RubyGems - bcurren-ssl_requirement - Versions diffs - 1.0.8 → 1.0.200807043 - Mend

bcurren-ssl_requirement 1.0.8 → 1.0.200807043

Files changed (7) hide show

data/README +41 -82
data/lib/ssl_requirement.rb +6 -2
data/lib/url_rewriter.rb +2 -24
data/ssl_requirement.gemspec +8 -8
data/test/ssl_requirement_test.rb +22 -102
metadata +6 -12
data/test/url_rewriter_test.rb +0 -142

data/README CHANGED Viewed

@@ -7,30 +7,30 @@ they should be redirected.
 Example:
-    class ApplicationController < ActionController::Base
-      include SslRequirement
+  class ApplicationController < ActionController::Base
+    include SslRequirement
+  end
+  class AccountController < ApplicationController
+    ssl_required :signup, :payment
+    ssl_allowed :index
+    def signup
+      # Non-SSL access will be redirected to SSL
+    end
+    def payment
+      # Non-SSL access will be redirected to SSL
     end
-    class AccountController < ApplicationController
-      ssl_required :signup, :payment
-      ssl_allowed :index
-      def signup
-        # Non-SSL access will be redirected to SSL
-      end
-      def payment
-        # Non-SSL access will be redirected to SSL
-      end
-      def index
-        # This action will work either with or without SSL
-      end
-      def other
-        # SSL access will be redirected to non-SSL
-      end
+    def index
+      # This action will work either with or without SSL
     end
+    def other
+      # SSL access will be redirected to non-SSL
+    end
+  end
 If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
 You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without
@@ -42,24 +42,14 @@ than just the declarative specification. Say, only premium accounts get SSL.
 For SSL domains that differ from the domain of the redirecting site, add the
 following code to development.rb / test.rb / production.rb:
-    # Redirects to https://secure.example.com instead of the default
-    # https://www.example.com.
-    config.after_initialize do
-      SslRequirement.ssl_host = 'secure.example.com'
-    end
-For non-SSL domains that differ from domain of redirecting site, add the
-following code to development.rb / test.rb / production.rb:
-# Redirects to http://nonsecure.example.com instead of the default
-# http://www.example.com.
+# Redirects to https://secure.example.com instead of the default
+# https://www.example.com.
 config.after_initialize do
-  SslRequirement.non_ssl_host = 'nonsecure.example.com'
+  SslRequirement.ssl_host = 'secure.example.com'
 end
 You are able to turn disable ssl redirects by adding the following environment configuration file:
-    SslRequirement.disable_ssl_check = true
+  SslRequirement.disable_ssl_check = true
 P.S.: Beware when you include the SslRequirement module. At the time of
 inclusion, it'll add the before_filter that validates the declarations. Some
@@ -70,61 +60,30 @@ SSL URL Helper
 ==============
 This plugin also adds a helper a :secure option to url_for and named_routes. This property
 allows you to set a url as secure or not secure. It uses the disable_ssl_check to determine
-if the option should be ignored or not so you can develop as normal. It also
-will obey if you override SslRequirement.ssl_host or
-SslRequirement.non_ssl_host (see above)
+if the option should be ignored or not so you can develop as normal.
 Here is an example of creating a secure url:
-    <%= url_for(:controller => "c", :action => "a", :secure => true) %>
+<%= url_for(:controller => "c", :action => "a", :secure => true) %>
 If disable_ssl_check returns false url_for will return the following:
-    https://yoursite.com/c/a
+https://yoursite.com/c/a
 Furthermore, you can use the secure option in a named route to create a secure form as follows:
-    <% form_tag session_path(:secure => true), :class => 'home_login' do -%>
-      <p>
-        <label for="name">Email</label>
-        <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
-      </p>
-      <p>
-        <label for="password">Password</label>
-        <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
-      </p>
-      <p>
-        <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
-      </p>
-    <% end -%>
-Testing with Shoulda
-====================
-If you are using Shoulda, a few contexts and macros are provided:
-    class RegistrationsControllerTest < ActionController::TestCase
-      without_ssl_context do
-        context "GET to :new" do
-          setup do
-            get :new
-          end
-          should_redirect_to_ssl
-        end
-      end
-      with_ssl_context do
-        context "GET to :new" do
-          setup do
-            get :new
-          end
-          # your usual testing goes here
-        end
-      end
-    end
-Copyright
-=========
+<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
+  <p>
+    <label for="name">Email</label>
+    <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
+  </p>
+  <p>
+    <label for="password">Password</label>
+    <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
+  </p>
+  <p>
+    <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
+  </p>
+<% end -%>
 Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license

data/lib/ssl_requirement.rb CHANGED Viewed

@@ -21,7 +21,11 @@ require "#{File.dirname(__FILE__)}/url_rewriter"
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 module SslRequirement
-  mattr_accessor :ssl_host, :non_ssl_host
+  mattr_reader :ssl_host
+  def self.ssl_host=(host)
+    @@ssl_host = host
+  end
   def self.included(controller)
     controller.extend(ClassMethods)
@@ -78,7 +82,7 @@ module SslRequirement
         flash.keep
         return false
       elsif request.ssl? && !ssl_required?
-        redirect_to "http://" + (non_ssl_host || request.host) + request.request_uri
+        redirect_to "http://" + request.host + request.request_uri
         flash.keep
         return false
       end

data/lib/url_rewriter.rb CHANGED Viewed

@@ -6,44 +6,22 @@ module ActionController
     # Add a secure option to the rewrite method.
     def rewrite_with_secure_option(options = {})
       secure = options.delete(:secure)
-      # if secure && ssl check is not disabled, convert to full url with https
       if !secure.nil? && !SslRequirement.disable_ssl_check?
         if secure == true || secure == 1 || secure.to_s.downcase == "true"
           options.merge!({
             :only_path => false,
             :protocol => 'https'
           })
-          # if we've been told to use different host for ssl, use it
-          unless SslRequirement.ssl_host.nil?
-            options.merge! :host => SslRequirement.ssl_host
-          end
-        # make it non-ssl and use specified options
         else
           options.merge!({
+            :only_path => false,
             :protocol => 'http'
           })
         end
       end
       rewrite_without_secure_option(options)
     end
-    # if full URL is requested for http and we've been told to use a
-    # non-ssl host override, then use it
-    def rewrite_with_non_ssl_host(options)
-      if !options[:only_path] && !SslRequirement.non_ssl_host.nil?
-        if !(/^https/ =~ (options[:protocol] || @request.protocol))
-          options.merge! :host => SslRequirement.non_ssl_host
-        end
-      end
-      rewrite_without_non_ssl_host(options)
-    end
-    # want with_secure_option to get run first (so chain it last)
-    alias_method_chain :rewrite, :non_ssl_host
     alias_method_chain :rewrite, :secure_option
   end
 end

data/ssl_requirement.gemspec CHANGED Viewed

@@ -1,20 +1,20 @@
 Gem::Specification.new do |s|
   s.name = 'ssl_requirement'
-  s.version = '1.0.8'
-  s.date = '2009-06-22'
+  s.version = '1.0.200807043'
+  s.date = '2008-07-04'
   s.summary = "Allow controller actions to force SSL on specific parts of the site."
   s.description = "SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected."
-  s.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy']
-  s.email = 'percival@umamibud.com'
-  s.homepage = 'http://github.com/bmpercy/ssl_requirement'
+  s.authors = ['RailsJedi', 'David Heinemeier Hansson']
+  s.email = 'railsjedi@gmail.com'
+  s.homepage = 'http://github.com/jcnetdev/ssl_requirement'
   s.has_rdoc = true
   s.rdoc_options = ["--main", "README"]
   s.extra_rdoc_files = ["README"]
-  s.add_dependency 'rails', ['>= 2.2.2']
+  s.add_dependency 'rails', ['>= 2.1']
   s.files = ["README",
              "init.rb",
@@ -23,6 +23,6 @@ Gem::Specification.new do |s|
              "rails/init.rb",
              "ssl_requirement.gemspec"]
-  s.test_files = ["test/ssl_requirement_test.rb",
-                  "test/url_rewriter_test.rb"]
+  s.test_files = ["test/ssl_requirement_test.rb"]
 end

data/test/ssl_requirement_test.rb CHANGED Viewed

@@ -26,12 +26,6 @@ require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
 ActionController::Base.logger = nil
 ActionController::Routing::Routes.reload rescue nil
-# several test controllers to cover different combinations of requiring/
-# allowing/exceptions-ing SSL for controller actions
-# this first controller modifies the flash in every action so that flash
-# set in set_flash is eventually expired (see NOTE below...)
 class SslRequirementController < ActionController::Base
   include SslRequirement
@@ -39,25 +33,21 @@ class SslRequirementController < ActionController::Base
   ssl_allowed :c
   def a
-    flash[:abar] = "foo"
     render :nothing => true
   end
   def b
-    flash[:bbar] = "foo"
     render :nothing => true
   end
   def c
-    flash[:cbar] = "foo"
     render :nothing => true
   end
   def d
-    flash[:dbar] = "foo"
     render :nothing => true
   end
   def set_flash
     flash[:foo] = "bar"
   end
@@ -86,6 +76,9 @@ class SslExceptionController < ActionController::Base
     render :nothing => true
   end
+  def set_flash
+    flash[:foo] = "bar"
+  end
 end
 class SslAllActionsController < ActionController::Base
@@ -99,74 +92,42 @@ class SslAllActionsController < ActionController::Base
 end
-# NOTE: The only way I could get the flash tests to work under Rails 2.3.2
-#       (without resorting to IntegrationTest with some artificial session
-#       store) was to use TestCase. In TestCases, it appears that flash
-#       messages are effectively persisted in session after the last controller
-#       action that consumed them...so that when the TestCase inspects
-#       the FlashHash, it will find the flash still populated, even though
-#       the subsequent controller action won't see it.
-#
-#       In addition, if no changes are made to flash in subsequent requests, the
-#       flash is persisted forever. But if subsequent controller actions add to
-#       flash, the older flash messages eventually disappear.
-#
-#       As a result, the flash-related tests now make two requests after the
-#       set_flash, each of these requests is also modifying flash. flash is
-#       inspected after the second request returns.
-#
-#       This feels a little hacky, so if anyone can improve it, please do so!
-class SslRequirementTest < ActionController::TestCase
+class SslRequirementTest < Test::Unit::TestCase
   def setup
     @controller = SslRequirementController.new
-    @ssl_host_override = 'www.example.com:80443'
-    @non_ssl_host_override = 'www.example.com:8080'
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
   end
-  # flash-related tests
   def test_redirect_to_https_preserves_flash
-    assert_not_equal "on", @request.env["HTTPS"]
     get :set_flash
     get :b
-    assert_response :redirect       # check redirect happens (flash still set)
-    get :b                          # get again to flush flash
-    assert_response :redirect       # make sure it happens again
-    assert_equal "bar", flash[:foo] # the flash would be gone now if no redirect
+    assert_response :redirect
+    assert_equal "bar", flash[:foo]
   end
   def test_not_redirecting_to_https_does_not_preserve_the_flash
-    assert_not_equal "on", @request.env["HTTPS"]
     get :set_flash
     get :d
-    assert_response :success        # check no redirect (flash still set)
-    get :d                          # get again to flush flash
-    assert_response :success        # check no redirect
-    assert_nil flash[:foo]          # the flash should be gone now
+    assert_response :success
+    assert_nil flash[:foo]
   end
   def test_redirect_to_http_preserves_flash
     get :set_flash
     @request.env['HTTPS'] = "on"
     get :d
-    assert_response :redirect       # check redirect happens (flash still set)
-    get :d                          # get again to flush flash
-    assert_response :redirect       # make sure redirect happens
-    assert_equal "bar", flash[:foo] # flash would be gone now if no redirect
+    assert_response :redirect
+    assert_equal "bar", flash[:foo]
   end
   def test_not_redirecting_to_http_does_not_preserve_the_flash
     get :set_flash
     @request.env['HTTPS'] = "on"
     get :a
-    assert_response :success        # no redirect (flash still set)
-    get :a                          # get again to flush flash
-    assert_response :success        # no redirect
-    assert_nil flash[:foo]          # flash should be gone now
+    assert_response :success
+    assert_nil flash[:foo]
   end
-  # ssl required/allowed/exceptions testing
   def test_required_without_ssl
     assert_not_equal "on", @request.env["HTTPS"]
@@ -194,12 +155,13 @@ class SslRequirementTest < ActionController::TestCase
   def test_ssl_exceptions_without_ssl
     @controller = SslExceptionController.new
-    assert_not_equal "on", @request.env["HTTPS"]
     get :a
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
     get :b
     assert_response :success
     get :c # c is not explicity in ssl_required, but it is not listed in ssl_exceptions
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
@@ -210,6 +172,8 @@ class SslRequirementTest < ActionController::TestCase
     @request.env['HTTPS'] = "on"
     get :a
     assert_response :success
+    @request.env['HTTPS'] = "on"
     get :c
     assert_response :success
   end
@@ -217,6 +181,7 @@ class SslRequirementTest < ActionController::TestCase
   def test_ssl_all_actions_without_ssl
     @controller = SslAllActionsController.new
     get :a
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
   end
@@ -251,50 +216,5 @@ class SslRequirementTest < ActionController::TestCase
   ensure
     SslRequirement.disable_ssl_check = false
   end
-  # testing overriding hostnames for ssl, non-ssl
-  # test for overriding (or not) the ssl_host and non_ssl_host variables
-  # using actions a (ssl required) and d (ssl not required or allowed)
-  def test_ssl_redirect_with_ssl_host
-    SslRequirement.ssl_host = @ssl_host_override
-    assert_not_equal "on", @request.env["HTTPS"]
-    get :a
-    assert_response :redirect
-    assert_match Regexp.new("^https://#{@ssl_host_override}"),
-                 @response.headers['Location']
-    SslRequirement.ssl_host = nil
-  end
-  def test_ssl_redirect_without_ssl_host
-    SslRequirement.ssl_host = nil
-    assert_not_equal "on", @request.env["HTTPS"]
-    get :a
-    assert_response :redirect
-    assert_match Regexp.new("^https://"), @response.headers['Location']
-    assert_no_match Regexp.new("^https://#{@ssl_host_override}"),
-                    @response.headers['Location']
-  end
-  def test_non_ssl_redirect_with_non_ssl_host
-    SslRequirement.non_ssl_host = @non_ssl_host_override
-    @request.env['HTTPS'] = 'on'
-    get :d
-    assert_response :redirect
-    assert_match Regexp.new("^http://#{@non_ssl_host_override}"),
-                 @response.headers['Location']
-    SslRequirement.non_ssl_host = nil
-  end
-  def test_non_ssl_redirect_without_non_ssl_host
-    SslRequirement.non_ssl_host = nil
-    @request.env['HTTPS'] = 'on'
-    get :d
-    assert_response :redirect
-    assert_match Regexp.new("^http://"), @response.headers['Location']
-    assert_no_match Regexp.new("^http://#{@non_ssl_host_override}"),
-                    @response.headers['Location']
-  end
-end
+end

metadata CHANGED Viewed

@@ -1,33 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: bcurren-ssl_requirement
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.200807043
 platform: ruby
 authors:
 - RailsJedi
 - David Heinemeier Hansson
-- jcnetdev
-- bcurren
-- bmpercy
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-06-22 00:00:00 -07:00
+date: 2008-07-04 00:00:00 -07:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  type: :runtime
   version_requirement:
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.2
+        version: "2.1"
     version:
 description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
-email: percival@umamibud.com
+email: railsjedi@gmail.com
 executables: []
 extensions: []
@@ -42,8 +38,7 @@ files:
 - rails/init.rb
 - ssl_requirement.gemspec
 has_rdoc: true
-homepage: http://github.com/bmpercy/ssl_requirement
-licenses:
+homepage: http://github.com/jcnetdev/ssl_requirement
 post_install_message:
 rdoc_options:
 - --main
@@ -65,10 +60,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project:
-rubygems_version: 1.3.5
+rubygems_version: 1.2.0
 signing_key:
 specification_version: 2
 summary: Allow controller actions to force SSL on specific parts of the site.
 test_files:
 - test/ssl_requirement_test.rb
-- test/url_rewriter_test.rb

data/test/url_rewriter_test.rb DELETED Viewed

@@ -1,142 +0,0 @@
-$:.unshift(File.dirname(__FILE__) + '/../lib')
-require 'rubygems'
-require 'test/unit'
-require 'action_controller'
-require 'action_controller/test_process'
-require "ssl_requirement"
-# Show backtraces for deprecated behavior for quicker cleanup.
-ActiveSupport::Deprecation.debug = true
-ActionController::Base.logger = nil
-ActionController::Routing::Routes.reload rescue nil
-class UrlRewriterTest < Test::Unit::TestCase
-  def setup
-    @request = ActionController::TestRequest.new
-    @params = {}
-    @rewriter = ActionController::UrlRewriter.new(@request, @params)
-    @ssl_host_override = "www.example.com:80443"
-    @non_ssl_host_override = "www.example.com:8080"
-    SslRequirement.ssl_host = nil
-    SslRequirement.non_ssl_host = nil
-    puts @url_rewriter.to_s
-  end
-  def test_rewrite_secure_false
-    SslRequirement.disable_ssl_check = false
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false,
-                        :only_path => true)
-    )
-    SslRequirement.disable_ssl_check = true
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false,
-                        :only_path => true)
-    )
-  end
-  def test_rewrite_secure_true
-    SslRequirement.disable_ssl_check = false
-    assert_equal('https://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
-    )
-    assert_equal('https://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
-    )
-    SslRequirement.disable_ssl_check = true
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
-    )
-  end
-  def test_rewrite_secure_not_specified
-    SslRequirement.disable_ssl_check = false
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a')
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
-    )
-    SslRequirement.disable_ssl_check = true
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a')
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
-    )
-  end
-  # tests for ssl_host overriding
-  def test_rewrite_secure_with_ssl_host
-    SslRequirement.disable_ssl_check = false
-    SslRequirement.ssl_host = @ssl_host_override
-    assert_equal("https://#{@ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => true))
-    assert_equal("https://#{@ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => true, :only_path => true))
-    SslRequirement.ssl_host = nil
-  end
-  def test_rewrite_non_secure_with_non_ssl_host
-    SslRequirement.disable_ssl_check = false
-    SslRequirement.non_ssl_host = @non_ssl_host_override
-    # with secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false, :only_path => true))
-    # without secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :only_path => true))
-    SslRequirement.non_ssl_host = nil
-  end
-  def test_rewrite_non_secure_with_non_ssl_host_disable_check
-    SslRequirement.disable_ssl_check = true
-    SslRequirement.non_ssl_host = @non_ssl_host_override
-    # with secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false, :only_path => true))
-    # without secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :only_path => true))
-    SslRequirement.non_ssl_host = nil
-  end
-end