mattetti-merb-ssl-requirement 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +20 -0
- data/README +44 -0
- data/Rakefile +51 -0
- data/TODO +0 -0
- data/lib/merb-ssl-requirement.rb +1 -0
- data/lib/merb-ssl-requirement/ssl_requirement.rb +71 -0
- data/spec/controllers/ssl-requirement.rb +26 -0
- data/spec/spec_helper.rb +13 -0
- data/spec/ssl_requirement_spec.rb +43 -0
- metadata +75 -0
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
|
2
|
+
Copyright (c) 2008 Steve Tooke
|
3
|
+
|
4
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
5
|
+
of this software and associated documentation files (the "Software"), to deal
|
6
|
+
in the Software without restriction, including without limitation the rights
|
7
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
8
|
+
copies of the Software, and to permit persons to whom the Software is
|
9
|
+
furnished to do so, subject to the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be included in
|
12
|
+
all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
16
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
17
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
18
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
19
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
20
|
+
THE SOFTWARE.
|
data/README
ADDED
@@ -0,0 +1,44 @@
|
|
1
|
+
SSL Requirement
|
2
|
+
===============
|
3
|
+
|
4
|
+
SSL requirement adds a declarative way of specifying that certain actions
|
5
|
+
should only be allowed to run under SSL, and if they're accessed without it,
|
6
|
+
they should be redirected.
|
7
|
+
|
8
|
+
Example:
|
9
|
+
|
10
|
+
class Application < Merb::Controller
|
11
|
+
include SslRequirement
|
12
|
+
end
|
13
|
+
|
14
|
+
class Accounts < ApplicationController
|
15
|
+
ssl_required :signup, :payment
|
16
|
+
ssl_allowed :index
|
17
|
+
|
18
|
+
def signup
|
19
|
+
# Non-SSL access will be redirected to SSL
|
20
|
+
end
|
21
|
+
|
22
|
+
def payment
|
23
|
+
# Non-SSL access will be redirected to SSL
|
24
|
+
end
|
25
|
+
|
26
|
+
def index
|
27
|
+
# This action will work either with or without SSL
|
28
|
+
end
|
29
|
+
|
30
|
+
def other
|
31
|
+
# SSL access will be redirected to non-SSL
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
You can overwrite the protected method ssl_required? to rely on other things
|
36
|
+
than just the declarative specification. Say, only premium accounts get SSL.
|
37
|
+
|
38
|
+
P.S.: Beware when you include the SslRequirement module. At the time of
|
39
|
+
inclusion, it'll add the before filter that validates the declarations. Some
|
40
|
+
times you'll want to run other before filters before that. They should then be
|
41
|
+
declared ahead of including this module.
|
42
|
+
|
43
|
+
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
|
44
|
+
Copyright (c) 2008 Steve Tooke
|
data/Rakefile
ADDED
@@ -0,0 +1,51 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake/gempackagetask'
|
3
|
+
|
4
|
+
require 'merb-core'
|
5
|
+
require 'merb-core/tasks/merb'
|
6
|
+
|
7
|
+
GEM_NAME = "merb-ssl-requirement"
|
8
|
+
GEM_VERSION = "0.0.1"
|
9
|
+
AUTHOR = "Steve Tooke"
|
10
|
+
EMAIL = "steve.tooke@gmail.com"
|
11
|
+
SUMMARY = "Merb plugin that provides ssl_requirement from rails"
|
12
|
+
HOMEPAGE = "http://www.merbivore.com"
|
13
|
+
|
14
|
+
spec = Gem::Specification.new do |s|
|
15
|
+
s.rubyforge_project = 'merb'
|
16
|
+
s.name = GEM_NAME
|
17
|
+
s.version = GEM_VERSION
|
18
|
+
s.platform = Gem::Platform::RUBY
|
19
|
+
s.has_rdoc = true
|
20
|
+
s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
|
21
|
+
s.summary = SUMMARY
|
22
|
+
s.description = s.summary
|
23
|
+
s.author = AUTHOR
|
24
|
+
s.email = EMAIL
|
25
|
+
s.homepage = HOMEPAGE
|
26
|
+
s.add_dependency('merb-core', '>= 0.9.10')
|
27
|
+
s.require_path = 'lib'
|
28
|
+
s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
Rake::GemPackageTask.new(spec) do |pkg|
|
33
|
+
pkg.gem_spec = spec
|
34
|
+
end
|
35
|
+
|
36
|
+
desc "install the plugin as a gem"
|
37
|
+
task :install do
|
38
|
+
Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
|
39
|
+
end
|
40
|
+
|
41
|
+
desc "Uninstall the gem"
|
42
|
+
task :uninstall do
|
43
|
+
Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
|
44
|
+
end
|
45
|
+
|
46
|
+
desc "Create a gemspec file"
|
47
|
+
task :gemspec do
|
48
|
+
File.open("#{GEM_NAME}.gemspec", "w") do |file|
|
49
|
+
file.puts spec.to_ruby
|
50
|
+
end
|
51
|
+
end
|
data/TODO
ADDED
File without changes
|
@@ -0,0 +1 @@
|
|
1
|
+
require "merb-ssl-requirement/ssl_requirement"
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# Copyright (c) 2005 David Heinemeier Hansson
|
2
|
+
# Copyright (c) 2008 Steve Tooke
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
module SslRequirement
|
23
|
+
def self.included(controller)
|
24
|
+
controller.extend(ClassMethods)
|
25
|
+
controller.before(:ensure_proper_protocol)
|
26
|
+
end
|
27
|
+
|
28
|
+
module ClassMethods
|
29
|
+
# Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
|
30
|
+
def ssl_required(*actions)
|
31
|
+
# write_inheritable_array(:ssl_required_actions, actions)
|
32
|
+
self.ssl_required_actions.push(*actions)
|
33
|
+
end
|
34
|
+
|
35
|
+
def ssl_allowed(*actions)
|
36
|
+
# write_inheritable_array(:ssl_allowed_actions, actions)
|
37
|
+
self.ssl_allowed_actions.push(*actions)
|
38
|
+
end
|
39
|
+
|
40
|
+
def ssl_required_actions
|
41
|
+
@ssl_required_actions ||= []
|
42
|
+
end
|
43
|
+
|
44
|
+
def ssl_allowed_actions
|
45
|
+
@ssl_allowed_actions ||= []
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
protected
|
50
|
+
# Returns true if the current action is supposed to run as SSL
|
51
|
+
def ssl_required?
|
52
|
+
# (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
|
53
|
+
self.class.ssl_required_actions.include?(action_name.to_sym)
|
54
|
+
end
|
55
|
+
|
56
|
+
def ssl_allowed?
|
57
|
+
self.class.ssl_allowed_actions.include?(action_name.to_sym)
|
58
|
+
# (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
|
59
|
+
end
|
60
|
+
|
61
|
+
private
|
62
|
+
def ensure_proper_protocol
|
63
|
+
return true if ssl_allowed?
|
64
|
+
|
65
|
+
if ssl_required? && !request.ssl?
|
66
|
+
throw :halt, redirect("https://" + request.host + request.uri)
|
67
|
+
elsif request.ssl? && !ssl_required?
|
68
|
+
throw :halt, redirect("http://" + request.host + request.uri)
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
class Secure < Merb::Controller
|
2
|
+
include SslRequirement
|
3
|
+
|
4
|
+
ssl_required :a, :b
|
5
|
+
ssl_allowed :c
|
6
|
+
|
7
|
+
def a
|
8
|
+
'a'
|
9
|
+
end
|
10
|
+
|
11
|
+
def b
|
12
|
+
return 'b'
|
13
|
+
end
|
14
|
+
|
15
|
+
def c
|
16
|
+
return 'c'
|
17
|
+
end
|
18
|
+
|
19
|
+
def d
|
20
|
+
return 'd'
|
21
|
+
end
|
22
|
+
#
|
23
|
+
# def set_flash
|
24
|
+
# flash[:foo] = "bar"
|
25
|
+
# end
|
26
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
$:.push File.join(File.dirname(__FILE__), '..', 'lib')
|
2
|
+
|
3
|
+
require "rubygems"
|
4
|
+
require "merb-core"
|
5
|
+
require "merb-ssl-requirement"
|
6
|
+
require File.dirname(__FILE__) / "controllers" / "ssl-requirement"
|
7
|
+
require "spec"
|
8
|
+
|
9
|
+
Merb.start :environment => 'test'
|
10
|
+
|
11
|
+
Spec::Runner.configure do |config|
|
12
|
+
config.include Merb::Test::RequestHelper
|
13
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/spec_helper'
|
2
|
+
|
3
|
+
describe "SslRequirement" do
|
4
|
+
|
5
|
+
it "should not accidently introduce any methods as controller actions" do
|
6
|
+
Merb::Controller.callable_actions.should be_empty
|
7
|
+
end
|
8
|
+
|
9
|
+
end
|
10
|
+
|
11
|
+
describe "ssl_allowed" do
|
12
|
+
it "should allow http connection to allowed action" do
|
13
|
+
dispatch_to(Secure, :c, {}, 'HTTPS' => nil).body.should == "c"
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should allow https connection to allowed action" do
|
17
|
+
dispatch_to(Secure, :c, {}, 'HTTPS' => 'on').body.should == "c"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe "ssl_required" do
|
22
|
+
it "should redirect http to https for required actions" do
|
23
|
+
controller = dispatch_to(Secure, :a, {}, 'HTTPS' => nil)
|
24
|
+
controller.should redirect
|
25
|
+
controller.headers['Location'].should match(%r{^https://})
|
26
|
+
end
|
27
|
+
|
28
|
+
it "should allow https connection to required actions" do
|
29
|
+
dispatch_to(Secure, :a, {}, 'HTTPS' => 'on').body.should == "a"
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
describe "non-ssl actions" do
|
34
|
+
it "should allow http connection" do
|
35
|
+
dispatch_to(Secure, :d, {}, 'HTTPS' => nil).body.should == "d"
|
36
|
+
end
|
37
|
+
|
38
|
+
it "should redirect https connection to http" do
|
39
|
+
controller = dispatch_to(Secure, :d, {}, 'HTTPS' => 'on')
|
40
|
+
controller.should redirect
|
41
|
+
controller.headers['Location'].should match(%r{^http://})
|
42
|
+
end
|
43
|
+
end
|
metadata
ADDED
@@ -0,0 +1,75 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: mattetti-merb-ssl-requirement
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Steve Tooke
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2008-10-27 00:00:00 -07:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: merb-core
|
17
|
+
type: :runtime
|
18
|
+
version_requirement:
|
19
|
+
version_requirements: !ruby/object:Gem::Requirement
|
20
|
+
requirements:
|
21
|
+
- - ">="
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: 0.9.10
|
24
|
+
version:
|
25
|
+
description: Merb plugin that provides ssl_requirement from rails
|
26
|
+
email: steve.tooke@gmail.com
|
27
|
+
executables: []
|
28
|
+
|
29
|
+
extensions: []
|
30
|
+
|
31
|
+
extra_rdoc_files:
|
32
|
+
- README
|
33
|
+
- LICENSE
|
34
|
+
- TODO
|
35
|
+
files:
|
36
|
+
- LICENSE
|
37
|
+
- README
|
38
|
+
- Rakefile
|
39
|
+
- TODO
|
40
|
+
- lib/merb-ssl-requirement
|
41
|
+
- lib/merb-ssl-requirement/ssl_requirement.rb
|
42
|
+
- lib/merb-ssl-requirement.rb
|
43
|
+
- spec/controllers
|
44
|
+
- spec/controllers/ssl-requirement.rb
|
45
|
+
- spec/spec_helper.rb
|
46
|
+
- spec/ssl_requirement_spec.rb
|
47
|
+
has_rdoc: true
|
48
|
+
homepage: http://www.merbivore.com
|
49
|
+
licenses:
|
50
|
+
post_install_message:
|
51
|
+
rdoc_options: []
|
52
|
+
|
53
|
+
require_paths:
|
54
|
+
- lib
|
55
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
56
|
+
requirements:
|
57
|
+
- - ">="
|
58
|
+
- !ruby/object:Gem::Version
|
59
|
+
version: "0"
|
60
|
+
version:
|
61
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
62
|
+
requirements:
|
63
|
+
- - ">="
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: "0"
|
66
|
+
version:
|
67
|
+
requirements: []
|
68
|
+
|
69
|
+
rubyforge_project: merb
|
70
|
+
rubygems_version: 1.3.5
|
71
|
+
signing_key:
|
72
|
+
specification_version: 2
|
73
|
+
summary: Merb plugin that provides ssl_requirement from rails
|
74
|
+
test_files: []
|
75
|
+
|