panmind-sslhelper 0.8.0

data/README.md

@@ -0,0 +1,100 @@
+SSLHelper: an SSL plugin for Rails
+==================================
+
+Purpose
+-------
+
+This plugin implements the same features as Rails' ssl_requirement plugin,
+plus builds on existing named route helpers by adding `plain_` and `ssl_`
+counterparts.
+
+Installation
+------------
+
+Via RubyGems:
+
+    gem install panmind-sslhelper
+
+Or via Rails Plugin:
+
+    script/plugin install git://github.com/Panmind/ssl_helper.git
+
+Usage
+-----
+
+After you get the plugin loaded, you'll have `plain_` and `ssl_` counterparts
+to all your named route helpers, e.g.: `ssl_root_url` or `plain_user_url(user)`
+
+You can use them in your views, controllers and functional tests, as they were
+built in into the framework.
+
+Views:
+
+    <%= link_to 'login', ssl_login_url %>
+    <%= link_to 'home', plain_root_url %>
+
+Controllers:
+
+    def foo
+      redirect_to ssl_foos_url
+    end
+
+Functionals:
+
+    context "an admin" do
+      should "access admin area only via SSL" do
+        setup { login_as @admin }
+
+        without_ssl do
+          get :index
+          assert_redirected_to ssl_admin_url
+        end
+
+        with_ssl do
+          get :index
+          assert_response :success
+        end
+      end
+    end
+
+The additional `with_ssl`, `without_ssl`, `use_ssl` and `forget_ssl` are
+available in your tests. The first two ones accept blocks evaluated with
+SSL set or unset, the others set/unset SSL for a number of consecutive
+tests (e.g. use them in your `setup` method).
+
+
+Compatibility
+-------------
+
+Tested with Rails 2.3.8 running under Ruby 1.9.1-p378.
+
+
+Server configuration
+--------------------
+
+The plugin relies on the HTTPS server variable, that is set automatically by
+Rails if the `X-Forwarded-Proto` header is set to `https`. To avoid clients
+setting that header, take care to add a `proxy_set_header` in your nginx
+config file, such as:
+
+    server {
+      listen 80;
+      #
+      # your configuration
+      #
+      location / {
+        proxy_set_header X-Forwarded-Proto http;
+      }
+    }
+
+    server {
+      listen 443;
+      #
+      # your configuration
+      #
+      location / {
+        proxy_set_header X-Forwarded-Proto https;
+      }
+    }
+
+For Apache, you're on your own for now :-) more documentation will follow!

data/Rakefile

@@ -0,0 +1,49 @@
+require 'rake'
+require 'rake/rdoctask'
+
+require 'lib/panmind/ssl_helper'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name             = 'panmind-sslhelper'
+
+    gemspec.summary          = 'SSL requirement filters and SSL-aware named route helpers for Rails apps'
+    gemspec.description      = 'SSLHelper provides controller helpers to require/refuse SSL onto '  \
+                               'specific actions, test helpers to verify controller behaviours '    \
+                               'and named route counterparts (e.g. ssl_login_url) to clean up your '\
+                               'view and controller code. HTTP(S) ports are configurable.'
+
+    gemspec.authors          = ['Marcello Barnaba']
+    gemspec.email            = 'vjt@openssl.it'
+    gemspec.homepage         = 'http://github.com/Panmind/ssl_helper'
+
+    gemspec.files            = %w( README.md Rakefile rails/init.rb ) + Dir['lib/**/*']
+    gemspec.extra_rdoc_files = %w( README.md )
+    gemspec.has_rdoc         = true
+
+    gemspec.version          = Panmind::SSLHelper::Version
+    gemspec.date             = '2010-07-31'
+
+    gemspec.require_path     = 'lib'
+
+    gemspec.add_dependency('rails', '>= 2.3.8')
+  end
+rescue LoadError
+  puts 'Jeweler not available. Install it with: gem install jeweler'
+end
+
+desc 'Generate the rdoc'
+Rake::RDocTask.new do |rdoc|
+  rdoc.rdoc_files.add %w( README.md lib/**/*.rb )
+
+  rdoc.main  = 'README.md'
+  rdoc.title = 'SSL requirement filters and SSL-aware named route helpers for Rails apps'
+end
+
+desc 'Will someone help write tests?'
+task :default do
+  puts
+  puts 'Can you help in writing tests? Please do :-)'
+  puts
+end

data/lib/panmind/ssl_helper/railtie.rb

@@ -0,0 +1,13 @@
+module Panmind
+  module SSLHelper
+
+    class Railtie
+      def self.insert
+        ActionController::Routing::Routes.extend(Panmind::SSLHelper::Routing)
+        ActionController::Base.instance_eval { include Panmind::SSLHelper::Filters }
+        ActiveSupport::TestCase.instance_eval { include Panmind::SSLHelper::TestHelpers } if Rails.env.test?
+      end
+    end
+
+  end
+end

data/lib/panmind/ssl_helper.rb

@@ -0,0 +1,181 @@
+require 'panmind/ssl_helper/railtie'
+
+module Panmind
+  module SSLHelper
+    Version     = '0.8.0'
+
+    WITH_SSL    = {:protocol => 'https'}
+    WITHOUT_SSL = {:protocol => 'http' }
+
+    def self.set(options = {})
+      return if Rails.env.test? # Because tests make assumptions we cannot break
+
+      https_port = (options[:https_port] || 443).to_i
+      http_port  = (options[:http_port]  || 80 ).to_i
+
+      # if we use non-standard ports we must explictly use them in the URIs
+      if https_port != 443 || http_port != 80
+        WITH_SSL.update(:port => https_port)
+        WITHOUT_SSL.update(:port => http_port)
+      end
+    end
+
+    module Routing
+      def reload!
+        returning super do
+          helpers = create_ssl_helpers
+          return unless helpers # Not ready yet.
+
+          classes = [
+            ActionController::Base,
+            ActionController::Integration::Session,
+            ActionController::TestCase,
+
+            ActionView::Base
+          ]
+
+          # Include the helper_module into each class to patch.
+          #
+          classes.each {|k| k.instance_eval { include helpers } }
+
+          # Set the helpers as public in the AC::Integration::Session class
+          # for easy testing in the console.
+          #
+          ActionController::Integration::Session.module_eval do
+            public *helpers.instance_methods
+          end
+        end
+      end
+
+      # Populates the @ssl_helpers module with ssl_ and plain_ helper
+      # counterparts for all defined named route helpers.
+      #
+      # Tries to use the ActionController::Routing::Routes private Rails
+      # API, falls back to regexp filtering if it is not available.
+      #
+      def create_ssl_helpers
+        @ssl_helpers ||= Module.new
+        return @ssl_helpers if @ssl_helpers.frozen?
+
+        route_helpers =
+          if defined? ActionController::Routing::Routes.named_routes.helpers
+            # This is a Private Rails API, so we check whether it's defined
+            # and reject all the hash_for_*() and the *_path() helpers.
+            #
+            ActionController::Routing::Routes.named_routes.helpers.
+              reject { |h| h.to_s =~ /(^hash_for)|(path$)/ }
+          else
+            # Warn the developer and fall back.
+            #
+            Rails.logger.warn "SSLHelper: AC::Routing::Routes.named_routes disappeared"
+            Rails.logger.warn "SSLHelper: falling back to filtering controller methods"
+
+            ac   = ActionController::Base
+            skip = /(^hash_for_|^formatted_|polymorphic_|^redirect_)/
+            ac.instance_methods.grep(/_url$/) - ac.instance_methods.grep(skip)
+          end
+
+        return if route_helpers.empty?
+
+        # Create a Module containing all the ssl_ and plain_ helpers
+        # that: [1] alter the args they receive with the SSL options
+        # and [2] forward the altered args to the Rails' helper.
+        #
+        @ssl_helpers.module_eval do
+          route_helpers.each do |helper|
+            ssl, plain = "ssl_#{helper}", "plain_#{helper}"
+
+            define_method(ssl)   { |*args| send(helper, *ssl_alter(args, WITH_SSL))    }
+            define_method(plain) { |*args| send(helper, *ssl_alter(args, WITHOUT_SSL)) }
+
+            protected ssl, plain
+          end
+
+          private
+            def ssl_alter(args, with) #:nodoc:
+              return args if Rails.env.development?
+
+              options = args.last.kind_of?(Hash) ? args.pop : {}
+              args.push(options.update(with))
+            end
+        end
+
+        # No further modification allowed.
+        #
+        @ssl_helpers.freeze
+      end
+
+    end # REST
+
+    module Filters
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        def require_ssl(options = {})
+          return if Rails.env.development?
+
+          skip_before_filter :ssl_refused,  options
+          before_filter      :ssl_required, options
+        end
+
+        def ignore_ssl(options = {})
+          return if Rails.env.development?
+
+          skip_before_filter :ssl_required, options
+          skip_before_filter :ssl_refused,  options
+        end
+
+        def refuse_ssl(options = {})
+          return if Rails.env.development?
+
+          skip_before_filter :ssl_required, options
+          before_filter      :ssl_refused,  options
+        end
+      end
+
+      protected
+        def ssl_required
+          redirect_to WITH_SSL.dup unless request.ssl?
+        end
+
+        def ssl_refused
+          redirect_to WITHOUT_SSL.dup if request.ssl?
+        end
+    end # Filters
+
+    module TestHelpers
+      def with_ssl(&block)
+        save_ssl_and do
+          use_ssl
+          block.call
+        end
+      end
+
+      def without_ssl(&block)
+        save_ssl_and do
+          forget_ssl
+          block.call
+        end
+      end
+
+      def use_ssl
+        @request.env['HTTPS']       = 'on'
+        @request.env['SERVER_PORT'] = 443
+      end
+
+      def forget_ssl
+        @request.env['HTTPS']       = nil
+        @request.env['SERVER_PORT'] = 80
+      end
+
+      protected
+        def save_ssl_and
+          https, port = @request.env.values_at(*%w(HTTPS SERVER_PORT))
+          yield
+          @request.env.update('HTTPS' => https, 'SERVER_PORT' => port)
+        end
+    end # TestHelpers
+  end # SSLHelper
+end # Panmind

data/rails/init.rb

@@ -0,0 +1,2 @@
+require 'panmind/ssl_helper/railtie'
+Panmind::SSLHelper::Railtie.insert

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification 
+name: panmind-sslhelper
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 8
+  - 0
+  version: 0.8.0
+platform: ruby
+authors: 
+- Marcello Barnaba
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-07-31 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 3
+        - 8
+        version: 2.3.8
+  type: :runtime
+  version_requirements: *id001
+description: SSLHelper provides controller helpers to require/refuse SSL onto specific actions, test helpers to verify controller behaviours and named route counterparts (e.g. ssl_login_url) to clean up your view and controller code. HTTP(S) ports are configurable.
+email: vjt@openssl.it
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- README.md
+- Rakefile
+- lib/panmind/ssl_helper.rb
+- lib/panmind/ssl_helper/railtie.rb
+- rails/init.rb
+has_rdoc: true
+homepage: http://github.com/Panmind/ssl_helper
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: SSL requirement filters and SSL-aware named route helpers for Rails apps
+test_files: []
+