elucid-merb-ssl-requirement 0.0.3 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README +12 -13
- data/Rakefile +10 -6
- data/lib/merb-ssl-requirement/ssl_requirement.rb +29 -12
- data/spec/controllers/ssl-requirement.rb +8 -7
- data/spec/spec_helper.rb +4 -4
- data/spec/ssl_requirement_spec.rb +17 -7
- metadata +6 -7
data/README
CHANGED
@@ -5,10 +5,6 @@ SSL requirement adds a declarative way of specifying that certain actions
|
|
5
5
|
should only be allowed to run under SSL, and if they're accessed without it,
|
6
6
|
they should be redirected.
|
7
7
|
|
8
|
-
note: unlike the Rails plugin of which this is a port, this plugin does not
|
9
|
-
provide an ssl_allowed method. actions that have not been specified as SSL
|
10
|
-
only can run either with or without and will not be redirected to http.
|
11
|
-
|
12
8
|
Example:
|
13
9
|
|
14
10
|
class Application < Merb::Controller
|
@@ -17,21 +13,25 @@ Example:
|
|
17
13
|
|
18
14
|
class Accounts < ApplicationController
|
19
15
|
ssl_required :signup, :payment
|
20
|
-
|
16
|
+
ssl_allowed :index
|
17
|
+
|
21
18
|
def signup
|
22
|
-
#
|
19
|
+
# Non-SSL access will be redirected to SSL
|
23
20
|
end
|
24
|
-
|
21
|
+
|
25
22
|
def payment
|
26
|
-
#
|
23
|
+
# Non-SSL access will be redirected to SSL
|
24
|
+
end
|
25
|
+
|
26
|
+
def index
|
27
|
+
# This action will work either with or without SSL
|
27
28
|
end
|
28
29
|
|
29
30
|
def other
|
30
|
-
#
|
31
|
-
# and will not be redirected to a different protocol
|
31
|
+
# SSL access will be redirected to non-SSL
|
32
32
|
end
|
33
33
|
end
|
34
|
-
|
34
|
+
|
35
35
|
You can overwrite the protected method ssl_required? to rely on other things
|
36
36
|
than just the declarative specification. Say, only premium accounts get SSL.
|
37
37
|
|
@@ -41,5 +41,4 @@ times you'll want to run other before filters before that. They should then be
|
|
41
41
|
declared ahead of including this module.
|
42
42
|
|
43
43
|
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
|
44
|
-
Copyright (c) 2008 Steve Tooke
|
45
|
-
Copyright (c) 2008 Justin Giancola
|
44
|
+
Copyright (c) 2008 Steve Tooke
|
data/Rakefile
CHANGED
@@ -5,12 +5,14 @@ require 'merb-core'
|
|
5
5
|
require 'merb-core/tasks/merb'
|
6
6
|
|
7
7
|
GEM_NAME = "merb-ssl-requirement"
|
8
|
-
GEM_VERSION = "0.0
|
9
|
-
|
10
|
-
EMAIL = "
|
11
|
-
SUMMARY = "Merb plugin
|
8
|
+
GEM_VERSION = "0.1.0"
|
9
|
+
AUTHOR = "Steve Tooke"
|
10
|
+
EMAIL = "steve.tooke@gmail.com"
|
11
|
+
SUMMARY = "Merb plugin that provides ssl_requirement from rails"
|
12
|
+
HOMEPAGE = "http://www.merbivore.com"
|
12
13
|
|
13
14
|
spec = Gem::Specification.new do |s|
|
15
|
+
s.rubyforge_project = 'merb'
|
14
16
|
s.name = GEM_NAME
|
15
17
|
s.version = GEM_VERSION
|
16
18
|
s.platform = Gem::Platform::RUBY
|
@@ -18,11 +20,13 @@ spec = Gem::Specification.new do |s|
|
|
18
20
|
s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
|
19
21
|
s.summary = SUMMARY
|
20
22
|
s.description = s.summary
|
21
|
-
s.
|
23
|
+
s.author = AUTHOR
|
22
24
|
s.email = EMAIL
|
25
|
+
s.homepage = HOMEPAGE
|
23
26
|
s.add_dependency('merb-core', '>= 0.9.10')
|
24
27
|
s.require_path = 'lib'
|
25
28
|
s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
|
29
|
+
|
26
30
|
end
|
27
31
|
|
28
32
|
Rake::GemPackageTask.new(spec) do |pkg|
|
@@ -44,4 +48,4 @@ task :gemspec do
|
|
44
48
|
File.open("#{GEM_NAME}.gemspec", "w") do |file|
|
45
49
|
file.puts spec.to_ruby
|
46
50
|
end
|
47
|
-
end
|
51
|
+
end
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# Copyright (c) 2005 David Heinemeier Hansson
|
2
2
|
# Copyright (c) 2008 Steve Tooke
|
3
|
-
# Copyright (c) 2008 Justin Giancola
|
4
3
|
#
|
5
4
|
# Permission is hereby granted, free of charge, to any person obtaining
|
6
5
|
# a copy of this software and associated documentation files (the
|
@@ -33,22 +32,40 @@ module SslRequirement
|
|
33
32
|
self.ssl_required_actions.push(*actions)
|
34
33
|
end
|
35
34
|
|
35
|
+
def ssl_allowed(*actions)
|
36
|
+
# write_inheritable_array(:ssl_allowed_actions, actions)
|
37
|
+
self.ssl_allowed_actions.push(*actions)
|
38
|
+
end
|
39
|
+
|
36
40
|
def ssl_required_actions
|
37
41
|
@ssl_required_actions ||= []
|
38
42
|
end
|
43
|
+
|
44
|
+
def ssl_allowed_actions
|
45
|
+
@ssl_allowed_actions ||= []
|
46
|
+
end
|
39
47
|
end
|
40
|
-
|
48
|
+
|
41
49
|
protected
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
50
|
+
# Returns true if the current action is supposed to run as SSL
|
51
|
+
def ssl_required?
|
52
|
+
# (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
|
53
|
+
self.class.ssl_required_actions.include?(action_name.to_sym)
|
54
|
+
end
|
55
|
+
|
56
|
+
def ssl_allowed?
|
57
|
+
self.class.ssl_allowed_actions.include?(action_name.to_sym)
|
58
|
+
# (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
|
59
|
+
end
|
47
60
|
|
48
61
|
private
|
49
|
-
|
50
|
-
|
51
|
-
|
62
|
+
def ensure_proper_protocol
|
63
|
+
return true if ssl_allowed?
|
64
|
+
|
65
|
+
if ssl_required? && !request.ssl?
|
66
|
+
throw :halt, redirect("https://" + request.host + request.uri)
|
67
|
+
elsif request.ssl? && !ssl_required?
|
68
|
+
throw :halt, redirect("http://" + request.host + request.uri)
|
69
|
+
end
|
52
70
|
end
|
53
|
-
|
54
|
-
end
|
71
|
+
end
|
@@ -1,25 +1,26 @@
|
|
1
1
|
class Secure < Merb::Controller
|
2
2
|
include SslRequirement
|
3
|
-
|
3
|
+
|
4
4
|
ssl_required :a, :b
|
5
|
-
|
5
|
+
ssl_allowed :c
|
6
|
+
|
6
7
|
def a
|
7
8
|
'a'
|
8
9
|
end
|
9
|
-
|
10
|
+
|
10
11
|
def b
|
11
12
|
return 'b'
|
12
13
|
end
|
13
|
-
|
14
|
+
|
14
15
|
def c
|
15
16
|
return 'c'
|
16
17
|
end
|
17
|
-
|
18
|
+
|
18
19
|
def d
|
19
20
|
return 'd'
|
20
21
|
end
|
21
|
-
#
|
22
|
+
#
|
22
23
|
# def set_flash
|
23
24
|
# flash[:foo] = "bar"
|
24
25
|
# end
|
25
|
-
end
|
26
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
$:.push File.join(File.dirname(__FILE__), '..', 'lib')
|
2
|
-
|
2
|
+
|
3
3
|
require "rubygems"
|
4
4
|
require "merb-core"
|
5
5
|
require "merb-ssl-requirement"
|
6
6
|
require File.dirname(__FILE__) / "controllers" / "ssl-requirement"
|
7
7
|
require "spec"
|
8
|
-
|
8
|
+
|
9
9
|
Merb.start :environment => 'test'
|
10
|
-
|
10
|
+
|
11
11
|
Spec::Runner.configure do |config|
|
12
12
|
config.include Merb::Test::RequestHelper
|
13
|
-
end
|
13
|
+
end
|
@@ -1,11 +1,21 @@
|
|
1
1
|
require File.dirname(__FILE__) + '/spec_helper'
|
2
2
|
|
3
3
|
describe "SslRequirement" do
|
4
|
-
|
4
|
+
|
5
5
|
it "should not accidently introduce any methods as controller actions" do
|
6
6
|
Merb::Controller.callable_actions.should be_empty
|
7
7
|
end
|
8
|
+
|
9
|
+
end
|
8
10
|
|
11
|
+
describe "ssl_allowed" do
|
12
|
+
it "should allow http connection to allowed action" do
|
13
|
+
dispatch_to(Secure, :c, {}, 'HTTPS' => nil).body.should == "c"
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should allow https connection to allowed action" do
|
17
|
+
dispatch_to(Secure, :c, {}, 'HTTPS' => 'on').body.should == "c"
|
18
|
+
end
|
9
19
|
end
|
10
20
|
|
11
21
|
describe "ssl_required" do
|
@@ -14,7 +24,7 @@ describe "ssl_required" do
|
|
14
24
|
controller.should redirect
|
15
25
|
controller.headers['Location'].should match(%r{^https://})
|
16
26
|
end
|
17
|
-
|
27
|
+
|
18
28
|
it "should allow https connection to required actions" do
|
19
29
|
dispatch_to(Secure, :a, {}, 'HTTPS' => 'on').body.should == "a"
|
20
30
|
end
|
@@ -24,10 +34,10 @@ describe "non-ssl actions" do
|
|
24
34
|
it "should allow http connection" do
|
25
35
|
dispatch_to(Secure, :d, {}, 'HTTPS' => nil).body.should == "d"
|
26
36
|
end
|
27
|
-
|
28
|
-
it "should
|
37
|
+
|
38
|
+
it "should redirect https connection to http" do
|
29
39
|
controller = dispatch_to(Secure, :d, {}, 'HTTPS' => 'on')
|
30
|
-
controller.
|
31
|
-
controller.
|
40
|
+
controller.should redirect
|
41
|
+
controller.headers['Location'].should match(%r{^http://})
|
32
42
|
end
|
33
|
-
end
|
43
|
+
end
|
metadata
CHANGED
@@ -1,11 +1,10 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: elucid-merb-ssl-requirement
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Steve Tooke
|
8
|
-
- Justin Giancola
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
@@ -23,8 +22,8 @@ dependencies:
|
|
23
22
|
- !ruby/object:Gem::Version
|
24
23
|
version: 0.9.10
|
25
24
|
version:
|
26
|
-
description:
|
27
|
-
email:
|
25
|
+
description: Merb plugin that provides ssl_requirement from rails
|
26
|
+
email: steve.tooke@gmail.com
|
28
27
|
executables: []
|
29
28
|
|
30
29
|
extensions: []
|
@@ -46,7 +45,7 @@ files:
|
|
46
45
|
- spec/spec_helper.rb
|
47
46
|
- spec/ssl_requirement_spec.rb
|
48
47
|
has_rdoc: true
|
49
|
-
homepage:
|
48
|
+
homepage: http://www.merbivore.com
|
50
49
|
post_install_message:
|
51
50
|
rdoc_options: []
|
52
51
|
|
@@ -66,10 +65,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
66
65
|
version:
|
67
66
|
requirements: []
|
68
67
|
|
69
|
-
rubyforge_project:
|
68
|
+
rubyforge_project: merb
|
70
69
|
rubygems_version: 1.2.0
|
71
70
|
signing_key:
|
72
71
|
specification_version: 2
|
73
|
-
summary:
|
72
|
+
summary: Merb plugin that provides ssl_requirement from rails
|
74
73
|
test_files: []
|
75
74
|
|