
+     "Rakefile",
+     "VERSION",
+     "bartt-ssl_requirement.gemspec",
+     "init.rb",
+     "lib/ssl_requirement.rb",
+     "lib/url_for.rb",
+     "rails/init.rb",
+     "shoulda_macros/ssl_requirement_macros.rb",
+     "test/ssl_requirement_test.rb",
+     "test/url_for_test.rb"
+  ]
+  s.homepage = %q{http://github.com/bartt/ssl_requirement}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.6}
+  s.summary = %q{Allow controller actions to force SSL on specific parts of the site.}
+  s.test_files = [
+    "test/ssl_requirement_test.rb",
+     "test/url_for_test.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

data/init.rb

@@ -0,0 +1,2 @@
+require File.dirname(__FILE__) + "/rails/init"
+

data/lib/ssl_requirement.rb

@@ -0,0 +1,141 @@
+require "#{File.dirname(__FILE__)}/url_for"
+
+# Copyright (c) 2005 David Heinemeier Hansson
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+module SslRequirement
+  mattr_writer :ssl_host, :non_ssl_host, :disable_ssl_check
+
+  def self.ssl_host
+    determine_host(@@ssl_host)
+  end
+
+  def self.non_ssl_host
+    determine_host(@@non_ssl_host)
+  end
+
+  # mattr_reader would generate both ssl_host and self.ssl_host
+  def ssl_host
+    SslRequirement.ssl_host
+  end
+
+  def non_ssl_host
+    SslRequirement.non_ssl_host
+  end
+
+  def self.disable_ssl_check?
+    @@disable_ssl_check ||= false
+  end
+
+
+  # called when Module is mixed in
+  def self.included(controller)
+    controller.extend(ClassMethods)
+    controller.before_filter(:ensure_proper_protocol)
+  end
+
+  module ClassMethods
+    # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
+    def ssl_required(*actions)
+      write_inheritable_array(:ssl_required_actions, actions)
+    end
+
+    def ssl_exceptions(*actions)
+      write_inheritable_array(:ssl_required_except_actions, actions)
+    end
+
+    def ssl_allowed(*actions)
+      write_inheritable_array(:ssl_allowed_actions, actions)
+    end
+  end
+
+  protected
+  # Returns true if the current action is supposed to run as SSL
+  def ssl_required?
+    required = (self.class.read_inheritable_attribute(:ssl_required_actions) || [])
+    except  = self.class.read_inheritable_attribute(:ssl_required_except_actions)
+
+    unless except
+      required.include?(action_name.to_sym)
+    else
+      !except.include?(action_name.to_sym)
+    end
+  end
+
+  def ssl_allowed?
+    (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
+  end
+
+  # normal ports are the ports used when no port is specified by the user to the browser
+  # i.e. 80 if the protocol is http, 443 is the protocol is https
+  NORMAL_PORTS = [80, 443]
+
+  private
+  def ensure_proper_protocol
+    return true if SslRequirement.disable_ssl_check?
+    return true if ssl_allowed?
+
+    if ssl_required? && !request.ssl?
+      redirect_to determine_redirect_url(request, true)
+      flash.keep
+      return false
+    elsif request.ssl? && !ssl_required?
+      redirect_to determine_redirect_url(request, false)
+      flash.keep
+      return false
+    end
+  end
+
+  def determine_redirect_url(request, ssl)
+    protocol = ssl ? "https" : "http"
+    "#{protocol}://#{determine_host_and_port(request, ssl)}#{request.request_uri}"
+  end
+
+  def determine_host_and_port(request, ssl)
+    request_host = request.host
+    request_port = request.port
+
+    if ssl
+      "#{(ssl_host || request_host)}#{determine_port_string(request_port)}"
+    else
+      "#{(non_ssl_host || request_host)}#{determine_port_string(request_port)}"
+    end
+  end
+
+  def self.determine_host(host)
+    if host.is_a?(Proc) || host.respond_to?(:call)
+      host.call
+    else
+      host
+    end
+  end
+
+  def determine_port_string(port)
+    unless port_normal?(port)
+      ":#{port}"
+    else
+      ""
+    end
+  end
+
+  def port_normal?(port)
+    NORMAL_PORTS.include?(port)
+  end
+end

data/lib/url_for.rb

@@ -0,0 +1,51 @@
+require 'action_dispatch/routing/route_set'
+
+module ActionDispatch
+  module Routing
+    class RouteSet
+
+      # Add a secure option to the rewrite method.
+      def url_for_with_secure_option(options = {})
+        secure = options.delete(:secure)
+
+        # if secure && ssl check is not disabled, convert to full url with https
+        if !secure.nil? && !SslRequirement.disable_ssl_check?
+          if secure == true || secure == 1 || secure.to_s.downcase == "true"
+            options.merge!({
+              :only_path => false,
+              :protocol => 'https'
+            })
+
+            # if we've been told to use different host for ssl, use it
+            unless SslRequirement.ssl_host.nil?
+              options.merge! :host => SslRequirement.ssl_host
+            end
+
+            # make it non-ssl and use specified options
+          else
+            options.merge!({
+              :protocol => 'http'
+            })
+          end
+        end
+
+        url_for_without_secure_option(options)
+      end
+
+      # if full URL is requested for http and we've been told to use a
+      # non-ssl host override, then use it
+      def url_for_with_non_ssl_host(options)
+        if !options[:only_path] && !SslRequirement.non_ssl_host.nil?
+          if !(/^https/ =~ (options[:protocol] || @request.protocol))
+            options.merge! :host => SslRequirement.non_ssl_host
+          end
+        end
+        url_for_without_non_ssl_host(options)
+      end
+
+      # want with_secure_option to get run first (so chain it last)
+      alias_method_chain :url_for, :non_ssl_host
+      alias_method_chain :url_for, :secure_option
+    end
+  end
+end

data/rails/init.rb

@@ -0,0 +1 @@
+require 'ssl_requirement'

data/shoulda_macros/ssl_requirement_macros.rb

@@ -0,0 +1,31 @@
+Test::Unit::TestCase.class_eval do
+  def self.without_ssl_context
+    context "without ssl" do
+      setup do
+        @request.env['HTTPS'] = nil
+      end
+
+      context "" do
+        yield
+      end
+    end
+  end
+
+  def self.with_ssl_context
+    context "with ssl" do
+      setup do
+        @request.env['HTTPS'] = 'on'
+      end
+    
+      context "" do
+        yield
+      end
+    end
+  end
+
+  def self.should_redirect_to_ssl
+    should 'redirect to ssl' do
+      assert_redirected_to "https://" + @request.host + @request.request_uri
+    end    
+  end
+end

data/test/ssl_requirement_test.rb

@@ -0,0 +1,342 @@
+require 'set'
+require 'rubygems'
+require 'active_support'
+begin
+  require 'action_controller'
+rescue LoadError
+  if ENV['ACTIONCONTROLLER_PATH'].nil?
+    abort <<MSG
+Please set the ACTIONCONTROLLER_PATH environment variable to the directory
+containing the action_controller.rb file.
+MSG
+  else
+    $LOAD_PATH.unshift ENV['ACTIONCONTROLLER_PATH']
+    begin
+      require 'action_controller'
+    rescue LoadError
+      abort "ActionController could not be found."
+    end
+  end
+end
+
+require 'action_controller/test_process'
+require 'test/unit'
+require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
+
+ActionController::Base.logger = nil
+ActionController::Routing::Routes.reload rescue nil
+
+# several test controllers to cover different combinations of requiring/
+# allowing/exceptions-ing SSL for controller actions
+
+# this first controller modifies the flash in every action so that flash
+# set in set_flash is eventually expired (see NOTE below...)
+
+class SslRequirementController < ActionController::Base
+  include SslRequirement
+  
+  ssl_required :a, :b
+  ssl_allowed :c
+  
+  def a
+    flash[:abar] = "foo"
+    render :nothing => true
+  end
+  
+  def b
+    flash[:bbar] = "foo"
+    render :nothing => true
+  end
+  
+  def c
+    flash[:cbar] = "foo"
+    render :nothing => true
+  end
+  
+  def d
+    flash[:dbar] = "foo"
+    render :nothing => true
+  end
+
+  def set_flash
+    flash[:foo] = "bar"
+  end
+end
+
+class SslExceptionController < ActionController::Base
+  include SslRequirement
+  
+  ssl_required  :a
+  ssl_exceptions :b
+  ssl_allowed :d
+    
+  def a
+    render :nothing => true
+  end
+  
+  def b
+    render :nothing => true
+  end
+  
+  def c
+    render :nothing => true
+  end
+  
+  def d
+    render :nothing => true
+  end
+  
+end
+
+class SslAllActionsController < ActionController::Base
+  include SslRequirement
+  
+  ssl_exceptions
+    
+  def a
+    render :nothing => true
+  end
+  
+end
+
+# NOTE: The only way I could get the flash tests to work under Rails 2.3.2
+#       (without resorting to IntegrationTest with some artificial session
+#       store) was to use TestCase. In TestCases, it appears that flash 
+#       messages are effectively persisted in session after the last controller
+#       action that consumed them...so that when the TestCase inspects
+#       the FlashHash, it will find the flash still populated, even though
+#       the subsequent controller action won't see it.
+#
+#       In addition, if no changes are made to flash in subsequent requests, the
+#       flash is persisted forever. But if subsequent controller actions add to
+#       flash, the older flash messages eventually disappear.
+#
+#       As a result, the flash-related tests now make two requests after the 
+#       set_flash, each of these requests is also modifying flash. flash is 
+#       inspected after the second request returns.
+#
+#       This feels a little hacky, so if anyone can improve it, please do so!
+
+class SslRequirementTest < ActionController::TestCase
+  def setup
+    @controller = SslRequirementController.new
+    @ssl_host_override = 'www.example.com:80443'
+    @non_ssl_host_override = 'www.example.com:8080'
+  end
+
+  # port preservation tests
+
+  def test_redirect_to_https_preserves_non_normal_port
+    assert_not_equal "on", @request.env["HTTPS"]
+    @request.port = 4567
+    get :b
+    assert_response :redirect
+    assert_match %r{^https://.*:4567/}, @response.headers['Location']
+  end
+
+  def test_redirect_to_https_does_not_preserve_normal_port
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :b
+    assert_response :redirect
+    assert_match %r{^https://.*[^:]/}, @response.headers['Location']
+  end
+
+  # flash-related tests
+  
+  def test_redirect_to_https_preserves_flash
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :set_flash
+    get :b
+    assert_response :redirect       # check redirect happens (flash still set)
+    get :b                          # get again to flush flash
+    assert_response :redirect       # make sure it happens again
+    assert_equal "bar", flash[:foo] # the flash would be gone now if no redirect
+  end
+  
+  def test_not_redirecting_to_https_does_not_preserve_the_flash
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :set_flash
+    get :d
+    assert_response :success        # check no redirect (flash still set)
+    get :d                          # get again to flush flash
+    assert_response :success        # check no redirect
+    assert_nil flash[:foo]          # the flash should be gone now
+  end
+  
+  def test_redirect_to_http_preserves_flash
+    get :set_flash
+    @request.env['HTTPS'] = "on"
+    get :d
+    assert_response :redirect       # check redirect happens (flash still set)
+    get :d                          # get again to flush flash
+    assert_response :redirect       # make sure redirect happens
+    assert_equal "bar", flash[:foo] # flash would be gone now if no redirect
+  end
+  
+  def test_not_redirecting_to_http_does_not_preserve_the_flash
+    get :set_flash
+    @request.env['HTTPS'] = "on"
+    get :a
+    assert_response :success        # no redirect (flash still set)
+    get :a                          # get again to flush flash
+    assert_response :success        # no redirect
+    assert_nil flash[:foo]          # flash should be gone now
+  end
+
+  # ssl required/allowed/exceptions testing
+  
+  def test_required_without_ssl
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+    get :b
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+  end
+  
+  def test_required_with_ssl
+    @request.env['HTTPS'] = "on"
+    get :a
+    assert_response :success
+    get :b
+    assert_response :success
+  end
+
+  def test_disallowed_without_ssl
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :d
+    assert_response :success
+  end
+  
+  def test_ssl_exceptions_without_ssl
+    @controller = SslExceptionController.new
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+    get :b
+    assert_response :success
+    get :c # c is not explicity in ssl_required, but it is not listed in ssl_exceptions
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+  end
+    
+  def test_ssl_exceptions_with_ssl
+    @controller = SslExceptionController.new
+    @request.env['HTTPS'] = "on"
+    get :a
+    assert_response :success
+    get :c
+    assert_response :success
+  end
+  
+  def test_ssl_all_actions_without_ssl
+    @controller = SslAllActionsController.new
+    get :a
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+  end
+  
+  def test_disallowed_with_ssl
+    @request.env['HTTPS'] = "on"
+    get :d
+    assert_response :redirect
+    assert_match %r{^http://}, @response.headers['Location']
+  end
+
+  def test_allowed_without_ssl
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :c
+    assert_response :success
+  end
+
+  def test_allowed_with_ssl
+    @request.env['HTTPS'] = "on"
+    get :c
+    assert_response :success
+  end
+
+  def test_disable_ssl_check
+    SslRequirement.disable_ssl_check = true
+
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :success
+    get :b
+    assert_response :success
+  ensure
+    SslRequirement.disable_ssl_check = false
+  end
+
+  # testing overriding hostnames for ssl, non-ssl
+
+  # test for overriding (or not) the ssl_host and non_ssl_host variables
+  # using actions a (ssl required) and d (ssl not required or allowed)
+
+  def test_ssl_redirect_with_ssl_host
+    SslRequirement.ssl_host = @ssl_host_override
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match Regexp.new("^https://#{@ssl_host_override}"),
+                 @response.headers['Location']
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_ssl_redirect_without_ssl_host
+    SslRequirement.ssl_host = nil
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match Regexp.new("^https://"), @response.headers['Location']
+    assert_no_match Regexp.new("^https://#{@ssl_host_override}"),
+                    @response.headers['Location']
+  end
+
+  def test_non_ssl_redirect_with_non_ssl_host
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+    @request.env['HTTPS'] = 'on'
+    get :d
+    assert_response :redirect
+    assert_match Regexp.new("^http://#{@non_ssl_host_override}"),
+                 @response.headers['Location']
+    SslRequirement.non_ssl_host = nil
+  end
+
+  def test_non_ssl_redirect_without_non_ssl_host
+    SslRequirement.non_ssl_host = nil
+    @request.env['HTTPS'] = 'on'
+    get :d
+    assert_response :redirect
+    assert_match Regexp.new("^http://"), @response.headers['Location']
+    assert_no_match Regexp.new("^http://#{@non_ssl_host_override}"),
+                    @response.headers['Location']
+  end
+
+  # test ssl_host and ssl_non_host overrides with Procs
+  
+  def test_ssl_redirect_with_ssl_host_proc
+    SslRequirement.ssl_host = Proc.new do
+      @ssl_host_override
+    end
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match Regexp.new("^https://#{@ssl_host_override}"), 
+                 @response.headers['Location']
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_non_ssl_redirect_with_non_ssl_host_proc
+    SslRequirement.non_ssl_host = Proc.new do
+      @non_ssl_host_override 
+    end
+    @request.env['HTTPS'] = 'on'
+    get :d
+    assert_response :redirect
+    assert_match Regexp.new("^http://#{@non_ssl_host_override}"),
+                 @response.headers['Location']
+    SslRequirement.non_ssl_host = nil
+  end
+end

data/test/url_for_test.rb

@@ -0,0 +1,169 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'rubygems'
+require 'test/unit'
+require 'action_controller'
+require 'action_controller/test_process'
+
+require "ssl_requirement"
+
+# Show backtraces for deprecated behavior for quicker cleanup.
+ActiveSupport::Deprecation.debug = true
+ActionController::Base.logger = nil
+ActionController::Routing::Routes.reload rescue nil
+
+class UrlRewriterTest < Test::Unit::TestCase
+  def setup
+    @request = ActionController::TestRequest.new
+    @params = {}
+    @rewriter = ActionController::UrlRewriter.new(@request, @params)
+
+    @ssl_host_override = "www.example.com:80443"
+    @non_ssl_host_override = "www.example.com:8080"
+
+    SslRequirement.ssl_host = nil
+    SslRequirement.non_ssl_host = nil
+    
+    # puts @url_rewriter.to_s
+  end
+
+  def test_rewrite_secure_false
+    SslRequirement.disable_ssl_check = false
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false, 
+                        :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false,
+                        :only_path => true)
+    )
+  end
+  
+  def test_rewrite_secure_true
+    SslRequirement.disable_ssl_check = false
+    assert_equal('https://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
+    )
+    assert_equal('https://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
+    )
+  end
+  
+  def test_rewrite_secure_not_specified
+    SslRequirement.disable_ssl_check = false
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a')
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a')
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
+    )
+  end
+
+  # tests for ssl_host overriding
+
+  def test_rewrite_secure_with_ssl_host
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.ssl_host = @ssl_host_override
+    assert_equal("https://#{@ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => true))
+    assert_equal("https://#{@ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => true, :only_path => true))
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_rewrite_non_secure_with_non_ssl_host
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+
+    # with secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => false))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => false, :only_path => true))
+
+    # without secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :only_path => true))
+    SslRequirement.non_ssl_host = nil
+  end
+
+  def test_rewrite_non_secure_with_non_ssl_host_disable_check
+    SslRequirement.disable_ssl_check = true
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+
+    # with secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => false))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => false, :only_path => true))
+
+    # without secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :only_path => true))
+    SslRequirement.non_ssl_host = nil
+  end
+  
+  # tests for ssl_host overriding with Procs
+  
+  def test_rewrite_secure_with_ssl_host_proc
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.ssl_host = Proc.new do
+      @ssl_host_override
+    end
+    assert_equal("https://#{@ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => true))
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_rewrite_non_secure_with_non_ssl_host_proc
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.non_ssl_host = Proc.new do
+      @non_ssl_host_override
+    end
+    # with secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => false))
+    # without secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
+    SslRequirement.non_ssl_host = nil
+  end
+end

metadata

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification 
+name: bartt-ssl_requirement
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 1
+  - 2
+  - 0
+  version: 1.2.0
+platform: ruby
+authors: 
+- RailsJedi
+- David Heinemeier Hansson
+- jcnetdev
+- bcurren
+- bmpercy
+- revo
+- nathany
+- bartt
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-04-26 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
+email: bartt@vurve.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+files: 
+- .gitignore
+- README
+- Rakefile
+- VERSION
+- bartt-ssl_requirement.gemspec
+- init.rb
+- lib/ssl_requirement.rb
+- lib/url_for.rb
+- rails/init.rb
+- shoulda_macros/ssl_requirement_macros.rb
+- test/ssl_requirement_test.rb
+- test/url_for_test.rb
+has_rdoc: true
+homepage: http://github.com/bartt/ssl_requirement
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: Allow controller actions to force SSL on specific parts of the site.
+test_files: 
+- test/ssl_requirement_test.rb
+- test/url_for_test.rb