bartt-ssl_requirement 1.2.3 → 1.2.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README +33 -22
- data/Rakefile +2 -2
- data/VERSION +1 -1
- data/bartt-ssl_requirement.gemspec +17 -19
- data/lib/ssl_requirement.rb +10 -4
- data/test/ssl_requirement_test.rb +80 -1
- metadata +8 -8
- data/.gitignore +0 -1
data/README
CHANGED
@@ -8,17 +8,17 @@ they should be redirected.
|
|
8
8
|
Example:
|
9
9
|
|
10
10
|
class ApplicationController < ActionController::Base
|
11
|
-
include SslRequirement
|
11
|
+
include ::SslRequirement
|
12
12
|
end
|
13
13
|
|
14
14
|
class AccountController < ApplicationController
|
15
|
-
ssl_required :signup, :payment
|
15
|
+
ssl_required :signup, :payment
|
16
16
|
ssl_allowed :index
|
17
|
-
|
17
|
+
|
18
18
|
def signup
|
19
19
|
# Non-SSL access will be redirected to SSL
|
20
20
|
end
|
21
|
-
|
21
|
+
|
22
22
|
def payment
|
23
23
|
# Non-SSL access will be redirected to SSL
|
24
24
|
end
|
@@ -31,18 +31,29 @@ Example:
|
|
31
31
|
# SSL access will be redirected to non-SSL
|
32
32
|
end
|
33
33
|
end
|
34
|
-
|
34
|
+
|
35
35
|
If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
|
36
|
-
You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without
|
37
|
-
any actions listed will make ALL actions SSL protected.
|
38
|
-
|
36
|
+
You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without
|
37
|
+
any actions listed will make ALL actions SSL protected.
|
38
|
+
|
39
|
+
To allow SSL for any action use ssl_allowed and pass in :all
|
40
|
+
|
41
|
+
Example:
|
42
|
+
|
43
|
+
# This will enable SSL for any action in your application.
|
44
|
+
class ApplicationController < ActionController::Base
|
45
|
+
include ::SslRequirement
|
46
|
+
|
47
|
+
ssl_allowed :all
|
48
|
+
end
|
49
|
+
|
39
50
|
You can overwrite the protected method ssl_required? to rely on other things
|
40
51
|
than just the declarative specification. Say, only premium accounts get SSL.
|
41
52
|
|
42
|
-
For SSL domains that differ from the domain of the redirecting site, add the
|
53
|
+
For SSL domains that differ from the domain of the redirecting site, add the
|
43
54
|
following code to development.rb / test.rb / production.rb:
|
44
55
|
|
45
|
-
# Redirects to https://secure.example.com instead of the default
|
56
|
+
# Redirects to https://secure.example.com instead of the default
|
46
57
|
# https://www.example.com.
|
47
58
|
config.after_initialize do
|
48
59
|
SslRequirement.ssl_host = 'secure.example.com'
|
@@ -51,35 +62,35 @@ following code to development.rb / test.rb / production.rb:
|
|
51
62
|
For non-SSL domains that differ from domain of redirecting site, add the
|
52
63
|
following code to development.rb / test.rb / production.rb:
|
53
64
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
65
|
+
# Redirects to http://nonsecure.example.com instead of the default
|
66
|
+
# http://www.example.com.
|
67
|
+
config.after_initialize do
|
68
|
+
SslRequirement.non_ssl_host = 'nonsecure.example.com'
|
69
|
+
end
|
59
70
|
|
60
71
|
You can also use a Proc to determine the ssl_host or non_ssl_host on the fly:
|
61
72
|
|
62
|
-
|
73
|
+
config.after_initialize do
|
63
74
|
SslRequirement.ssl_host = Proc.new do
|
64
|
-
|
65
|
-
|
75
|
+
'secure.example.com'
|
76
|
+
end
|
66
77
|
end
|
67
78
|
|
68
79
|
You are able to turn disable ssl redirects by adding the following environment configuration file:
|
69
80
|
|
70
81
|
SslRequirement.disable_ssl_check = true
|
71
|
-
|
82
|
+
|
72
83
|
P.S.: Beware when you include the SslRequirement module. At the time of
|
73
84
|
inclusion, it'll add the before_filter that validates the declarations. Some
|
74
85
|
times you'll want to run other before_filters before that. They should then be
|
75
86
|
declared ahead of including this module.
|
76
|
-
|
87
|
+
|
77
88
|
SSL URL Helper
|
78
89
|
==============
|
79
90
|
This plugin also adds a helper a :secure option to url_for and named_routes. This property
|
80
91
|
allows you to set a url as secure or not secure. It uses the disable_ssl_check to determine
|
81
92
|
if the option should be ignored or not so you can develop as normal. It also
|
82
|
-
will obey if you override SslRequirement.ssl_host or
|
93
|
+
will obey if you override SslRequirement.ssl_host or
|
83
94
|
SslRequirement.non_ssl_host (see above)
|
84
95
|
|
85
96
|
Here is an example of creating a secure url:
|
@@ -130,7 +141,7 @@ If you are using Shoulda, a few contexts and macros are provided:
|
|
130
141
|
end
|
131
142
|
end
|
132
143
|
end
|
133
|
-
|
144
|
+
|
134
145
|
|
135
146
|
Copyright
|
136
147
|
=========
|
data/Rakefile
CHANGED
@@ -10,9 +10,9 @@ begin
|
|
10
10
|
gemspec.name = "bartt-ssl_requirement"
|
11
11
|
gemspec.summary = "Allow controller actions to force SSL on specific parts of the site."
|
12
12
|
gemspec.description = "SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected."
|
13
|
-
gemspec.email = '
|
13
|
+
gemspec.email = 'bart@thecodemill.biz'
|
14
14
|
gemspec.homepage = 'http://github.com/bartt/ssl_requirement'
|
15
|
-
gemspec.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy','revo','nathany', 'bartt']
|
15
|
+
gemspec.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy','revo','nathany', 'bartt', 'Thorben Schröder']
|
16
16
|
end
|
17
17
|
rescue LoadError
|
18
18
|
puts "Jeweler not available. Install it with: gem install jeweler"
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.4
|
@@ -1,42 +1,40 @@
|
|
1
1
|
# Generated by jeweler
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{bartt-ssl_requirement}
|
8
|
-
s.version = "1.2.
|
8
|
+
s.version = "1.2.4"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
-
s.authors = ["RailsJedi", "David Heinemeier Hansson", "jcnetdev", "bcurren", "bmpercy", "revo", "nathany", "bartt"]
|
12
|
-
s.date = %q{
|
11
|
+
s.authors = ["RailsJedi", "David Heinemeier Hansson", "jcnetdev", "bcurren", "bmpercy", "revo", "nathany", "bartt", "Thorben Schr\303\266der"]
|
12
|
+
s.date = %q{2011-01-05}
|
13
13
|
s.description = %q{SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.}
|
14
|
-
s.email = %q{
|
14
|
+
s.email = %q{bart@thecodemill.biz}
|
15
15
|
s.extra_rdoc_files = [
|
16
16
|
"README"
|
17
17
|
]
|
18
18
|
s.files = [
|
19
|
-
"
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
"test/url_for_test.rb"
|
19
|
+
"README",
|
20
|
+
"Rakefile",
|
21
|
+
"VERSION",
|
22
|
+
"bartt-ssl_requirement.gemspec",
|
23
|
+
"init.rb",
|
24
|
+
"lib/ssl_requirement.rb",
|
25
|
+
"lib/url_for.rb",
|
26
|
+
"rails/init.rb",
|
27
|
+
"shoulda_macros/ssl_requirement_macros.rb",
|
28
|
+
"test/ssl_requirement_test.rb",
|
29
|
+
"test/url_for_test.rb"
|
31
30
|
]
|
32
31
|
s.homepage = %q{http://github.com/bartt/ssl_requirement}
|
33
|
-
s.rdoc_options = ["--charset=UTF-8"]
|
34
32
|
s.require_paths = ["lib"]
|
35
33
|
s.rubygems_version = %q{1.3.7}
|
36
34
|
s.summary = %q{Allow controller actions to force SSL on specific parts of the site.}
|
37
35
|
s.test_files = [
|
38
36
|
"test/ssl_requirement_test.rb",
|
39
|
-
|
37
|
+
"test/url_for_test.rb"
|
40
38
|
]
|
41
39
|
|
42
40
|
if s.respond_to? :specification_version then
|
data/lib/ssl_requirement.rb
CHANGED
@@ -60,7 +60,9 @@ module SslRequirement
|
|
60
60
|
def ssl_exceptions(*actions)
|
61
61
|
write_inheritable_array(:ssl_required_except_actions, actions)
|
62
62
|
end
|
63
|
-
|
63
|
+
|
64
|
+
# To allow SSL for any action pass :all as action like this:
|
65
|
+
# ssl_allowed :all
|
64
66
|
def ssl_allowed(*actions)
|
65
67
|
write_inheritable_array(:ssl_allowed_actions, actions)
|
66
68
|
end
|
@@ -80,7 +82,9 @@ module SslRequirement
|
|
80
82
|
end
|
81
83
|
|
82
84
|
def ssl_allowed?
|
83
|
-
(self.class.read_inheritable_attribute(:ssl_allowed_actions) || [])
|
85
|
+
allowed_actions = (self.class.read_inheritable_attribute(:ssl_allowed_actions) || [])
|
86
|
+
|
87
|
+
allowed_actions == [:all] || allowed_actions.include?(action_name.to_sym)
|
84
88
|
end
|
85
89
|
|
86
90
|
# normal ports are the ports used when no port is specified by the user to the browser
|
@@ -90,12 +94,14 @@ module SslRequirement
|
|
90
94
|
private
|
91
95
|
def ensure_proper_protocol
|
92
96
|
return true if SslRequirement.disable_ssl_check?
|
93
|
-
|
94
|
-
|
97
|
+
|
95
98
|
if ssl_required? && !request.ssl?
|
96
99
|
redirect_to determine_redirect_url(request, true)
|
97
100
|
flash.keep
|
98
101
|
return false
|
102
|
+
elsif request.ssl? && ssl_allowed?
|
103
|
+
flash.keep
|
104
|
+
return true
|
99
105
|
elsif request.ssl? && !ssl_required?
|
100
106
|
redirect_to determine_redirect_url(request, false)
|
101
107
|
flash.keep
|
@@ -19,7 +19,7 @@ MSG
|
|
19
19
|
end
|
20
20
|
end
|
21
21
|
|
22
|
-
require '
|
22
|
+
require 'action_dispatch/testing/test_process'
|
23
23
|
require 'test/unit'
|
24
24
|
require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
|
25
25
|
|
@@ -32,6 +32,13 @@ ActionController::Routing::Routes.reload rescue nil
|
|
32
32
|
# this first controller modifies the flash in every action so that flash
|
33
33
|
# set in set_flash is eventually expired (see NOTE below...)
|
34
34
|
|
35
|
+
ROUTES = ActionDispatch::Routing::RouteSet.new
|
36
|
+
ROUTES.draw do
|
37
|
+
match ':controller(/:action(/:id(.:format)))'
|
38
|
+
end
|
39
|
+
ROUTES.finalize!
|
40
|
+
|
41
|
+
|
35
42
|
class SslRequirementController < ActionController::Base
|
36
43
|
include SslRequirement
|
37
44
|
|
@@ -60,6 +67,11 @@ class SslRequirementController < ActionController::Base
|
|
60
67
|
|
61
68
|
def set_flash
|
62
69
|
flash[:foo] = "bar"
|
70
|
+
render :nothing => true
|
71
|
+
end
|
72
|
+
|
73
|
+
def self._routes
|
74
|
+
ROUTES
|
63
75
|
end
|
64
76
|
end
|
65
77
|
|
@@ -86,6 +98,9 @@ class SslExceptionController < ActionController::Base
|
|
86
98
|
render :nothing => true
|
87
99
|
end
|
88
100
|
|
101
|
+
def self._routes
|
102
|
+
ROUTES
|
103
|
+
end
|
89
104
|
end
|
90
105
|
|
91
106
|
class SslAllActionsController < ActionController::Base
|
@@ -97,6 +112,31 @@ class SslAllActionsController < ActionController::Base
|
|
97
112
|
render :nothing => true
|
98
113
|
end
|
99
114
|
|
115
|
+
def self._routes
|
116
|
+
ROUTES
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
class SslAllowAllActionsController < ActionController::Base
|
121
|
+
include SslRequirement
|
122
|
+
|
123
|
+
ssl_allowed :all
|
124
|
+
|
125
|
+
def a
|
126
|
+
render :nothing => true
|
127
|
+
end
|
128
|
+
|
129
|
+
def b
|
130
|
+
render :nothing => true
|
131
|
+
end
|
132
|
+
|
133
|
+
def self._routes
|
134
|
+
ROUTES
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
class SslAllowAllAndRequireController < SslAllowAllActionsController
|
139
|
+
ssl_required :a, :b
|
100
140
|
end
|
101
141
|
|
102
142
|
# NOTE: The only way I could get the flash tests to work under Rails 2.3.2
|
@@ -117,8 +157,11 @@ end
|
|
117
157
|
#
|
118
158
|
# This feels a little hacky, so if anyone can improve it, please do so!
|
119
159
|
|
160
|
+
|
120
161
|
class SslRequirementTest < ActionController::TestCase
|
121
162
|
def setup
|
163
|
+
@routes = ROUTES
|
164
|
+
|
122
165
|
@controller = SslRequirementController.new
|
123
166
|
@ssl_host_override = 'www.example.com:80443'
|
124
167
|
@non_ssl_host_override = 'www.example.com:8080'
|
@@ -128,7 +171,9 @@ class SslRequirementTest < ActionController::TestCase
|
|
128
171
|
|
129
172
|
def test_redirect_to_https_preserves_non_normal_port
|
130
173
|
assert_not_equal "on", @request.env["HTTPS"]
|
174
|
+
@request.host = 'www.example.com:4567'
|
131
175
|
@request.port = 4567
|
176
|
+
|
132
177
|
get :b
|
133
178
|
assert_response :redirect
|
134
179
|
assert_match %r{^https://.*:4567/}, @response.headers['Location']
|
@@ -339,4 +384,38 @@ class SslRequirementTest < ActionController::TestCase
|
|
339
384
|
@response.headers['Location']
|
340
385
|
SslRequirement.non_ssl_host = nil
|
341
386
|
end
|
387
|
+
|
388
|
+
# test allowing ssl on any action by the :all symbol
|
389
|
+
def test_controller_that_allows_ssl_on_all_actions_allows_requests_with_or_without_ssl_enabled
|
390
|
+
@controller = SslAllowAllActionsController.new
|
391
|
+
|
392
|
+
assert_not_equal "on", @request.env["HTTPS"]
|
393
|
+
|
394
|
+
get :a
|
395
|
+
assert_response :success
|
396
|
+
|
397
|
+
get :b
|
398
|
+
assert_response :success
|
399
|
+
|
400
|
+
@request.env["HTTPS"] = "on"
|
401
|
+
|
402
|
+
get :a
|
403
|
+
assert_response :success
|
404
|
+
|
405
|
+
get :b
|
406
|
+
assert_response :success
|
407
|
+
end
|
408
|
+
|
409
|
+
def test_required_without_ssl_and_allowed_all
|
410
|
+
@controller = SslAllowAllAndRequireController.new
|
411
|
+
|
412
|
+
assert_not_equal "on", @request.env["HTTPS"]
|
413
|
+
get :a
|
414
|
+
assert_response :redirect
|
415
|
+
assert_match %r{^https://}, @response.headers['Location']
|
416
|
+
get :b
|
417
|
+
assert_response :redirect
|
418
|
+
assert_match %r{^https://}, @response.headers['Location']
|
419
|
+
end
|
420
|
+
|
342
421
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bartt-ssl_requirement
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 23
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 2
|
9
|
-
-
|
10
|
-
version: 1.2.
|
9
|
+
- 4
|
10
|
+
version: 1.2.4
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- RailsJedi
|
@@ -18,16 +18,17 @@ authors:
|
|
18
18
|
- revo
|
19
19
|
- nathany
|
20
20
|
- bartt
|
21
|
+
- "Thorben Schr\xC3\xB6der"
|
21
22
|
autorequire:
|
22
23
|
bindir: bin
|
23
24
|
cert_chain: []
|
24
25
|
|
25
|
-
date:
|
26
|
+
date: 2011-01-05 00:00:00 +00:00
|
26
27
|
default_executable:
|
27
28
|
dependencies: []
|
28
29
|
|
29
30
|
description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
|
30
|
-
email:
|
31
|
+
email: bart@thecodemill.biz
|
31
32
|
executables: []
|
32
33
|
|
33
34
|
extensions: []
|
@@ -35,7 +36,6 @@ extensions: []
|
|
35
36
|
extra_rdoc_files:
|
36
37
|
- README
|
37
38
|
files:
|
38
|
-
- .gitignore
|
39
39
|
- README
|
40
40
|
- Rakefile
|
41
41
|
- VERSION
|
@@ -52,8 +52,8 @@ homepage: http://github.com/bartt/ssl_requirement
|
|
52
52
|
licenses: []
|
53
53
|
|
54
54
|
post_install_message:
|
55
|
-
rdoc_options:
|
56
|
-
|
55
|
+
rdoc_options: []
|
56
|
+
|
57
57
|
require_paths:
|
58
58
|
- lib
|
59
59
|
required_ruby_version: !ruby/object:Gem::Requirement
|
data/.gitignore
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
*.gem
|