bcurren-ssl_requirement 1.0.4 → 1.0.6

data/README

@@ -48,6 +48,15 @@ config.after_initialize do
   SslRequirement.ssl_host = 'secure.example.com'
 end
 
+For non-SSL domains that differ from domain of redirecting site, add the
+following code to development.rb / test.rb / production.rb:
+
+# Redirects to http://nonsecure.example.com instead of the default 
+# http://www.example.com.
+config.after_initialize do
+  SslRequirement.non_ssl_host = 'nonsecure.example.com'
+end
+
 You are able to turn disable ssl redirects by adding the following environment configuration file:
   SslRequirement.disable_ssl_check = true
   
@@ -60,7 +69,9 @@ SSL URL Helper
 ==============
 This plugin also adds a helper a :secure option to url_for and named_routes. This property
 allows you to set a url as secure or not secure. It uses the disable_ssl_check to determine
-if the option should be ignored or not so you can develop as normal.
+if the option should be ignored or not so you can develop as normal. It also
+will obey if you override SslRequirement.ssl_host or 
+SslRequirement.non_ssl_host (see above)
 
 Here is an example of creating a secure url:
 

data/lib/ssl_requirement.rb

@@ -21,11 +21,7 @@ require "#{File.dirname(__FILE__)}/url_rewriter"
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 module SslRequirement
-  mattr_reader :ssl_host
-  
-  def self.ssl_host=(host)
-    @@ssl_host = host
-  end
+  mattr_accessor :ssl_host, :non_ssl_host
   
   def self.included(controller)
     controller.extend(ClassMethods)
@@ -82,7 +78,7 @@ module SslRequirement
         flash.keep
         return false
       elsif request.ssl? && !ssl_required?
-        redirect_to "http://" + request.host + request.request_uri
+        redirect_to "http://" + (non_ssl_host || request.host) + request.request_uri
         flash.keep
         return false
       end

data/lib/url_rewriter.rb

@@ -6,22 +6,44 @@ module ActionController
     # Add a secure option to the rewrite method.
     def rewrite_with_secure_option(options = {})
       secure = options.delete(:secure)
+
+      # if secure && ssl check is not disabled, convert to full url with https
       if !secure.nil? && !SslRequirement.disable_ssl_check?
         if secure == true || secure == 1 || secure.to_s.downcase == "true"
           options.merge!({
             :only_path => false,
             :protocol => 'https'
           })
+
+          # if we've been told to use different host for ssl, use it
+          unless SslRequirement.ssl_host.nil?
+            options.merge! :host => SslRequirement.ssl_host
+          end
+
+        # make it non-ssl and use specified options
         else
           options.merge!({
-            :only_path => false,
             :protocol => 'http'
           })
         end
       end
-      
+
       rewrite_without_secure_option(options)
     end
+
+    # if full URL is requested for http and we've been told to use a
+    # non-ssl host override, then use it
+    def rewrite_with_non_ssl_host(options)
+      if !options[:only_path] && !SslRequirement.non_ssl_host.nil?
+        if !(/^https/ =~ (options[:protocol] || @request.protocol))
+          options.merge! :host => SslRequirement.non_ssl_host
+        end
+      end
+      rewrite_without_non_ssl_host(options)
+    end
+
+    # want with_secure_option to get run first (so chain it last)
+    alias_method_chain :rewrite, :non_ssl_host
     alias_method_chain :rewrite, :secure_option
   end
 end

data/ssl_requirement.gemspec

@@ -1,20 +1,20 @@
 Gem::Specification.new do |s|
   s.name = 'ssl_requirement'
-  s.version = '1.0.4'
-  s.date = '2008-07-04'
+  s.version = '1.0.6'
+  s.date = '2009-06-22'
 
   s.summary = "Allow controller actions to force SSL on specific parts of the site."
   s.description = "SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected."
 
-  s.authors = ['RailsJedi', 'David Heinemeier Hansson']
-  s.email = 'railsjedi@gmail.com'
-  s.homepage = 'http://github.com/jcnetdev/ssl_requirement'
+  s.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy']
+  s.email = 'percival@umamibud.com'
+  s.homepage = 'http://github.com/bmpercy/ssl_requirement'
 
   s.has_rdoc = true
   s.rdoc_options = ["--main", "README"]
   s.extra_rdoc_files = ["README"]
 
-  s.add_dependency 'rails', ['>= 2.1']
+  s.add_dependency 'rails', ['>= 2.3.2']
 
   s.files = ["README",
              "init.rb",
@@ -23,5 +23,6 @@ Gem::Specification.new do |s|
              "rails/init.rb",
              "ssl_requirement.gemspec"]
 
-  s.test_files = ["test/ssl_requirement_test.rb"]
+  s.test_files = ["test/ssl_requirement_test.rb",
+                  "test/url_rewriter_test.rb"]
 end

data/test/ssl_requirement_test.rb

@@ -26,6 +26,12 @@ require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
 ActionController::Base.logger = nil
 ActionController::Routing::Routes.reload rescue nil
 
+# several test controllers to cover different combinations of requiring/
+# allowing/exceptions-ing SSL for controller actions
+
+# this first controller modifies the flash in every action so that flash
+# set in set_flash is eventually expired (see NOTE below...)
+
 class SslRequirementController < ActionController::Base
   include SslRequirement
   
@@ -33,21 +39,25 @@ class SslRequirementController < ActionController::Base
   ssl_allowed :c
   
   def a
+    flash[:abar] = "foo"
     render :nothing => true
   end
   
   def b
+    flash[:bbar] = "foo"
     render :nothing => true
   end
   
   def c
+    flash[:cbar] = "foo"
     render :nothing => true
   end
   
   def d
+    flash[:dbar] = "foo"
     render :nothing => true
   end
-  
+
   def set_flash
     flash[:foo] = "bar"
   end
@@ -76,9 +86,6 @@ class SslExceptionController < ActionController::Base
     render :nothing => true
   end
   
-  def set_flash
-    flash[:foo] = "bar"
-  end
 end
 
 class SslAllActionsController < ActionController::Base
@@ -92,42 +99,74 @@ class SslAllActionsController < ActionController::Base
   
 end
 
-class SslRequirementTest < Test::Unit::TestCase
+# NOTE: The only way I could get the flash tests to work under Rails 2.3.2
+#       (without resorting to IntegrationTest with some artificial session
+#       store) was to use TestCase. In TestCases, it appears that flash 
+#       messages are effectively persisted in session after the last controller
+#       action that consumed them...so that when the TestCase inspects
+#       the FlashHash, it will find the flash still populated, even though
+#       the subsequent controller action won't see it.
+#
+#       In addition, if no changes are made to flash in subsequent requests, the
+#       flash is persisted forever. But if subsequent controller actions add to
+#       flash, the older flash messages eventually disappear.
+#
+#       As a result, the flash-related tests now make two requests after the 
+#       set_flash, each of these requests is also modifying flash. flash is 
+#       inspected after the second request returns.
+#
+#       This feels a little hacky, so if anyone can improve it, please do so!
+
+class SslRequirementTest < ActionController::TestCase
   def setup
     @controller = SslRequirementController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+    @ssl_host_override = 'www.example.com:80443'
+    @non_ssl_host_override = 'www.example.com:8080'
   end
+
+  # flash-related tests
   
   def test_redirect_to_https_preserves_flash
+    assert_not_equal "on", @request.env["HTTPS"]
     get :set_flash
     get :b
-    assert_response :redirect
-    assert_equal "bar", flash[:foo]
+    assert_response :redirect       # check redirect happens (flash still set)
+    get :b                          # get again to flush flash
+    assert_response :redirect       # make sure it happens again
+    assert_equal "bar", flash[:foo] # the flash would be gone now if no redirect
   end
   
   def test_not_redirecting_to_https_does_not_preserve_the_flash
+    assert_not_equal "on", @request.env["HTTPS"]
     get :set_flash
     get :d
-    assert_response :success
-    assert_nil flash[:foo]
+    assert_response :success        # check no redirect (flash still set)
+    get :d                          # get again to flush flash
+    assert_response :success        # check no redirect
+    assert_nil flash[:foo]          # the flash should be gone now
   end
   
   def test_redirect_to_http_preserves_flash
     get :set_flash
     @request.env['HTTPS'] = "on"
     get :d
-    assert_response :redirect
-    assert_equal "bar", flash[:foo]
+    assert_response :redirect       # check redirect happens (flash still set)
+    get :d                          # get again to flush flash
+    assert_response :redirect       # make sure redirect happens
+    assert_equal "bar", flash[:foo] # flash would be gone now if no redirect
   end
   
   def test_not_redirecting_to_http_does_not_preserve_the_flash
     get :set_flash
     @request.env['HTTPS'] = "on"
     get :a
-    assert_response :success
-    assert_nil flash[:foo]
+    assert_response :success        # no redirect (flash still set)
+    get :a                          # get again to flush flash
+    assert_response :success        # no redirect
+    assert_nil flash[:foo]          # flash should be gone now
   end
+
+  # ssl required/allowed/exceptions testing
   
   def test_required_without_ssl
     assert_not_equal "on", @request.env["HTTPS"]
@@ -155,13 +194,12 @@ class SslRequirementTest < Test::Unit::TestCase
   
   def test_ssl_exceptions_without_ssl
     @controller = SslExceptionController.new
+    assert_not_equal "on", @request.env["HTTPS"]
     get :a
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
-    
     get :b
     assert_response :success
-    
     get :c # c is not explicity in ssl_required, but it is not listed in ssl_exceptions
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
@@ -172,8 +210,6 @@ class SslRequirementTest < Test::Unit::TestCase
     @request.env['HTTPS'] = "on"
     get :a
     assert_response :success
-    
-    @request.env['HTTPS'] = "on"
     get :c
     assert_response :success
   end
@@ -181,7 +217,6 @@ class SslRequirementTest < Test::Unit::TestCase
   def test_ssl_all_actions_without_ssl
     @controller = SslAllActionsController.new
     get :a
-    
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
   end
@@ -216,5 +251,50 @@ class SslRequirementTest < Test::Unit::TestCase
   ensure
     SslRequirement.disable_ssl_check = false
   end
-  
-end
+
+  # testing overriding hostnames for ssl, non-ssl
+
+  # test for overriding (or not) the ssl_host and non_ssl_host variables
+  # using actions a (ssl required) and d (ssl not required or allowed)
+
+  def test_ssl_redirect_with_ssl_host
+    SslRequirement.ssl_host = @ssl_host_override
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match Regexp.new("^https://#{@ssl_host_override}"),
+                 @response.headers['Location']
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_ssl_redirect_without_ssl_host
+    SslRequirement.ssl_host = nil
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match Regexp.new("^https://"), @response.headers['Location']
+    assert_no_match Regexp.new("^https://#{@ssl_host_override}"),
+                    @response.headers['Location']
+  end
+
+  def test_non_ssl_redirect_with_non_ssl_host
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+    @request.env['HTTPS'] = 'on'
+    get :d
+    assert_response :redirect
+    assert_match Regexp.new("^http://#{@non_ssl_host_override}"),
+                 @response.headers['Location']
+    SslRequirement.non_ssl_host = nil
+  end
+
+  def test_non_ssl_redirect_without_non_ssl_host
+    SslRequirement.non_ssl_host = nil
+    @request.env['HTTPS'] = 'on'
+    get :d
+    assert_response :redirect
+    assert_match Regexp.new("^http://"), @response.headers['Location']
+    assert_no_match Regexp.new("^http://#{@non_ssl_host_override}"),
+                    @response.headers['Location']
+  end
+
+end

data/test/url_rewriter_test.rb

@@ -0,0 +1,142 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'rubygems'
+require 'test/unit'
+require 'action_controller'
+require 'action_controller/test_process'
+
+require "ssl_requirement"
+
+# Show backtraces for deprecated behavior for quicker cleanup.
+ActiveSupport::Deprecation.debug = true
+ActionController::Base.logger = nil
+ActionController::Routing::Routes.reload rescue nil
+
+class UrlRewriterTest < Test::Unit::TestCase
+  def setup
+    @request = ActionController::TestRequest.new
+    @params = {}
+    @rewriter = ActionController::UrlRewriter.new(@request, @params)
+
+    @ssl_host_override = "www.example.com:80443"
+    @non_ssl_host_override = "www.example.com:8080"
+
+    SslRequirement.ssl_host = nil
+    SslRequirement.non_ssl_host = nil
+    
+    puts @url_rewriter.to_s
+  end
+
+  def test_rewrite_secure_false
+    SslRequirement.disable_ssl_check = false
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false, 
+                        :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false,
+                        :only_path => true)
+    )
+  end
+  
+  def test_rewrite_secure_true
+    SslRequirement.disable_ssl_check = false
+    assert_equal('https://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
+    )
+    assert_equal('https://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
+    )
+  end
+  
+  def test_rewrite_secure_not_specified
+    SslRequirement.disable_ssl_check = false
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a')
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a')
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
+    )
+  end
+
+  # tests for ssl_host overriding
+
+  def test_rewrite_secure_with_ssl_host
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.ssl_host = @ssl_host_override
+    assert_equal("https://#{@ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => true))
+    assert_equal("https://#{@ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => true, :only_path => true))
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_rewrite_non_secure_with_non_ssl_host
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+
+    # with secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => false))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => false, :only_path => true))
+
+    # without secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :only_path => true))
+    SslRequirement.non_ssl_host = nil
+  end
+
+  def test_rewrite_non_secure_with_non_ssl_host_disable_check
+    SslRequirement.disable_ssl_check = true
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+
+    # with secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => false))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => false, :only_path => true))
+
+    # without secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :only_path => true))
+    SslRequirement.non_ssl_host = nil
+  end
+
+end

metadata

@@ -1,16 +1,19 @@
 --- !ruby/object:Gem::Specification 
 name: bcurren-ssl_requirement
 version: !ruby/object:Gem::Version 
-  version: 1.0.4
+  version: 1.0.6
 platform: ruby
 authors: 
 - RailsJedi
 - David Heinemeier Hansson
+- jcnetdev
+- bcurren
+- bmpercy
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2008-07-04 00:00:00 -07:00
+date: 2009-06-22 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -21,10 +24,10 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: "2.1"
+        version: 2.3.2
     version: 
 description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
-email: railsjedi@gmail.com
+email: percival@umamibud.com
 executables: []
 
 extensions: []
@@ -39,7 +42,7 @@ files:
 - rails/init.rb
 - ssl_requirement.gemspec
 has_rdoc: true
-homepage: http://github.com/jcnetdev/ssl_requirement
+homepage: http://github.com/bmpercy/ssl_requirement
 post_install_message: 
 rdoc_options: 
 - --main
@@ -67,3 +70,4 @@ specification_version: 2
 summary: Allow controller actions to force SSL on specific parts of the site.
 test_files: 
 - test/ssl_requirement_test.rb
+- test/url_rewriter_test.rb