RubyGems - bcurren-ssl_requirement - Versions diffs - 1.0.8 → 1.0.200807043 - Mend

bcurren-ssl_requirement 1.0.8 → 1.0.200807043

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/README +41 -82
data/lib/ssl_requirement.rb +6 -2
data/lib/url_rewriter.rb +2 -24
data/ssl_requirement.gemspec +8 -8
data/test/ssl_requirement_test.rb +22 -102
metadata +6 -12
data/test/url_rewriter_test.rb +0 -142

data/README CHANGED Viewed

@@ -7,30 +7,30 @@ they should be redirected.
 Example:
-    class ApplicationController < ActionController::Base
-      include SslRequirement
+  class ApplicationController < ActionController::Base
+    include SslRequirement
+  end
+  class AccountController < ApplicationController
+    ssl_required :signup, :payment
+    ssl_allowed :index
+    def signup
+      # Non-SSL access will be redirected to SSL
+    end
+    def payment
+      # Non-SSL access will be redirected to SSL
     end
-    class AccountController < ApplicationController
-      ssl_required :signup, :payment
-      ssl_allowed :index
-      def signup
-        # Non-SSL access will be redirected to SSL
-      end
-      def payment
-        # Non-SSL access will be redirected to SSL
-      end
-      def index
-        # This action will work either with or without SSL
-      end
-      def other
-        # SSL access will be redirected to non-SSL
-      end
+    def index
+      # This action will work either with or without SSL
     end
+    def other
+      # SSL access will be redirected to non-SSL
+    end
+  end
 If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
 You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without
@@ -42,24 +42,14 @@ than just the declarative specification. Say, only premium accounts get SSL.
 For SSL domains that differ from the domain of the redirecting site, add the
 following code to development.rb / test.rb / production.rb:
-    # Redirects to https://secure.example.com instead of the default
-    # https://www.example.com.
-    config.after_initialize do
-      SslRequirement.ssl_host = 'secure.example.com'
-    end
-For non-SSL domains that differ from domain of redirecting site, add the
-following code to development.rb / test.rb / production.rb:
-# Redirects to http://nonsecure.example.com instead of the default
-# http://www.example.com.
+# Redirects to https://secure.example.com instead of the default
+# https://www.example.com.
 config.after_initialize do
-  SslRequirement.non_ssl_host = 'nonsecure.example.com'
+  SslRequirement.ssl_host = 'secure.example.com'
 end
 You are able to turn disable ssl redirects by adding the following environment configuration file:
-    SslRequirement.disable_ssl_check = true
+  SslRequirement.disable_ssl_check = true
 P.S.: Beware when you include the SslRequirement module. At the time of
 inclusion, it'll add the before_filter that validates the declarations. Some
@@ -70,61 +60,30 @@ SSL URL Helper
 ==============
 This plugin also adds a helper a :secure option to url_for and named_routes. This property
 allows you to set a url as secure or not secure. It uses the disable_ssl_check to determine
-if the option should be ignored or not so you can develop as normal. It also
-will obey if you override SslRequirement.ssl_host or
-SslRequirement.non_ssl_host (see above)
+if the option should be ignored or not so you can develop as normal.
 Here is an example of creating a secure url:
-    <%= url_for(:controller => "c", :action => "a", :secure => true) %>
+<%= url_for(:controller => "c", :action => "a", :secure => true) %>
 If disable_ssl_check returns false url_for will return the following:
-    https://yoursite.com/c/a
+https://yoursite.com/c/a
 Furthermore, you can use the secure option in a named route to create a secure form as follows:
-    <% form_tag session_path(:secure => true), :class => 'home_login' do -%>
-      <p>
-        <label for="name">Email</label>
-        <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
-      </p>
-      <p>
-        <label for="password">Password</label>
-        <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
-      </p>
-      <p>
-        <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
-      </p>
-    <% end -%>
-Testing with Shoulda
-====================
-If you are using Shoulda, a few contexts and macros are provided:
-    class RegistrationsControllerTest < ActionController::TestCase
-      without_ssl_context do
-        context "GET to :new" do
-          setup do
-            get :new
-          end
-          should_redirect_to_ssl
-        end
-      end
-      with_ssl_context do
-        context "GET to :new" do
-          setup do
-            get :new
-          end
-          # your usual testing goes here
-        end
-      end
-    end
-Copyright
-=========
+<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
+  <p>
+    <label for="name">Email</label>
+    <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
+  </p>
+  <p>
+    <label for="password">Password</label>
+    <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
+  </p>
+  <p>
+    <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
+  </p>
+<% end -%>
 Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license

data/lib/ssl_requirement.rb CHANGED Viewed

@@ -21,7 +21,11 @@ require "#{File.dirname(__FILE__)}/url_rewriter"
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 module SslRequirement
-  mattr_accessor :ssl_host, :non_ssl_host
+  mattr_reader :ssl_host
+  def self.ssl_host=(host)
+    @@ssl_host = host
+  end
   def self.included(controller)
     controller.extend(ClassMethods)
@@ -78,7 +82,7 @@ module SslRequirement
         flash.keep
         return false
       elsif request.ssl? && !ssl_required?
-        redirect_to "http://" + (non_ssl_host || request.host) + request.request_uri
+        redirect_to "http://" + request.host + request.request_uri
         flash.keep
         return false
       end

data/lib/url_rewriter.rb CHANGED Viewed

@@ -6,44 +6,22 @@ module ActionController
     # Add a secure option to the rewrite method.
     def rewrite_with_secure_option(options = {})
       secure = options.delete(:secure)
-      # if secure && ssl check is not disabled, convert to full url with https
       if !secure.nil? && !SslRequirement.disable_ssl_check?
         if secure == true || secure == 1 || secure.to_s.downcase == "true"
           options.merge!({
             :only_path => false,
             :protocol => 'https'
           })
-          # if we've been told to use different host for ssl, use it
-          unless SslRequirement.ssl_host.nil?
-            options.merge! :host => SslRequirement.ssl_host
-          end
-        # make it non-ssl and use specified options
         else
           options.merge!({
+            :only_path => false,
             :protocol => 'http'
           })
         end
       end
       rewrite_without_secure_option(options)
     end
-    # if full URL is requested for http and we've been told to use a
-    # non-ssl host override, then use it
-    def rewrite_with_non_ssl_host(options)
-      if !options[:only_path] && !SslRequirement.non_ssl_host.nil?
-        if !(/^https/ =~ (options[:protocol] || @request.protocol))
-          options.merge! :host => SslRequirement.non_ssl_host
-        end
-      end
-      rewrite_without_non_ssl_host(options)
-    end
-    # want with_secure_option to get run first (so chain it last)
-    alias_method_chain :rewrite, :non_ssl_host
     alias_method_chain :rewrite, :secure_option
   end
 end

data/ssl_requirement.gemspec CHANGED Viewed

@@ -1,20 +1,20 @@
 Gem::Specification.new do |s|
   s.name = 'ssl_requirement'
-  s.version = '1.0.8'
-  s.date = '2009-06-22'
+  s.version = '1.0.200807043'
+  s.date = '2008-07-04'
   s.summary = "Allow controller actions to force SSL on specific parts of the site."
   s.description = "SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected."
-  s.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy']
-  s.email = 'percival@umamibud.com'
-  s.homepage = 'http://github.com/bmpercy/ssl_requirement'
+  s.authors = ['RailsJedi', 'David Heinemeier Hansson']
+  s.email = 'railsjedi@gmail.com'
+  s.homepage = 'http://github.com/jcnetdev/ssl_requirement'
   s.has_rdoc = true
   s.rdoc_options = ["--main", "README"]
   s.extra_rdoc_files = ["README"]
-  s.add_dependency 'rails', ['>= 2.2.2']
+  s.add_dependency 'rails', ['>= 2.1']
   s.files = ["README",
              "init.rb",
@@ -23,6 +23,6 @@ Gem::Specification.new do |s|
              "rails/init.rb",
              "ssl_requirement.gemspec"]
-  s.test_files = ["test/ssl_requirement_test.rb",
-                  "test/url_rewriter_test.rb"]
+  s.test_files = ["test/ssl_requirement_test.rb"]
 end

data/test/ssl_requirement_test.rb CHANGED Viewed

@@ -26,12 +26,6 @@ require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
 ActionController::Base.logger = nil
 ActionController::Routing::Routes.reload rescue nil
-# several test controllers to cover different combinations of requiring/
-# allowing/exceptions-ing SSL for controller actions
-# this first controller modifies the flash in every action so that flash
-# set in set_flash is eventually expired (see NOTE below...)
 class SslRequirementController < ActionController::Base
   include SslRequirement
@@ -39,25 +33,21 @@ class SslRequirementController < ActionController::Base
   ssl_allowed :c
   def a
-    flash[:abar] = "foo"
     render :nothing => true
   end
   def b
-    flash[:bbar] = "foo"
     render :nothing => true
   end
   def c
-    flash[:cbar] = "foo"
     render :nothing => true
   end
   def d
-    flash[:dbar] = "foo"
     render :nothing => true
   end
   def set_flash
     flash[:foo] = "bar"
   end
@@ -86,6 +76,9 @@ class SslExceptionController < ActionController::Base
     render :nothing => true
   end
+  def set_flash
+    flash[:foo] = "bar"
+  end
 end
 class SslAllActionsController < ActionController::Base
@@ -99,74 +92,42 @@ class SslAllActionsController < ActionController::Base
 end
-# NOTE: The only way I could get the flash tests to work under Rails 2.3.2
-#       (without resorting to IntegrationTest with some artificial session
-#       store) was to use TestCase. In TestCases, it appears that flash
-#       messages are effectively persisted in session after the last controller
-#       action that consumed them...so that when the TestCase inspects
-#       the FlashHash, it will find the flash still populated, even though
-#       the subsequent controller action won't see it.
-#
-#       In addition, if no changes are made to flash in subsequent requests, the
-#       flash is persisted forever. But if subsequent controller actions add to
-#       flash, the older flash messages eventually disappear.
-#
-#       As a result, the flash-related tests now make two requests after the
-#       set_flash, each of these requests is also modifying flash. flash is
-#       inspected after the second request returns.
-#
-#       This feels a little hacky, so if anyone can improve it, please do so!
-class SslRequirementTest < ActionController::TestCase
+class SslRequirementTest < Test::Unit::TestCase
   def setup
     @controller = SslRequirementController.new
-    @ssl_host_override = 'www.example.com:80443'
-    @non_ssl_host_override = 'www.example.com:8080'
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
   end
-  # flash-related tests
   def test_redirect_to_https_preserves_flash
-    assert_not_equal "on", @request.env["HTTPS"]
     get :set_flash
     get :b
-    assert_response :redirect       # check redirect happens (flash still set)
-    get :b                          # get again to flush flash
-    assert_response :redirect       # make sure it happens again
-    assert_equal "bar", flash[:foo] # the flash would be gone now if no redirect
+    assert_response :redirect
+    assert_equal "bar", flash[:foo]
   end
   def test_not_redirecting_to_https_does_not_preserve_the_flash
-    assert_not_equal "on", @request.env["HTTPS"]
     get :set_flash
     get :d
-    assert_response :success        # check no redirect (flash still set)
-    get :d                          # get again to flush flash
-    assert_response :success        # check no redirect
-    assert_nil flash[:foo]          # the flash should be gone now
+    assert_response :success
+    assert_nil flash[:foo]
   end
   def test_redirect_to_http_preserves_flash
     get :set_flash
     @request.env['HTTPS'] = "on"
     get :d
-    assert_response :redirect       # check redirect happens (flash still set)
-    get :d                          # get again to flush flash
-    assert_response :redirect       # make sure redirect happens
-    assert_equal "bar", flash[:foo] # flash would be gone now if no redirect
+    assert_response :redirect
+    assert_equal "bar", flash[:foo]
   end
   def test_not_redirecting_to_http_does_not_preserve_the_flash
     get :set_flash
     @request.env['HTTPS'] = "on"
     get :a
-    assert_response :success        # no redirect (flash still set)
-    get :a                          # get again to flush flash
-    assert_response :success        # no redirect
-    assert_nil flash[:foo]          # flash should be gone now
+    assert_response :success
+    assert_nil flash[:foo]
   end
-  # ssl required/allowed/exceptions testing
   def test_required_without_ssl
     assert_not_equal "on", @request.env["HTTPS"]
@@ -194,12 +155,13 @@ class SslRequirementTest < ActionController::TestCase
   def test_ssl_exceptions_without_ssl
     @controller = SslExceptionController.new
-    assert_not_equal "on", @request.env["HTTPS"]
     get :a
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
     get :b
     assert_response :success
     get :c # c is not explicity in ssl_required, but it is not listed in ssl_exceptions
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
@@ -210,6 +172,8 @@ class SslRequirementTest < ActionController::TestCase
     @request.env['HTTPS'] = "on"
     get :a
     assert_response :success
+    @request.env['HTTPS'] = "on"
     get :c
     assert_response :success
   end
@@ -217,6 +181,7 @@ class SslRequirementTest < ActionController::TestCase
   def test_ssl_all_actions_without_ssl
     @controller = SslAllActionsController.new
     get :a
     assert_response :redirect
     assert_match %r{^https://}, @response.headers['Location']
   end
@@ -251,50 +216,5 @@ class SslRequirementTest < ActionController::TestCase
   ensure
     SslRequirement.disable_ssl_check = false
   end
-  # testing overriding hostnames for ssl, non-ssl
-  # test for overriding (or not) the ssl_host and non_ssl_host variables
-  # using actions a (ssl required) and d (ssl not required or allowed)
-  def test_ssl_redirect_with_ssl_host
-    SslRequirement.ssl_host = @ssl_host_override
-    assert_not_equal "on", @request.env["HTTPS"]
-    get :a
-    assert_response :redirect
-    assert_match Regexp.new("^https://#{@ssl_host_override}"),
-                 @response.headers['Location']
-    SslRequirement.ssl_host = nil
-  end
-  def test_ssl_redirect_without_ssl_host
-    SslRequirement.ssl_host = nil
-    assert_not_equal "on", @request.env["HTTPS"]
-    get :a
-    assert_response :redirect
-    assert_match Regexp.new("^https://"), @response.headers['Location']
-    assert_no_match Regexp.new("^https://#{@ssl_host_override}"),
-                    @response.headers['Location']
-  end
-  def test_non_ssl_redirect_with_non_ssl_host
-    SslRequirement.non_ssl_host = @non_ssl_host_override
-    @request.env['HTTPS'] = 'on'
-    get :d
-    assert_response :redirect
-    assert_match Regexp.new("^http://#{@non_ssl_host_override}"),
-                 @response.headers['Location']
-    SslRequirement.non_ssl_host = nil
-  end
-  def test_non_ssl_redirect_without_non_ssl_host
-    SslRequirement.non_ssl_host = nil
-    @request.env['HTTPS'] = 'on'
-    get :d
-    assert_response :redirect
-    assert_match Regexp.new("^http://"), @response.headers['Location']
-    assert_no_match Regexp.new("^http://#{@non_ssl_host_override}"),
-                    @response.headers['Location']
-  end
-end
+end

metadata CHANGED Viewed

@@ -1,33 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: bcurren-ssl_requirement
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.200807043
 platform: ruby
 authors:
 - RailsJedi
 - David Heinemeier Hansson
-- jcnetdev
-- bcurren
-- bmpercy
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-06-22 00:00:00 -07:00
+date: 2008-07-04 00:00:00 -07:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  type: :runtime
   version_requirement:
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.2
+        version: "2.1"
     version:
 description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
-email: percival@umamibud.com
+email: railsjedi@gmail.com
 executables: []
 extensions: []
@@ -42,8 +38,7 @@ files:
 - rails/init.rb
 - ssl_requirement.gemspec
 has_rdoc: true
-homepage: http://github.com/bmpercy/ssl_requirement
-licenses:
+homepage: http://github.com/jcnetdev/ssl_requirement
 post_install_message:
 rdoc_options:
 - --main
@@ -65,10 +60,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project:
-rubygems_version: 1.3.5
+rubygems_version: 1.2.0
 signing_key:
 specification_version: 2
 summary: Allow controller actions to force SSL on specific parts of the site.
 test_files:
 - test/ssl_requirement_test.rb
-- test/url_rewriter_test.rb

data/test/url_rewriter_test.rb DELETED Viewed

@@ -1,142 +0,0 @@
-$:.unshift(File.dirname(__FILE__) + '/../lib')
-require 'rubygems'
-require 'test/unit'
-require 'action_controller'
-require 'action_controller/test_process'
-require "ssl_requirement"
-# Show backtraces for deprecated behavior for quicker cleanup.
-ActiveSupport::Deprecation.debug = true
-ActionController::Base.logger = nil
-ActionController::Routing::Routes.reload rescue nil
-class UrlRewriterTest < Test::Unit::TestCase
-  def setup
-    @request = ActionController::TestRequest.new
-    @params = {}
-    @rewriter = ActionController::UrlRewriter.new(@request, @params)
-    @ssl_host_override = "www.example.com:80443"
-    @non_ssl_host_override = "www.example.com:8080"
-    SslRequirement.ssl_host = nil
-    SslRequirement.non_ssl_host = nil
-    puts @url_rewriter.to_s
-  end
-  def test_rewrite_secure_false
-    SslRequirement.disable_ssl_check = false
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false,
-                        :only_path => true)
-    )
-    SslRequirement.disable_ssl_check = true
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false,
-                        :only_path => true)
-    )
-  end
-  def test_rewrite_secure_true
-    SslRequirement.disable_ssl_check = false
-    assert_equal('https://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
-    )
-    assert_equal('https://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
-    )
-    SslRequirement.disable_ssl_check = true
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
-    )
-  end
-  def test_rewrite_secure_not_specified
-    SslRequirement.disable_ssl_check = false
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a')
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
-    )
-    SslRequirement.disable_ssl_check = true
-    assert_equal('http://test.host/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a')
-    )
-    assert_equal('/c/a',
-      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
-    )
-  end
-  # tests for ssl_host overriding
-  def test_rewrite_secure_with_ssl_host
-    SslRequirement.disable_ssl_check = false
-    SslRequirement.ssl_host = @ssl_host_override
-    assert_equal("https://#{@ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => true))
-    assert_equal("https://#{@ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => true, :only_path => true))
-    SslRequirement.ssl_host = nil
-  end
-  def test_rewrite_non_secure_with_non_ssl_host
-    SslRequirement.disable_ssl_check = false
-    SslRequirement.non_ssl_host = @non_ssl_host_override
-    # with secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false, :only_path => true))
-    # without secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :only_path => true))
-    SslRequirement.non_ssl_host = nil
-  end
-  def test_rewrite_non_secure_with_non_ssl_host_disable_check
-    SslRequirement.disable_ssl_check = true
-    SslRequirement.non_ssl_host = @non_ssl_host_override
-    # with secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :secure => false, :only_path => true))
-    # without secure option
-    assert_equal("http://#{@non_ssl_host_override}/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
-    assert_equal("/c/a",
-                 @rewriter.rewrite(:controller => 'c', :action => 'a',
-                                   :only_path => true))
-    SslRequirement.non_ssl_host = nil
-  end
-end