revo-ssl_requirement 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/ssl_requirement.rb +60 -28
- data/revo-ssl_requirement.gemspec +2 -2
- data/test/ssl_requirement_test.rb +18 -1
- metadata +11 -4
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.1.0
|
data/lib/ssl_requirement.rb
CHANGED
@@ -22,7 +22,7 @@ require "#{File.dirname(__FILE__)}/url_rewriter"
|
|
22
22
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
23
23
|
module SslRequirement
|
24
24
|
mattr_accessor :ssl_host, :non_ssl_host
|
25
|
-
|
25
|
+
|
26
26
|
def self.included(controller)
|
27
27
|
controller.extend(ClassMethods)
|
28
28
|
controller.before_filter(:ensure_proper_protocol)
|
@@ -52,35 +52,67 @@ module SslRequirement
|
|
52
52
|
end
|
53
53
|
|
54
54
|
protected
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
unless except
|
61
|
-
required.include?(action_name.to_sym)
|
62
|
-
else
|
63
|
-
!except.include?(action_name.to_sym)
|
64
|
-
end
|
65
|
-
end
|
55
|
+
# Returns true if the current action is supposed to run as SSL
|
56
|
+
def ssl_required?
|
57
|
+
required = (self.class.read_inheritable_attribute(:ssl_required_actions) || [])
|
58
|
+
except = self.class.read_inheritable_attribute(:ssl_required_except_actions)
|
66
59
|
|
67
|
-
|
68
|
-
|
60
|
+
unless except
|
61
|
+
required.include?(action_name.to_sym)
|
62
|
+
else
|
63
|
+
!except.include?(action_name.to_sym)
|
69
64
|
end
|
65
|
+
end
|
66
|
+
|
67
|
+
def ssl_allowed?
|
68
|
+
(self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
|
69
|
+
end
|
70
|
+
|
71
|
+
# normal ports are the ports used when no port is specified by the user to the browser
|
72
|
+
# i.e. 80 if the protocol is http, 443 is the protocol is https
|
73
|
+
NORMAL_PORTS = [80, 443]
|
70
74
|
|
71
75
|
private
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
end
|
76
|
+
def ensure_proper_protocol
|
77
|
+
return true if SslRequirement.disable_ssl_check?
|
78
|
+
return true if ssl_allowed?
|
79
|
+
|
80
|
+
if ssl_required? && !request.ssl?
|
81
|
+
redirect_to determine_redirect_url(request, true)
|
82
|
+
flash.keep
|
83
|
+
return false
|
84
|
+
elsif request.ssl? && !ssl_required?
|
85
|
+
redirect_to determine_redirect_url(request, false)
|
86
|
+
flash.keep
|
87
|
+
return false
|
85
88
|
end
|
86
|
-
end
|
89
|
+
end
|
90
|
+
|
91
|
+
def determine_redirect_url(request, ssl)
|
92
|
+
protocol = ssl ? "https" : "http"
|
93
|
+
"#{protocol}://#{determine_host_and_port(request, ssl)}#{request.request_uri}"
|
94
|
+
end
|
95
|
+
|
96
|
+
def determine_host_and_port(request, ssl)
|
97
|
+
request_host = request.host
|
98
|
+
request_port = request.port
|
99
|
+
|
100
|
+
if ssl
|
101
|
+
"#{(ssl_host || request_host)}#{determine_port_string(request_port)}"
|
102
|
+
else
|
103
|
+
"#{(non_ssl_host || request_host)}#{determine_port_string(request_port)}"
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
def determine_port_string(port)
|
108
|
+
unless port_normal?(port)
|
109
|
+
":#{port}"
|
110
|
+
else
|
111
|
+
""
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
def port_normal?(port)
|
116
|
+
NORMAL_PORTS.include?(port)
|
117
|
+
end
|
118
|
+
end
|
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{revo-ssl_requirement}
|
8
|
-
s.version = "1.
|
8
|
+
s.version = "1.1.0"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["RailsJedi", "David Heinemeier Hansson", "jcnetdev", "bcurren", "bmpercy"]
|
@@ -33,7 +33,7 @@ Gem::Specification.new do |s|
|
|
33
33
|
s.homepage = %q{http://github.com/revo/ssl_requirement}
|
34
34
|
s.rdoc_options = ["--charset=UTF-8"]
|
35
35
|
s.require_paths = ["lib"]
|
36
|
-
s.rubygems_version = %q{1.3.
|
36
|
+
s.rubygems_version = %q{1.3.6}
|
37
37
|
s.summary = %q{Allow controller actions to force SSL on specific parts of the site.}
|
38
38
|
s.test_files = [
|
39
39
|
"test/url_rewriter_test.rb",
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require 'set'
|
2
2
|
require 'rubygems'
|
3
|
-
require '
|
3
|
+
require 'active_support'
|
4
4
|
begin
|
5
5
|
require 'action_controller'
|
6
6
|
rescue LoadError
|
@@ -124,6 +124,23 @@ class SslRequirementTest < ActionController::TestCase
|
|
124
124
|
@non_ssl_host_override = 'www.example.com:8080'
|
125
125
|
end
|
126
126
|
|
127
|
+
# port preservation tests
|
128
|
+
|
129
|
+
def test_redirect_to_https_preserves_non_normal_port
|
130
|
+
assert_not_equal "on", @request.env["HTTPS"]
|
131
|
+
@request.port = 4567
|
132
|
+
get :b
|
133
|
+
assert_response :redirect
|
134
|
+
assert_match %r{^https://.*:4567/}, @response.headers['Location']
|
135
|
+
end
|
136
|
+
|
137
|
+
def test_redirect_to_https_does_not_preserve_normal_port
|
138
|
+
assert_not_equal "on", @request.env["HTTPS"]
|
139
|
+
get :b
|
140
|
+
assert_response :redirect
|
141
|
+
assert_match %r{^https://.*[^:]/}, @response.headers['Location']
|
142
|
+
end
|
143
|
+
|
127
144
|
# flash-related tests
|
128
145
|
|
129
146
|
def test_redirect_to_https_preserves_flash
|
metadata
CHANGED
@@ -1,7 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: revo-ssl_requirement
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 1
|
8
|
+
- 0
|
9
|
+
version: 1.1.0
|
5
10
|
platform: ruby
|
6
11
|
authors:
|
7
12
|
- RailsJedi
|
@@ -52,18 +57,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
52
57
|
requirements:
|
53
58
|
- - ">="
|
54
59
|
- !ruby/object:Gem::Version
|
60
|
+
segments:
|
61
|
+
- 0
|
55
62
|
version: "0"
|
56
|
-
version:
|
57
63
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
58
64
|
requirements:
|
59
65
|
- - ">="
|
60
66
|
- !ruby/object:Gem::Version
|
67
|
+
segments:
|
68
|
+
- 0
|
61
69
|
version: "0"
|
62
|
-
version:
|
63
70
|
requirements: []
|
64
71
|
|
65
72
|
rubyforge_project:
|
66
|
-
rubygems_version: 1.3.
|
73
|
+
rubygems_version: 1.3.6
|
67
74
|
signing_key:
|
68
75
|
specification_version: 3
|
69
76
|
summary: Allow controller actions to force SSL on specific parts of the site.
|