merb-ssl-requirement 0.0.1 → 0.0.2

data/README

@@ -40,5 +40,18 @@ inclusion, it'll add the before filter that validates the declarations. Some
 times you'll want to run other before filters before that. They should then be
 declared ahead of including this module.
 
+Update Sat Feb 20, 2010: Added the ability to set a configuration parameter where you can specify which environments you want to exclude merb-ssl-requirement from enforcing ssl. This might be useful for testing and development environments where you don't have ssl certs in place. If you don't provide the configuration parameter or its value, merb-ssl-requirement still continues to function as expected. 
+
+Example:
+
+If you want to work in the development environment and you don't want ssl enforced then you can do the following in your-merb-app-base-dir/config/init.rb:
+
+Merb::Config.use do |c|
+  c[:ssl_requirement_excluded_environments] = ["development"]
+end
+
+Other environments, will continue to enforce ssl without being effected.
+
 Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
-Copyright (c) 2008 Steve Tooke
+Copyright (c) 2008 Steve Tooke
+Copyright (c) 2010 Lang Riley

data/Rakefile

@@ -5,7 +5,7 @@ require 'merb-core'
 require 'merb-core/tasks/merb'
 
 GEM_NAME = "merb-ssl-requirement"
-GEM_VERSION = "0.0.1"
+GEM_VERSION = "0.0.2"
 AUTHOR = "Steve Tooke"
 EMAIL = "steve.tooke@gmail.com"
 SUMMARY = "Merb plugin that provides ssl_requirement from rails"
@@ -48,4 +48,4 @@ task :gemspec do
   File.open("#{GEM_NAME}.gemspec", "w") do |file|
     file.puts spec.to_ruby
   end
-end
+end

data/lib/merb-ssl-requirement/ssl_requirement.rb

@@ -1,5 +1,6 @@
 # Copyright (c) 2005 David Heinemeier Hansson
 # Copyright (c) 2008 Steve Tooke
+# Copyright (c) 2010 Lang Riley
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -28,12 +29,10 @@ module SslRequirement
   module ClassMethods
     # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
     def ssl_required(*actions)
-      # write_inheritable_array(:ssl_required_actions, actions)
       self.ssl_required_actions.push(*actions)
     end
 
     def ssl_allowed(*actions)
-      # write_inheritable_array(:ssl_allowed_actions, actions)
       self.ssl_allowed_actions.push(*actions)
     end
     
@@ -47,25 +46,43 @@ module SslRequirement
   end
   
   protected
-    # Returns true if the current action is supposed to run as SSL
+    # Returns true if the current action is supposed to run as SSL and
+    # the application configuration (see README) has not specified the
+    # current environment to be exempt from ssl-requirement
+    # enforcement
     def ssl_required?
-      # (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
-      self.class.ssl_required_actions.include?(action_name.to_sym)
+
+      if exclude_ssl_requirement?
+        false
+      else
+        self.class.ssl_required_actions.include?(action_name.to_sym)
+      end
+      
     end
     
     def ssl_allowed?
       self.class.ssl_allowed_actions.include?(action_name.to_sym)
-      # (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
     end
 
   private
     def ensure_proper_protocol
       return true if ssl_allowed?
-      
+
       if ssl_required? && !request.ssl?
         throw :halt, redirect("https://" + request.host + request.uri)
       elsif request.ssl? && !ssl_required?
         throw :halt, redirect("http://" + request.host + request.uri)
       end
     end
-end
+
+    def exclude_ssl_requirement?
+
+      if Merb::Config.key?(:ssl_requirement_excluded_environments) and Merb::Config[:ssl_requirement_excluded_environments]
+        Merb::Config[:ssl_requirement_excluded_environments].include?(Merb.env)
+      else
+        false
+      end
+
+    end
+    
+end

data/spec/controllers/ssl-requirement.rb

@@ -23,4 +23,5 @@ class Secure < Merb::Controller
     # def set_flash
     #   flash[:foo] = "bar"
     # end
-end
+end
+

data/spec/ssl_requirement_spec.rb

@@ -25,6 +25,7 @@ describe "ssl_required" do
     controller.headers['Location'].should match(%r{^https://})
   end
   
+
   it "should allow https connection to required actions" do
     dispatch_to(Secure, :a, {}, 'HTTPS' => 'on').body.should == "a"
   end
@@ -40,4 +41,50 @@ describe "non-ssl actions" do
     controller.should redirect
     controller.headers['Location'].should match(%r{^http://})
   end
-end
+end
+
+
+describe "ssl_required behavior taking into account configuration" do
+  before(:each) do
+    Merb::Config.use do |c|
+      c[:ssl_requirement_excluded_environments] = ["test"]
+    end
+  end
+
+  it "should verify ability to set configuration parameter :ssl_requirement_excluded_environments in test environment" do
+    Merb::Config.key?(:ssl_requirement_excluded_environments).should be_true
+    Merb::Config[:ssl_requirement_excluded_environments].should == ["test"]
+  end
+    
+      
+  it "should not require ssl if the application configuration specifies the test environment as an environment excluded from enforcement" do
+    controller = dispatch_to(Secure, :a, {}, 'HTTPS' => nil)
+    controller.should_not redirect
+  end
+
+  it "should require ssl if the configuration does not specify :ssl_requirement_excluded_environments" do
+    Merb::Config.delete(:ssl_requirement_excluded_environments)
+    Merb::Config.key?(:ssl_requirement_excluded_environments).should be_false
+    controller = dispatch_to(Secure, :a, {}, 'HTTPS' => nil)
+    controller.should redirect
+    controller.headers['Location'].should match(%r{^https://})
+  end
+  
+  it "should require ssl if the configuration does specify :ssl_requirement_excluded_environments, but provides not initialized value" do
+    Merb::Config[:ssl_requirement_excluded_environments] = nil
+    controller = dispatch_to(Secure, :a, {}, 'HTTPS' => nil)
+    controller.should redirect
+    controller.headers['Location'].should match(%r{^https://})
+  end
+  
+  it "should require ssl if the configuration specifies an an environment, in :ssl_requirement_excluded_environments, that does not include 'test'" do
+    Merb::Config[:ssl_requirement_excluded_environments] = ["staging", "development"]
+    controller = dispatch_to(Secure, :a, {}, 'HTTPS' => nil)
+    controller.should redirect
+    controller.headers['Location'].should match(%r{^https://})
+  end
+  
+    
+    
+end
+  

metadata

@@ -1,10 +1,10 @@
 --- !ruby/object:Gem::Specification 
 name: merb-ssl-requirement
 version: !ruby/object:Gem::Version 
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors: 
-- Steve Tooke
+- Steve Tooke m7d
 autorequire: 
 bindir: bin
 cert_chain: []
@@ -69,6 +69,6 @@ rubyforge_project: merb
 rubygems_version: 1.3.5
 signing_key: 
 specification_version: 2
-summary: Merb plugin that provides ssl_requirement from rails
+summary: Merb plugin that provides ssl_requirement from rails but ensures http protocol when in test or development mode to make it easier to develop and test
 test_files: []