elucid-merb-ssl-requirement 0.0.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
+Copyright (c) 2008 Steve Tooke
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README

@@ -0,0 +1,44 @@
+SSL Requirement
+===============
+
+SSL requirement adds a declarative way of specifying that certain actions
+should only be allowed to run under SSL, and if they're accessed without it,
+they should be redirected.
+
+Example:
+
+  class Application < Merb::Controller
+    include SslRequirement
+  end
+
+  class Accounts < ApplicationController
+    ssl_required :signup, :payment
+    ssl_allowed :index
+    
+    def signup
+      # Non-SSL access will be redirected to SSL
+    end
+    
+    def payment
+      # Non-SSL access will be redirected to SSL
+    end
+
+    def index
+      # This action will work either with or without SSL
+    end
+
+    def other
+      # SSL access will be redirected to non-SSL
+    end
+  end
+  
+You can overwrite the protected method ssl_required? to rely on other things
+than just the declarative specification. Say, only premium accounts get SSL.
+
+P.S.: Beware when you include the SslRequirement module. At the time of
+inclusion, it'll add the before filter that validates the declarations. Some
+times you'll want to run other before filters before that. They should then be
+declared ahead of including this module.
+
+Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
+Copyright (c) 2008 Steve Tooke

data/Rakefile

@@ -0,0 +1,51 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+
+require 'merb-core'
+require 'merb-core/tasks/merb'
+
+GEM_NAME = "merb-ssl-requirement"
+GEM_VERSION = "0.0.1"
+AUTHOR = "Steve Tooke"
+EMAIL = "steve.tooke@gmail.com"
+SUMMARY = "Merb plugin that provides ssl_requirement from rails"
+HOMEPAGE = "http://www.merbivore.com"
+
+spec = Gem::Specification.new do |s|
+  s.rubyforge_project = 'merb'
+  s.name = GEM_NAME
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency('merb-core', '>= 0.9.10')
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+  
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the plugin as a gem"
+task :install do
+  Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Uninstall the gem"
+task :uninstall do
+  Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Create a gemspec file"
+task :gemspec do
+  File.open("#{GEM_NAME}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end

data/lib/merb-ssl-requirement.rb

@@ -0,0 +1 @@
+require "merb-ssl-requirement/ssl_requirement"

data/lib/merb-ssl-requirement/ssl_requirement.rb

@@ -0,0 +1,71 @@
+# Copyright (c) 2005 David Heinemeier Hansson
+# Copyright (c) 2008 Steve Tooke
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+module SslRequirement
+  def self.included(controller)
+    controller.extend(ClassMethods)
+    controller.before(:ensure_proper_protocol)
+  end
+
+  module ClassMethods
+    # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
+    def ssl_required(*actions)
+      # write_inheritable_array(:ssl_required_actions, actions)
+      self.ssl_required_actions.push(*actions)
+    end
+
+    def ssl_allowed(*actions)
+      # write_inheritable_array(:ssl_allowed_actions, actions)
+      self.ssl_allowed_actions.push(*actions)
+    end
+    
+    def ssl_required_actions
+      @ssl_required_actions ||= []
+    end
+    
+    def ssl_allowed_actions
+      @ssl_allowed_actions ||= []
+    end
+  end
+  
+  protected
+    # Returns true if the current action is supposed to run as SSL
+    def ssl_required?
+      # (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
+      self.class.ssl_required_actions.include?(action_name.to_sym)
+    end
+    
+    def ssl_allowed?
+      self.class.ssl_allowed_actions.include?(action_name.to_sym)
+      # (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
+    end
+
+  private
+    def ensure_proper_protocol
+      return true if ssl_allowed?
+      
+      if ssl_required? && !request.ssl?
+        throw :halt, redirect("https://" + request.host + request.uri)
+      elsif request.ssl? && !ssl_required?
+        throw :halt, redirect("http://" + request.host + request.uri)
+      end
+    end
+end

data/spec/controllers/ssl-requirement.rb

@@ -0,0 +1,26 @@
+class Secure < Merb::Controller
+  include SslRequirement
+  
+  ssl_required :a, :b
+  ssl_allowed :c
+  
+  def a
+    'a'
+  end
+  
+  def b
+    return 'b'
+  end
+  
+  def c
+    return 'c'
+  end
+  
+  def d
+    return 'd'
+  end
+    # 
+    # def set_flash
+    #   flash[:foo] = "bar"
+    # end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')
+ 
+require "rubygems"
+require "merb-core"
+require "merb-ssl-requirement"
+require File.dirname(__FILE__) / "controllers" / "ssl-requirement"
+require "spec"
+ 
+Merb.start :environment => 'test'
+ 
+Spec::Runner.configure do |config|
+  config.include Merb::Test::RequestHelper
+end

data/spec/ssl_requirement_spec.rb

@@ -0,0 +1,43 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe "SslRequirement" do
+  
+  it "should not accidently introduce any methods as controller actions" do
+    Merb::Controller.callable_actions.should be_empty
+  end
+  
+end
+
+describe "ssl_allowed" do
+  it "should allow http connection to allowed action" do
+    dispatch_to(Secure, :c, {}, 'HTTPS' => nil).body.should == "c"
+  end
+  
+  it "should allow https connection to allowed action" do
+    dispatch_to(Secure, :c, {}, 'HTTPS' => 'on').body.should == "c" 
+  end
+end
+
+describe "ssl_required" do
+  it "should redirect http to https for required actions" do
+    controller = dispatch_to(Secure, :a, {}, 'HTTPS' => nil)
+    controller.should redirect
+    controller.headers['Location'].should match(%r{^https://})
+  end
+  
+  it "should allow https connection to required actions" do
+    dispatch_to(Secure, :a, {}, 'HTTPS' => 'on').body.should == "a"
+  end
+end
+
+describe "non-ssl actions" do
+  it "should allow http connection" do
+    dispatch_to(Secure, :d, {}, 'HTTPS' => nil).body.should == "d"
+  end
+  
+  it "should redirect https connection to http" do
+    controller = dispatch_to(Secure, :d, {}, 'HTTPS' => 'on')
+    controller.should redirect
+    controller.headers['Location'].should match(%r{^http://})
+  end
+end

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification 
+name: elucid-merb-ssl-requirement
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Steve Tooke
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2008-10-27 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: merb-core
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.9.10
+    version: 
+description: Merb plugin that provides ssl_requirement from rails
+email: steve.tooke@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- LICENSE
+- TODO
+files: 
+- LICENSE
+- README
+- Rakefile
+- TODO
+- lib/merb-ssl-requirement
+- lib/merb-ssl-requirement/ssl_requirement.rb
+- lib/merb-ssl-requirement.rb
+- spec/controllers
+- spec/controllers/ssl-requirement.rb
+- spec/spec_helper.rb
+- spec/ssl_requirement_spec.rb
+has_rdoc: true
+homepage: http://www.merbivore.com
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: merb
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Merb plugin that provides ssl_requirement from rails
+test_files: []
+