revo-ssl_requirement 1.0.0

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/README

@@ -0,0 +1,130 @@
+SSL Requirement
+===============
+
+SSL requirement adds a declarative way of specifying that certain actions
+should only be allowed to run under SSL, and if they're accessed without it,
+they should be redirected.
+
+Example:
+
+    class ApplicationController < ActionController::Base
+      include SslRequirement
+    end
+
+    class AccountController < ApplicationController
+      ssl_required :signup, :payment 
+      ssl_allowed :index
+      
+      def signup
+        # Non-SSL access will be redirected to SSL
+      end
+      
+      def payment
+        # Non-SSL access will be redirected to SSL
+      end
+
+      def index
+        # This action will work either with or without SSL
+      end
+
+      def other
+        # SSL access will be redirected to non-SSL
+      end
+    end
+  
+If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
+You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without 
+any actions listed will make ALL actions SSL protected. 
+ 
+You can overwrite the protected method ssl_required? to rely on other things
+than just the declarative specification. Say, only premium accounts get SSL.
+
+For SSL domains that differ from the domain of the redirecting site, add the 
+following code to development.rb / test.rb / production.rb:
+
+    # Redirects to https://secure.example.com instead of the default 
+    # https://www.example.com.
+    config.after_initialize do
+      SslRequirement.ssl_host = 'secure.example.com'
+    end
+
+For non-SSL domains that differ from domain of redirecting site, add the
+following code to development.rb / test.rb / production.rb:
+
+# Redirects to http://nonsecure.example.com instead of the default 
+# http://www.example.com.
+config.after_initialize do
+  SslRequirement.non_ssl_host = 'nonsecure.example.com'
+end
+
+You are able to turn disable ssl redirects by adding the following environment configuration file:
+
+    SslRequirement.disable_ssl_check = true
+  
+P.S.: Beware when you include the SslRequirement module. At the time of
+inclusion, it'll add the before_filter that validates the declarations. Some
+times you'll want to run other before_filters before that. They should then be
+declared ahead of including this module.
+  
+SSL URL Helper
+==============
+This plugin also adds a helper a :secure option to url_for and named_routes. This property
+allows you to set a url as secure or not secure. It uses the disable_ssl_check to determine
+if the option should be ignored or not so you can develop as normal. It also
+will obey if you override SslRequirement.ssl_host or 
+SslRequirement.non_ssl_host (see above)
+
+Here is an example of creating a secure url:
+
+    <%= url_for(:controller => "c", :action => "a", :secure => true) %>
+
+If disable_ssl_check returns false url_for will return the following:
+
+    https://yoursite.com/c/a
+
+Furthermore, you can use the secure option in a named route to create a secure form as follows:
+
+    <% form_tag session_path(:secure => true), :class => 'home_login' do -%>
+      <p>
+        <label for="name">Email</label>
+        <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
+      </p>
+      <p>
+        <label for="password">Password</label>
+        <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
+      </p>
+      <p>
+        <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
+      </p>
+    <% end -%>
+
+Testing with Shoulda
+====================
+
+If you are using Shoulda, a few contexts and macros are provided:
+
+    class RegistrationsControllerTest < ActionController::TestCase
+      without_ssl_context do
+        context "GET to :new" do
+          setup do
+            get :new
+          end
+          should_redirect_to_ssl
+        end
+      end
+
+      with_ssl_context do
+        context "GET to :new" do
+          setup do
+            get :new
+          end
+          # your usual testing goes here
+        end
+      end
+    end
+    
+
+Copyright
+=========
+
+Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license

data/Rakefile

@@ -0,0 +1,14 @@
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "revo-ssl_requirement"
+    gemspec.summary = "Allow controller actions to force SSL on specific parts of the site."
+    gemspec.description = "SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected."
+    gemspec.email = 'percival@umamibud.com'
+    gemspec.homepage = 'http://github.com/revo/ssl_requirement'
+    gemspec.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy']
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: gem install jeweler"
+end
+

data/VERSION

@@ -0,0 +1 @@
+1.0.0

data/init.rb

@@ -0,0 +1,2 @@
+require File.dirname(__FILE__) + "/rails/init"
+

data/lib/ssl_requirement.rb

@@ -0,0 +1,86 @@
+require "#{File.dirname(__FILE__)}/url_rewriter"
+
+# Copyright (c) 2005 David Heinemeier Hansson
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+module SslRequirement
+  mattr_accessor :ssl_host, :non_ssl_host
+  
+  def self.included(controller)
+    controller.extend(ClassMethods)
+    controller.before_filter(:ensure_proper_protocol)
+  end
+
+  def self.disable_ssl_check?
+    @@disable_ssl_check ||= false
+  end
+
+  def self.disable_ssl_check=(value)
+    @@disable_ssl_check = value
+  end
+
+  module ClassMethods
+    # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
+    def ssl_required(*actions)
+      write_inheritable_array(:ssl_required_actions, actions)
+    end
+
+    def ssl_exceptions(*actions)
+      write_inheritable_array(:ssl_required_except_actions, actions)
+    end
+
+    def ssl_allowed(*actions)
+      write_inheritable_array(:ssl_allowed_actions, actions)
+    end
+  end
+
+  protected
+    # Returns true if the current action is supposed to run as SSL
+    def ssl_required?
+      required = (self.class.read_inheritable_attribute(:ssl_required_actions) || [])
+      except  = self.class.read_inheritable_attribute(:ssl_required_except_actions)
+
+      unless except
+        required.include?(action_name.to_sym)
+      else
+        !except.include?(action_name.to_sym)
+      end
+    end
+
+    def ssl_allowed?
+      (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
+    end
+
+  private
+    def ensure_proper_protocol
+      return true if SslRequirement.disable_ssl_check?
+      return true if ssl_allowed?
+
+      if ssl_required? && !request.ssl?
+        redirect_to "https://" + (ssl_host || request.host) + request.request_uri
+        flash.keep
+        return false
+      elsif request.ssl? && !ssl_required?
+        redirect_to "http://" + (non_ssl_host || request.host) + request.request_uri
+        flash.keep
+        return false
+      end
+    end
+end

data/lib/url_rewriter.rb

@@ -0,0 +1,49 @@
+require 'action_controller/url_rewriter'
+
+module ActionController
+  class UrlRewriter
+    
+    # Add a secure option to the rewrite method.
+    def rewrite_with_secure_option(options = {})
+      secure = options.delete(:secure)
+
+      # if secure && ssl check is not disabled, convert to full url with https
+      if !secure.nil? && !SslRequirement.disable_ssl_check?
+        if secure == true || secure == 1 || secure.to_s.downcase == "true"
+          options.merge!({
+            :only_path => false,
+            :protocol => 'https'
+          })
+
+          # if we've been told to use different host for ssl, use it
+          unless SslRequirement.ssl_host.nil?
+            options.merge! :host => SslRequirement.ssl_host
+          end
+
+        # make it non-ssl and use specified options
+        else
+          options.merge!({
+            :protocol => 'http'
+          })
+        end
+      end
+
+      rewrite_without_secure_option(options)
+    end
+
+    # if full URL is requested for http and we've been told to use a
+    # non-ssl host override, then use it
+    def rewrite_with_non_ssl_host(options)
+      if !options[:only_path] && !SslRequirement.non_ssl_host.nil?
+        if !(/^https/ =~ (options[:protocol] || @request.protocol))
+          options.merge! :host => SslRequirement.non_ssl_host
+        end
+      end
+      rewrite_without_non_ssl_host(options)
+    end
+
+    # want with_secure_option to get run first (so chain it last)
+    alias_method_chain :rewrite, :non_ssl_host
+    alias_method_chain :rewrite, :secure_option
+  end
+end

data/rails/init.rb

@@ -0,0 +1 @@
+require 'ssl_requirement'

data/revo-ssl_requirement.gemspec

@@ -0,0 +1,53 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{revo-ssl_requirement}
+  s.version = "1.0.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["RailsJedi", "David Heinemeier Hansson", "jcnetdev", "bcurren", "bmpercy"]
+  s.date = %q{2010-03-04}
+  s.description = %q{SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.}
+  s.email = %q{percival@umamibud.com}
+  s.extra_rdoc_files = [
+    "README"
+  ]
+  s.files = [
+    ".gitignore",
+     "README",
+     "Rakefile",
+     "VERSION",
+     "init.rb",
+     "lib/ssl_requirement.rb",
+     "lib/url_rewriter.rb",
+     "rails/init.rb",
+     "revo-ssl_requirement.gemspec",
+     "shoulda_macros/ssl_requirement_macros.rb",
+     "ssl_requirement.gemspec",
+     "test/ssl_requirement_test.rb",
+     "test/url_rewriter_test.rb"
+  ]
+  s.homepage = %q{http://github.com/revo/ssl_requirement}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Allow controller actions to force SSL on specific parts of the site.}
+  s.test_files = [
+    "test/url_rewriter_test.rb",
+     "test/ssl_requirement_test.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

data/shoulda_macros/ssl_requirement_macros.rb

@@ -0,0 +1,31 @@
+Test::Unit::TestCase.class_eval do
+  def self.without_ssl_context
+    context "without ssl" do
+      setup do
+        @request.env['HTTPS'] = nil
+      end
+
+      context "" do
+        yield
+      end
+    end
+  end
+
+  def self.with_ssl_context
+    context "with ssl" do
+      setup do
+        @request.env['HTTPS'] = 'on'
+      end
+    
+      context "" do
+        yield
+      end
+    end
+  end
+
+  def self.should_redirect_to_ssl
+    should 'redirect to ssl' do
+      assert_redirected_to "https://" + @request.host + @request.request_uri
+    end    
+  end
+end

data/ssl_requirement.gemspec

@@ -0,0 +1,28 @@
+Gem::Specification.new do |s|
+  s.name = 'revo-ssl_requirement'
+  s.version = '1.0.8'
+  s.date = '2009-06-22'
+
+  s.summary = "Allow controller actions to force SSL on specific parts of the site."
+  s.description = "SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected."
+
+  s.authors = ['RailsJedi', 'David Heinemeier Hansson', 'jcnetdev', 'bcurren', 'bmpercy']
+  s.email = 'percival@umamibud.com'
+  s.homepage = 'http://github.com/revo/ssl_requirement'
+
+  s.has_rdoc = true
+  s.rdoc_options = ["--main", "README"]
+  s.extra_rdoc_files = ["README"]
+
+  s.add_dependency 'rails', ['>= 2.2.2']
+
+  s.files = ["README",
+             "init.rb",
+             "lib/ssl_requirement.rb",
+             "lib/url_rewriter.rb",
+             "rails/init.rb",
+             "ssl_requirement.gemspec"]
+
+  s.test_files = ["test/ssl_requirement_test.rb",
+                  "test/url_rewriter_test.rb"]
+end

data/test/ssl_requirement_test.rb

@@ -0,0 +1,300 @@
+require 'set'
+require 'rubygems'
+require 'activesupport'
+begin
+  require 'action_controller'
+rescue LoadError
+  if ENV['ACTIONCONTROLLER_PATH'].nil?
+    abort <<MSG
+Please set the ACTIONCONTROLLER_PATH environment variable to the directory
+containing the action_controller.rb file.
+MSG
+  else
+    $LOAD_PATH.unshift ENV['ACTIONCONTROLLER_PATH']
+    begin
+      require 'action_controller'
+    rescue LoadError
+      abort "ActionController could not be found."
+    end
+  end
+end
+
+require 'action_controller/test_process'
+require 'test/unit'
+require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
+
+ActionController::Base.logger = nil
+ActionController::Routing::Routes.reload rescue nil
+
+# several test controllers to cover different combinations of requiring/
+# allowing/exceptions-ing SSL for controller actions
+
+# this first controller modifies the flash in every action so that flash
+# set in set_flash is eventually expired (see NOTE below...)
+
+class SslRequirementController < ActionController::Base
+  include SslRequirement
+  
+  ssl_required :a, :b
+  ssl_allowed :c
+  
+  def a
+    flash[:abar] = "foo"
+    render :nothing => true
+  end
+  
+  def b
+    flash[:bbar] = "foo"
+    render :nothing => true
+  end
+  
+  def c
+    flash[:cbar] = "foo"
+    render :nothing => true
+  end
+  
+  def d
+    flash[:dbar] = "foo"
+    render :nothing => true
+  end
+
+  def set_flash
+    flash[:foo] = "bar"
+  end
+end
+
+class SslExceptionController < ActionController::Base
+  include SslRequirement
+  
+  ssl_required  :a
+  ssl_exceptions :b
+  ssl_allowed :d
+    
+  def a
+    render :nothing => true
+  end
+  
+  def b
+    render :nothing => true
+  end
+  
+  def c
+    render :nothing => true
+  end
+  
+  def d
+    render :nothing => true
+  end
+  
+end
+
+class SslAllActionsController < ActionController::Base
+  include SslRequirement
+  
+  ssl_exceptions
+    
+  def a
+    render :nothing => true
+  end
+  
+end
+
+# NOTE: The only way I could get the flash tests to work under Rails 2.3.2
+#       (without resorting to IntegrationTest with some artificial session
+#       store) was to use TestCase. In TestCases, it appears that flash 
+#       messages are effectively persisted in session after the last controller
+#       action that consumed them...so that when the TestCase inspects
+#       the FlashHash, it will find the flash still populated, even though
+#       the subsequent controller action won't see it.
+#
+#       In addition, if no changes are made to flash in subsequent requests, the
+#       flash is persisted forever. But if subsequent controller actions add to
+#       flash, the older flash messages eventually disappear.
+#
+#       As a result, the flash-related tests now make two requests after the 
+#       set_flash, each of these requests is also modifying flash. flash is 
+#       inspected after the second request returns.
+#
+#       This feels a little hacky, so if anyone can improve it, please do so!
+
+class SslRequirementTest < ActionController::TestCase
+  def setup
+    @controller = SslRequirementController.new
+    @ssl_host_override = 'www.example.com:80443'
+    @non_ssl_host_override = 'www.example.com:8080'
+  end
+
+  # flash-related tests
+  
+  def test_redirect_to_https_preserves_flash
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :set_flash
+    get :b
+    assert_response :redirect       # check redirect happens (flash still set)
+    get :b                          # get again to flush flash
+    assert_response :redirect       # make sure it happens again
+    assert_equal "bar", flash[:foo] # the flash would be gone now if no redirect
+  end
+  
+  def test_not_redirecting_to_https_does_not_preserve_the_flash
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :set_flash
+    get :d
+    assert_response :success        # check no redirect (flash still set)
+    get :d                          # get again to flush flash
+    assert_response :success        # check no redirect
+    assert_nil flash[:foo]          # the flash should be gone now
+  end
+  
+  def test_redirect_to_http_preserves_flash
+    get :set_flash
+    @request.env['HTTPS'] = "on"
+    get :d
+    assert_response :redirect       # check redirect happens (flash still set)
+    get :d                          # get again to flush flash
+    assert_response :redirect       # make sure redirect happens
+    assert_equal "bar", flash[:foo] # flash would be gone now if no redirect
+  end
+  
+  def test_not_redirecting_to_http_does_not_preserve_the_flash
+    get :set_flash
+    @request.env['HTTPS'] = "on"
+    get :a
+    assert_response :success        # no redirect (flash still set)
+    get :a                          # get again to flush flash
+    assert_response :success        # no redirect
+    assert_nil flash[:foo]          # flash should be gone now
+  end
+
+  # ssl required/allowed/exceptions testing
+  
+  def test_required_without_ssl
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+    get :b
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+  end
+  
+  def test_required_with_ssl
+    @request.env['HTTPS'] = "on"
+    get :a
+    assert_response :success
+    get :b
+    assert_response :success
+  end
+
+  def test_disallowed_without_ssl
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :d
+    assert_response :success
+  end
+  
+  def test_ssl_exceptions_without_ssl
+    @controller = SslExceptionController.new
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+    get :b
+    assert_response :success
+    get :c # c is not explicity in ssl_required, but it is not listed in ssl_exceptions
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+  end
+    
+  def test_ssl_exceptions_with_ssl
+    @controller = SslExceptionController.new
+    @request.env['HTTPS'] = "on"
+    get :a
+    assert_response :success
+    get :c
+    assert_response :success
+  end
+  
+  def test_ssl_all_actions_without_ssl
+    @controller = SslAllActionsController.new
+    get :a
+    assert_response :redirect
+    assert_match %r{^https://}, @response.headers['Location']
+  end
+  
+  def test_disallowed_with_ssl
+    @request.env['HTTPS'] = "on"
+    get :d
+    assert_response :redirect
+    assert_match %r{^http://}, @response.headers['Location']
+  end
+
+  def test_allowed_without_ssl
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :c
+    assert_response :success
+  end
+
+  def test_allowed_with_ssl
+    @request.env['HTTPS'] = "on"
+    get :c
+    assert_response :success
+  end
+
+  def test_disable_ssl_check
+    SslRequirement.disable_ssl_check = true
+
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :success
+    get :b
+    assert_response :success
+  ensure
+    SslRequirement.disable_ssl_check = false
+  end
+
+  # testing overriding hostnames for ssl, non-ssl
+
+  # test for overriding (or not) the ssl_host and non_ssl_host variables
+  # using actions a (ssl required) and d (ssl not required or allowed)
+
+  def test_ssl_redirect_with_ssl_host
+    SslRequirement.ssl_host = @ssl_host_override
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match Regexp.new("^https://#{@ssl_host_override}"),
+                 @response.headers['Location']
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_ssl_redirect_without_ssl_host
+    SslRequirement.ssl_host = nil
+    assert_not_equal "on", @request.env["HTTPS"]
+    get :a
+    assert_response :redirect
+    assert_match Regexp.new("^https://"), @response.headers['Location']
+    assert_no_match Regexp.new("^https://#{@ssl_host_override}"),
+                    @response.headers['Location']
+  end
+
+  def test_non_ssl_redirect_with_non_ssl_host
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+    @request.env['HTTPS'] = 'on'
+    get :d
+    assert_response :redirect
+    assert_match Regexp.new("^http://#{@non_ssl_host_override}"),
+                 @response.headers['Location']
+    SslRequirement.non_ssl_host = nil
+  end
+
+  def test_non_ssl_redirect_without_non_ssl_host
+    SslRequirement.non_ssl_host = nil
+    @request.env['HTTPS'] = 'on'
+    get :d
+    assert_response :redirect
+    assert_match Regexp.new("^http://"), @response.headers['Location']
+    assert_no_match Regexp.new("^http://#{@non_ssl_host_override}"),
+                    @response.headers['Location']
+  end
+
+end

data/test/url_rewriter_test.rb

@@ -0,0 +1,142 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'rubygems'
+require 'test/unit'
+require 'action_controller'
+require 'action_controller/test_process'
+
+require "ssl_requirement"
+
+# Show backtraces for deprecated behavior for quicker cleanup.
+ActiveSupport::Deprecation.debug = true
+ActionController::Base.logger = nil
+ActionController::Routing::Routes.reload rescue nil
+
+class UrlRewriterTest < Test::Unit::TestCase
+  def setup
+    @request = ActionController::TestRequest.new
+    @params = {}
+    @rewriter = ActionController::UrlRewriter.new(@request, @params)
+
+    @ssl_host_override = "www.example.com:80443"
+    @non_ssl_host_override = "www.example.com:8080"
+
+    SslRequirement.ssl_host = nil
+    SslRequirement.non_ssl_host = nil
+    
+    puts @url_rewriter.to_s
+  end
+
+  def test_rewrite_secure_false
+    SslRequirement.disable_ssl_check = false
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false, 
+                        :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => false,
+                        :only_path => true)
+    )
+  end
+  
+  def test_rewrite_secure_true
+    SslRequirement.disable_ssl_check = false
+    assert_equal('https://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
+    )
+    assert_equal('https://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true)
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :secure => true, :only_path => true)
+    )
+  end
+  
+  def test_rewrite_secure_not_specified
+    SslRequirement.disable_ssl_check = false
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a')
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
+    )
+    
+    SslRequirement.disable_ssl_check = true
+    assert_equal('http://test.host/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a')
+    )
+    assert_equal('/c/a',
+      @rewriter.rewrite(:controller => 'c', :action => 'a', :only_path => true)
+    )
+  end
+
+  # tests for ssl_host overriding
+
+  def test_rewrite_secure_with_ssl_host
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.ssl_host = @ssl_host_override
+    assert_equal("https://#{@ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => true))
+    assert_equal("https://#{@ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => true, :only_path => true))
+    SslRequirement.ssl_host = nil
+  end
+
+  def test_rewrite_non_secure_with_non_ssl_host
+    SslRequirement.disable_ssl_check = false
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+
+    # with secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => false))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => false, :only_path => true))
+
+    # without secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :only_path => true))
+    SslRequirement.non_ssl_host = nil
+  end
+
+  def test_rewrite_non_secure_with_non_ssl_host_disable_check
+    SslRequirement.disable_ssl_check = true
+    SslRequirement.non_ssl_host = @non_ssl_host_override
+
+    # with secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a',
+                                   :secure => false))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :secure => false, :only_path => true))
+
+    # without secure option
+    assert_equal("http://#{@non_ssl_host_override}/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a'))
+    assert_equal("/c/a",
+                 @rewriter.rewrite(:controller => 'c', :action => 'a', 
+                                   :only_path => true))
+    SslRequirement.non_ssl_host = nil
+  end
+
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification 
+name: revo-ssl_requirement
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+platform: ruby
+authors: 
+  - RailsJedi
+  - David Heinemeier Hansson
+  - jcnetdev
+  - bcurren
+  - bmpercy
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-03-04 00:00:00 +11:00
+default_executable: 
+dependencies: []
+
+description: SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.
+email: percival@umamibud.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+  - README
+files: 
+  - .gitignore
+  - README
+  - Rakefile
+  - VERSION
+  - init.rb
+  - lib/ssl_requirement.rb
+  - lib/url_rewriter.rb
+  - rails/init.rb
+  - revo-ssl_requirement.gemspec
+  - shoulda_macros/ssl_requirement_macros.rb
+  - ssl_requirement.gemspec
+  - test/ssl_requirement_test.rb
+  - test/url_rewriter_test.rb
+has_rdoc: true
+homepage: http://github.com/revo/ssl_requirement
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+  - --charset=UTF-8
+require_paths: 
+  - lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Allow controller actions to force SSL on specific parts of the site.
+test_files: 
+  - test/url_rewriter_test.rb
+  - test/ssl_requirement_test.rb