bcurren-ssl_requirement 1.0.6 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README +72 -42
- data/ssl_requirement.gemspec +2 -2
- metadata +4 -3
data/README
CHANGED
|
@@ -7,30 +7,30 @@ they should be redirected.
|
|
|
7
7
|
|
|
8
8
|
Example:
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
class AccountController < ApplicationController
|
|
15
|
-
ssl_required :signup, :payment
|
|
16
|
-
ssl_allowed :index
|
|
17
|
-
|
|
18
|
-
def signup
|
|
19
|
-
# Non-SSL access will be redirected to SSL
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def payment
|
|
23
|
-
# Non-SSL access will be redirected to SSL
|
|
10
|
+
class ApplicationController < ActionController::Base
|
|
11
|
+
include SslRequirement
|
|
24
12
|
end
|
|
25
13
|
|
|
26
|
-
|
|
27
|
-
|
|
14
|
+
class AccountController < ApplicationController
|
|
15
|
+
ssl_required :signup, :payment
|
|
16
|
+
ssl_allowed :index
|
|
17
|
+
|
|
18
|
+
def signup
|
|
19
|
+
# Non-SSL access will be redirected to SSL
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def payment
|
|
23
|
+
# Non-SSL access will be redirected to SSL
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def index
|
|
27
|
+
# This action will work either with or without SSL
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def other
|
|
31
|
+
# SSL access will be redirected to non-SSL
|
|
32
|
+
end
|
|
28
33
|
end
|
|
29
|
-
|
|
30
|
-
def other
|
|
31
|
-
# SSL access will be redirected to non-SSL
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
34
|
|
|
35
35
|
If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
|
|
36
36
|
You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without
|
|
@@ -42,11 +42,11 @@ than just the declarative specification. Say, only premium accounts get SSL.
|
|
|
42
42
|
For SSL domains that differ from the domain of the redirecting site, add the
|
|
43
43
|
following code to development.rb / test.rb / production.rb:
|
|
44
44
|
|
|
45
|
-
# Redirects to https://secure.example.com instead of the default
|
|
46
|
-
# https://www.example.com.
|
|
47
|
-
config.after_initialize do
|
|
48
|
-
|
|
49
|
-
end
|
|
45
|
+
# Redirects to https://secure.example.com instead of the default
|
|
46
|
+
# https://www.example.com.
|
|
47
|
+
config.after_initialize do
|
|
48
|
+
SslRequirement.ssl_host = 'secure.example.com'
|
|
49
|
+
end
|
|
50
50
|
|
|
51
51
|
For non-SSL domains that differ from domain of redirecting site, add the
|
|
52
52
|
following code to development.rb / test.rb / production.rb:
|
|
@@ -58,7 +58,8 @@ config.after_initialize do
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
You are able to turn disable ssl redirects by adding the following environment configuration file:
|
|
61
|
-
|
|
61
|
+
|
|
62
|
+
SslRequirement.disable_ssl_check = true
|
|
62
63
|
|
|
63
64
|
P.S.: Beware when you include the SslRequirement module. At the time of
|
|
64
65
|
inclusion, it'll add the before_filter that validates the declarations. Some
|
|
@@ -75,26 +76,55 @@ SslRequirement.non_ssl_host (see above)
|
|
|
75
76
|
|
|
76
77
|
Here is an example of creating a secure url:
|
|
77
78
|
|
|
78
|
-
<%= url_for(:controller => "c", :action => "a", :secure => true) %>
|
|
79
|
+
<%= url_for(:controller => "c", :action => "a", :secure => true) %>
|
|
79
80
|
|
|
80
81
|
If disable_ssl_check returns false url_for will return the following:
|
|
81
82
|
|
|
82
|
-
https://yoursite.com/c/a
|
|
83
|
+
https://yoursite.com/c/a
|
|
83
84
|
|
|
84
85
|
Furthermore, you can use the secure option in a named route to create a secure form as follows:
|
|
85
86
|
|
|
86
|
-
<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
<% end -%>
|
|
87
|
+
<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
|
|
88
|
+
<p>
|
|
89
|
+
<label for="name">Email</label>
|
|
90
|
+
<%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
|
|
91
|
+
</p>
|
|
92
|
+
<p>
|
|
93
|
+
<label for="password">Password</label>
|
|
94
|
+
<%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
|
|
95
|
+
</p>
|
|
96
|
+
<p>
|
|
97
|
+
<%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
|
|
98
|
+
</p>
|
|
99
|
+
<% end -%>
|
|
100
|
+
|
|
101
|
+
Testing with Shoulda
|
|
102
|
+
====================
|
|
103
|
+
|
|
104
|
+
If you are using Shoulda, a few contexts and macros are provided:
|
|
105
|
+
|
|
106
|
+
class RegistrationsControllerTest < ActionController::TestCase
|
|
107
|
+
without_ssl_context do
|
|
108
|
+
context "GET to :new" do
|
|
109
|
+
setup do
|
|
110
|
+
get :new
|
|
111
|
+
end
|
|
112
|
+
should_redirect_to_ssl
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
with_ssl_context do
|
|
117
|
+
context "GET to :new" do
|
|
118
|
+
setup do
|
|
119
|
+
get :new
|
|
120
|
+
end
|
|
121
|
+
# your usual testing goes here
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
|
|
127
|
+
Copyright
|
|
128
|
+
=========
|
|
99
129
|
|
|
100
130
|
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
|
data/ssl_requirement.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'ssl_requirement'
|
|
3
|
-
s.version = '1.0.
|
|
3
|
+
s.version = '1.0.7'
|
|
4
4
|
s.date = '2009-06-22'
|
|
5
5
|
|
|
6
6
|
s.summary = "Allow controller actions to force SSL on specific parts of the site."
|
|
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
|
|
|
14
14
|
s.rdoc_options = ["--main", "README"]
|
|
15
15
|
s.extra_rdoc_files = ["README"]
|
|
16
16
|
|
|
17
|
-
s.add_dependency 'rails', ['>= 2.
|
|
17
|
+
s.add_dependency 'rails', ['>= 2.2.2']
|
|
18
18
|
|
|
19
19
|
s.files = ["README",
|
|
20
20
|
"init.rb",
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bcurren-ssl_requirement
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- RailsJedi
|
|
@@ -24,7 +24,7 @@ dependencies:
|
|
|
24
24
|
requirements:
|
|
25
25
|
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: 2.
|
|
27
|
+
version: 2.2.2
|
|
28
28
|
version:
|
|
29
29
|
description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
|
|
30
30
|
email: percival@umamibud.com
|
|
@@ -43,6 +43,7 @@ files:
|
|
|
43
43
|
- ssl_requirement.gemspec
|
|
44
44
|
has_rdoc: true
|
|
45
45
|
homepage: http://github.com/bmpercy/ssl_requirement
|
|
46
|
+
licenses:
|
|
46
47
|
post_install_message:
|
|
47
48
|
rdoc_options:
|
|
48
49
|
- --main
|
|
@@ -64,7 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
64
65
|
requirements: []
|
|
65
66
|
|
|
66
67
|
rubyforge_project:
|
|
67
|
-
rubygems_version: 1.
|
|
68
|
+
rubygems_version: 1.3.5
|
|
68
69
|
signing_key:
|
|
69
70
|
specification_version: 2
|
|
70
71
|
summary: Allow controller actions to force SSL on specific parts of the site.
|