bcurren-ssl_requirement 1.0.6 → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- data/README +72 -42
- data/ssl_requirement.gemspec +2 -2
- metadata +4 -3
data/README
CHANGED
|
@@ -7,30 +7,30 @@ they should be redirected.
|
|
|
7
7
|
|
|
8
8
|
Example:
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
class AccountController < ApplicationController
|
|
15
|
-
ssl_required :signup, :payment
|
|
16
|
-
ssl_allowed :index
|
|
17
|
-
|
|
18
|
-
def signup
|
|
19
|
-
# Non-SSL access will be redirected to SSL
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def payment
|
|
23
|
-
# Non-SSL access will be redirected to SSL
|
|
10
|
+
class ApplicationController < ActionController::Base
|
|
11
|
+
include SslRequirement
|
|
24
12
|
end
|
|
25
13
|
|
|
26
|
-
|
|
27
|
-
|
|
14
|
+
class AccountController < ApplicationController
|
|
15
|
+
ssl_required :signup, :payment
|
|
16
|
+
ssl_allowed :index
|
|
17
|
+
|
|
18
|
+
def signup
|
|
19
|
+
# Non-SSL access will be redirected to SSL
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def payment
|
|
23
|
+
# Non-SSL access will be redirected to SSL
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def index
|
|
27
|
+
# This action will work either with or without SSL
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def other
|
|
31
|
+
# SSL access will be redirected to non-SSL
|
|
32
|
+
end
|
|
28
33
|
end
|
|
29
|
-
|
|
30
|
-
def other
|
|
31
|
-
# SSL access will be redirected to non-SSL
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
34
|
|
|
35
35
|
If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
|
|
36
36
|
You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without
|
|
@@ -42,11 +42,11 @@ than just the declarative specification. Say, only premium accounts get SSL.
|
|
|
42
42
|
For SSL domains that differ from the domain of the redirecting site, add the
|
|
43
43
|
following code to development.rb / test.rb / production.rb:
|
|
44
44
|
|
|
45
|
-
# Redirects to https://secure.example.com instead of the default
|
|
46
|
-
# https://www.example.com.
|
|
47
|
-
config.after_initialize do
|
|
48
|
-
|
|
49
|
-
end
|
|
45
|
+
# Redirects to https://secure.example.com instead of the default
|
|
46
|
+
# https://www.example.com.
|
|
47
|
+
config.after_initialize do
|
|
48
|
+
SslRequirement.ssl_host = 'secure.example.com'
|
|
49
|
+
end
|
|
50
50
|
|
|
51
51
|
For non-SSL domains that differ from domain of redirecting site, add the
|
|
52
52
|
following code to development.rb / test.rb / production.rb:
|
|
@@ -58,7 +58,8 @@ config.after_initialize do
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
You are able to turn disable ssl redirects by adding the following environment configuration file:
|
|
61
|
-
|
|
61
|
+
|
|
62
|
+
SslRequirement.disable_ssl_check = true
|
|
62
63
|
|
|
63
64
|
P.S.: Beware when you include the SslRequirement module. At the time of
|
|
64
65
|
inclusion, it'll add the before_filter that validates the declarations. Some
|
|
@@ -75,26 +76,55 @@ SslRequirement.non_ssl_host (see above)
|
|
|
75
76
|
|
|
76
77
|
Here is an example of creating a secure url:
|
|
77
78
|
|
|
78
|
-
<%= url_for(:controller => "c", :action => "a", :secure => true) %>
|
|
79
|
+
<%= url_for(:controller => "c", :action => "a", :secure => true) %>
|
|
79
80
|
|
|
80
81
|
If disable_ssl_check returns false url_for will return the following:
|
|
81
82
|
|
|
82
|
-
https://yoursite.com/c/a
|
|
83
|
+
https://yoursite.com/c/a
|
|
83
84
|
|
|
84
85
|
Furthermore, you can use the secure option in a named route to create a secure form as follows:
|
|
85
86
|
|
|
86
|
-
<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
<% end -%>
|
|
87
|
+
<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
|
|
88
|
+
<p>
|
|
89
|
+
<label for="name">Email</label>
|
|
90
|
+
<%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
|
|
91
|
+
</p>
|
|
92
|
+
<p>
|
|
93
|
+
<label for="password">Password</label>
|
|
94
|
+
<%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
|
|
95
|
+
</p>
|
|
96
|
+
<p>
|
|
97
|
+
<%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
|
|
98
|
+
</p>
|
|
99
|
+
<% end -%>
|
|
100
|
+
|
|
101
|
+
Testing with Shoulda
|
|
102
|
+
====================
|
|
103
|
+
|
|
104
|
+
If you are using Shoulda, a few contexts and macros are provided:
|
|
105
|
+
|
|
106
|
+
class RegistrationsControllerTest < ActionController::TestCase
|
|
107
|
+
without_ssl_context do
|
|
108
|
+
context "GET to :new" do
|
|
109
|
+
setup do
|
|
110
|
+
get :new
|
|
111
|
+
end
|
|
112
|
+
should_redirect_to_ssl
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
with_ssl_context do
|
|
117
|
+
context "GET to :new" do
|
|
118
|
+
setup do
|
|
119
|
+
get :new
|
|
120
|
+
end
|
|
121
|
+
# your usual testing goes here
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
|
|
127
|
+
Copyright
|
|
128
|
+
=========
|
|
99
129
|
|
|
100
130
|
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
|
data/ssl_requirement.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'ssl_requirement'
|
|
3
|
-
s.version = '1.0.
|
|
3
|
+
s.version = '1.0.7'
|
|
4
4
|
s.date = '2009-06-22'
|
|
5
5
|
|
|
6
6
|
s.summary = "Allow controller actions to force SSL on specific parts of the site."
|
|
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
|
|
|
14
14
|
s.rdoc_options = ["--main", "README"]
|
|
15
15
|
s.extra_rdoc_files = ["README"]
|
|
16
16
|
|
|
17
|
-
s.add_dependency 'rails', ['>= 2.
|
|
17
|
+
s.add_dependency 'rails', ['>= 2.2.2']
|
|
18
18
|
|
|
19
19
|
s.files = ["README",
|
|
20
20
|
"init.rb",
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bcurren-ssl_requirement
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- RailsJedi
|
|
@@ -24,7 +24,7 @@ dependencies:
|
|
|
24
24
|
requirements:
|
|
25
25
|
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: 2.
|
|
27
|
+
version: 2.2.2
|
|
28
28
|
version:
|
|
29
29
|
description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
|
|
30
30
|
email: percival@umamibud.com
|
|
@@ -43,6 +43,7 @@ files:
|
|
|
43
43
|
- ssl_requirement.gemspec
|
|
44
44
|
has_rdoc: true
|
|
45
45
|
homepage: http://github.com/bmpercy/ssl_requirement
|
|
46
|
+
licenses:
|
|
46
47
|
post_install_message:
|
|
47
48
|
rdoc_options:
|
|
48
49
|
- --main
|
|
@@ -64,7 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
64
65
|
requirements: []
|
|
65
66
|
|
|
66
67
|
rubyforge_project:
|
|
67
|
-
rubygems_version: 1.
|
|
68
|
+
rubygems_version: 1.3.5
|
|
68
69
|
signing_key:
|
|
69
70
|
specification_version: 2
|
|
70
71
|
summary: Allow controller actions to force SSL on specific parts of the site.
|