rack-secure_only 0.4.1 → 0.5.0

data/.gitignore

@@ -19,3 +19,4 @@ rdoc
 pkg
 
 ## PROJECT::SPECIFIC
+.bundle

data/Gemfile

@@ -0,0 +1,3 @@
+source :gemcutter
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,27 @@
+PATH
+  remote: .
+  specs:
+    rack-secure_only (0.5.0)
+      rack (>= 1.1.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    mocha (0.9.8)
+      rake
+    rack (1.2.1)
+    rack-test (0.5.4)
+      rack (>= 1.0)
+    rake (0.8.7)
+    rspec (1.3.0)
+
+PLATFORMS
+  java
+  ruby
+
+DEPENDENCIES
+  mocha (>= 0.9.8)
+  rack (>= 1.1.0)
+  rack-secure_only!
+  rack-test (>= 0.5.3)
+  rspec (>= 1.2.9)

data/README.md

@@ -0,0 +1,95 @@
+# rack-secure_only
+
+SecureOnly will redirect to https if the request is on http.
+
+When passed :secure => false it will do the opposite and redirect https to http.
+
+The check if the current request is on https includes checking the HTTP_X_FORWARDED_PROTO header.
+This means the redirect will also work on heroku.com
+
+This can be disabled by setting the :use_http_x_forwarded_proto option to false.
+
+## Installation
+
+    sudo gem install rack-secure_only
+
+## Usage
+
+    require 'rack-secure_only'
+
+    app = Rack::Builder.new do      
+      map '/secure' do
+        use Rack::SecureOnly
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+
+      map '/notsecure' do
+        use Rack::SecureOnly, :secure => false
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["NON SECURE APP"]] }
+      end
+
+      map '/secure_without_http_x_forwarded_proto_check' do
+        use Rack::SecureOnly, :use_http_x_forwarded_proto => false
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+
+      map '/secure_with_fixed_redirect_url' do
+        use Rack::SecureOnly, :redirect_to => "https://my.site.org/login"
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+  
+      map '/secure_with_an_if_condition' do
+        use Rack::SecureOnly, :if => ENV['RACK_ENV'] == 'production'
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+  
+      map '/secure_with_an_if_condition_block' do
+        use Rack::SecureOnly, :if => Proc.new { |request| request.params.key?('secure_thing') }
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["APP"]] }
+      end
+    end
+
+    run app
+    
+This will redirect all requests to /secure to https and all requests to /notsecure to http.
+
+### Rack::Request
+
+When rack-secure_only is required the Rack::Request will be extended with some convenience methods
+to determine if the current request is http or https
+
+    require 'rack-secure_only'
+
+    run lambda { |env| 
+      req = Request.new(env)
+      
+      res_body = ""
+      
+      if req.https?
+        res_body = "You just made a request on https"
+      elsif req.http?
+        res_body = "You just made a request on http"
+      elsif req.https?(false) # do not check the HTTP_X_FORWARDED_PROTO header
+        res_body = "You just made a request on a url with scheme https"  
+      elsif req.http?(false) # do not check the HTTP_X_FORWARDED_PROTO header
+        res_body = "You just made a request on a url with scheme http, I did not check the HTTP_X_FORWARDED_PROTO header"
+      end
+      
+      res_body << " and the HTTP_X_FORWARDED_PROTO header was set to" + req.forwarded_proto
+      
+      [200, { 'Content-Type' => 'text/plain' }, res_body]
+    }
+
+## Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+## Copyright
+
+Copyright (c) 2010 Klaas Speller. See LICENSE for details.

data/Rakefile

@@ -12,6 +12,7 @@ begin
     gem.authors = ["Klaas Speller"]
     gem.add_development_dependency "rspec", ">= 1.2.9"
     gem.add_development_dependency "rack-test", ">= 0.5.3"
+    gem.add_development_dependency "mocha", ">= 0.9.8"
     gem.add_dependency "rack", ">= 1.1.0"
   end
   Jeweler::GemcutterTasks.new

data/VERSION

@@ -1 +1 @@
-0.4.1
+0.5.0

data/lib/rack/secure_only.rb

@@ -49,11 +49,28 @@ module Rack
       !secure?
     end
     
+    # Returns false if the current request should
+    # not be handled by the middleware
+    # 
+    def handle?(req)
+      if @opts.key?(:if)
+        cond = @opts[:if]
+        cond = cond.call(req) if cond.respond_to?(:call)
+        return cond
+      end
+      true
+    end
+    
     protected
     
     def redirect?(env)
       req = Request.new(env)
       url = @opts[:redirect_to] || req.url
+      
+      # Determine if the middleware should handle this request
+      return [false, req.url] unless handle?(req)
+      
+      # Determine http(s) behavior
       if secure? && req.http?(@opts[:use_http_x_forwarded_proto])
         return [true, url.gsub(/^http:/,'https:')]
       elsif not_secure? && req.https?(@opts[:use_http_x_forwarded_proto])

data/rack-secure_only.gemspec

@@ -5,22 +5,24 @@
 
 Gem::Specification.new do |s|
   s.name = %q{rack-secure_only}
-  s.version = "0.4.1"
+  s.version = "0.5.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Klaas Speller"]
-  s.date = %q{2010-07-22}
+  s.date = %q{2010-09-10}
   s.description = %q{Redirect http to https and the other way around}
   s.email = %q{klaasspeller@gmail.com}
   s.extra_rdoc_files = [
     "LICENSE",
-     "README.rdoc"
+     "README.md"
   ]
   s.files = [
     ".document",
      ".gitignore",
+     "Gemfile",
+     "Gemfile.lock",
      "LICENSE",
-     "README.rdoc",
+     "README.md",
      "Rakefile",
      "VERSION",
      "lib/rack-secure_only.rb",
@@ -50,15 +52,18 @@ Gem::Specification.new do |s|
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
       s.add_development_dependency(%q<rack-test>, [">= 0.5.3"])
+      s.add_development_dependency(%q<mocha>, [">= 0.9.8"])
       s.add_runtime_dependency(%q<rack>, [">= 1.1.0"])
     else
       s.add_dependency(%q<rspec>, [">= 1.2.9"])
       s.add_dependency(%q<rack-test>, [">= 0.5.3"])
+      s.add_dependency(%q<mocha>, [">= 0.9.8"])
       s.add_dependency(%q<rack>, [">= 1.1.0"])
     end
   else
     s.add_dependency(%q<rspec>, [">= 1.2.9"])
     s.add_dependency(%q<rack-test>, [">= 0.5.3"])
+    s.add_dependency(%q<mocha>, [">= 0.9.8"])
     s.add_dependency(%q<rack>, [">= 1.1.0"])
   end
 end

data/spec/rack/secure_only/request_spec.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), '..', '..', 'spec_helper')
+require File.expand_path('../../../spec_helper', __FILE__)
 
 require "rack/secure_only/request"
 require 'rack/mock'

data/spec/rack/secure_only_spec.rb

@@ -187,5 +187,108 @@ describe Rack::SecureOnly do
       
       @response.location.should == "https://www.example.com/"      
     end
+    
+    it "should not redirect when :if is false" do
+      app = Rack::Builder.new do      
+        use Rack::SecureOnly, :if => false
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('http://www.example.com/')
+      
+      @response.location.should be_nil
+      @response.status.should == 200
+    end
+    
+    it "should redirect when :if is true" do
+      app = Rack::Builder.new do      
+        use Rack::SecureOnly, :if => true
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('http://www.example.com/')
+      
+      @response.location.should_not be_nil
+      @response.status.should == 301
+    end
+    
+    it "should evaluate a block if it is passed to :if" do
+      app = Rack::Builder.new do      
+        use Rack::SecureOnly, :if => Proc.new { |request| false }
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('http://www.example.com/')
+      
+      @response.location.should be_nil
+      @response.status.should == 200
+    end
+    
+    it "should pass a request object to an :if block" do
+      handled = false
+      app = Rack::Builder.new do      
+        use Rack::SecureOnly, :if => Proc.new { |request| 
+          handled = true
+          request.class.should == Rack::Request
+          true
+        }
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('http://www.example.com/')      
+      
+      # sanity
+      handled.should == true
+    end
+    
+    it "should evaluate an :if block on a per request bases" do
+      app = Rack::Builder.new do      
+        use Rack::SecureOnly, :if => lambda { |request| request.params.key?('do_it') }
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('http://www.example.com/')
+      @response.location.should be_nil
+
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('http://www.example.com/?do_it=true')
+      @response.location.should_not be_nil
+    end
+  end
+  
+  describe "README examples" do
+    
+    
+    it "works for /secure_with_an_if_condition_block" do
+        app = Rack::Builder.new do
+          map '/secure_with_an_if_condition' do
+            use Rack::SecureOnly, :if => ENV['RACK_ENV'] == 'production'
+            run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+          end
+        end
+
+        @request  = Rack::MockRequest.new(app)
+        @response = @request.get('http://www.example.com/secure_with_an_if_condition')
+        @response.location.should be_nil
+    end
+        
+    it "works for /secure_with_an_if_condition_block" do
+        app = Rack::Builder.new do
+          map '/secure_with_an_if_condition_block' do
+            use Rack::SecureOnly, :if => Proc.new { |request| request.params.key?('secure_thing') }
+            run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["APP"]] }
+          end
+        end
+
+        @request  = Rack::MockRequest.new(app)
+        @response = @request.get('http://www.example.com/secure_with_an_if_condition_block')
+        @response.location.should be_nil
+
+        @request  = Rack::MockRequest.new(app)
+        @response = @request.get('http://www.example.com/secure_with_an_if_condition_block?secure_thing=true')
+        @response.location.should_not be_nil
+    end
   end
 end

data/spec/spec.opts

@@ -1 +1,2 @@
 --color
+-f s

data/spec/spec_helper.rb

@@ -7,4 +7,5 @@ require 'rack/test'
 
 Spec::Runner.configure do |config|
   config.include Rack::Test::Methods
+  config.mock_with :mocha
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-secure_only
 version: !ruby/object:Gem::Version 
-  hash: 13
+  hash: 11
   prerelease: false
   segments: 
   - 0
-  - 4
-  - 1
-  version: 0.4.1
+  - 5
+  - 0
+  version: 0.5.0
 platform: ruby
 authors: 
 - Klaas Speller
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-07-22 00:00:00 +02:00
+date: 2010-09-10 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -51,9 +51,25 @@ dependencies:
   type: :development
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: rack
+  name: mocha
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 43
+        segments: 
+        - 0
+        - 9
+        - 8
+        version: 0.9.8
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rack
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -65,7 +81,7 @@ dependencies:
         - 0
         version: 1.1.0
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id004
 description: Redirect http to https and the other way around
 email: klaasspeller@gmail.com
 executables: []
@@ -74,12 +90,14 @@ extensions: []
 
 extra_rdoc_files: 
 - LICENSE
-- README.rdoc
+- README.md
 files: 
 - .document
 - .gitignore
+- Gemfile
+- Gemfile.lock
 - LICENSE
-- README.rdoc
+- README.md
 - Rakefile
 - VERSION
 - lib/rack-secure_only.rb

data/README.rdoc

@@ -1,87 +0,0 @@
-= rack-secure_only
-
-SecureOnly will redirect to https if the request is on http.
-
-When passed :secure => false it will do the opposite and redirect https to http.
-
-The check if the current request is on https includes checking the HTTP_X_FORWARDED_PROTO header.
-This means the redirect will also work on heroku.com
-
-This can be disabled by setting the :use_http_x_forwarded_proto option to false.
-
-It is currently only tested on ruby 1.9
-
-== Installation
-
-	sudo gem install rack-secure_only
-
-== Usage
-
-	require 'rack-secure_only'
-
-	app = Rack::Builder.new do      
-	  map '/secure' do
-	    use Rack::SecureOnly
-	    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
-	  end
-  
-	  map '/notsecure' do
-	    use Rack::SecureOnly, :secure => false
-	    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["NON SECURE APP"]] }
-	  end
-	
-	  map '/secure_without_http_x_forwarded_proto_check' do
-	    use Rack::SecureOnly, :use_http_x_forwarded_proto => false
-	    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
-	  end
-	
-	  map '/secure_with_fixed_redirect_url' do
-	    use Rack::SecureOnly, :redirect_to => "https://my.site.org/login"
-	    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
-	  end
-	end
-	
-	run app
-	
-This will redirect all requests to /secure to https and all requests to /notsecure to http.
-
-=== Rack::Request
-
-When rack-secure_only is required the Rack::Request will be extended with some convenience methods
-to determine if the current request is http or https
-
- 	require 'rack-secure_only'
-
-	run lambda { |env| 
-	  req = Request.new(env)
-	  
-	  res_body = ""
-	  
-	  if req.https?
-	    res_body = "You just made a request on https"
-	  elsif req.http?
-	    res_body = "You just made a request on http"
-	  elsif req.https?(false) # do not check the HTTP_X_FORWARDED_PROTO header
-	    res_body = "You just made a request on a url with scheme https"  
-	  elsif req.http?(false) # do not check the HTTP_X_FORWARDED_PROTO header
-	    res_body = "You just made a request on a url with scheme http, I did not check the HTTP_X_FORWARDED_PROTO header"
-	  end
-	  
-	  res_body << " and the HTTP_X_FORWARDED_PROTO header was set to" + req.forwarded_proto
-	  
-	  [200, { 'Content-Type' => 'text/plain' }, res_body]
-	}
-
-== Note on Patches/Pull Requests
- 
-* Fork the project.
-* Make your feature addition or bug fix.
-* Add tests for it. This is important so I don't break it in a
-  future version unintentionally.
-* Commit, do not mess with rakefile, version, or history.
-  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
-* Send me a pull request. Bonus points for topic branches.
-
-== Copyright
-
-Copyright (c) 2010 Klaas Speller. See LICENSE for details.