sslrequirement 1.1.1 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README +4 -8
- data/VERSION +1 -1
- data/lib/ssl_requirement.rb +10 -33
- data/sslrequirement.gemspec +52 -0
- data/test/ssl_requirement_test.rb +13 -22
- data/test/url_rewriter_test.rb +0 -27
- metadata +11 -5
data/README
CHANGED
@@ -57,17 +57,13 @@ following code to development.rb / test.rb / production.rb:
|
|
57
57
|
SslRequirement.non_ssl_host = 'nonsecure.example.com'
|
58
58
|
end
|
59
59
|
|
60
|
-
You can also use a Proc to determine the ssl_host or non_ssl_host on the fly:
|
61
|
-
|
62
|
-
config.after_initialize do
|
63
|
-
SslRequirement.ssl_host = Proc.new do
|
64
|
-
'secure.example.com'
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
60
|
You are able to turn disable ssl redirects by adding the following environment configuration file:
|
69
61
|
|
70
62
|
SslRequirement.disable_ssl_check = true
|
63
|
+
|
64
|
+
Or you can enforce ssl across an entire site by setting:
|
65
|
+
|
66
|
+
SslRequirement.ssl_all = true
|
71
67
|
|
72
68
|
P.S.: Beware when you include the SslRequirement module. At the time of
|
73
69
|
inclusion, it'll add the before_filter that validates the declarations. Some
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.2.0
|
data/lib/ssl_requirement.rb
CHANGED
@@ -21,39 +21,22 @@ require "#{File.dirname(__FILE__)}/url_rewriter"
|
|
21
21
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
22
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
23
23
|
module SslRequirement
|
24
|
-
|
24
|
+
mattr_accessor :ssl_host, :non_ssl_host
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
def self.non_ssl_host
|
31
|
-
determine_host(@@non_ssl_host)
|
32
|
-
end
|
33
|
-
|
34
|
-
# mattr_reader would generate both ssl_host and self.ssl_host
|
35
|
-
def ssl_host
|
36
|
-
SslRequirement.ssl_host
|
26
|
+
mattr_writer :disable_ssl_check, :ssl_all
|
27
|
+
def self.disable_ssl_check?
|
28
|
+
@@disable_ssl_check ||= false
|
37
29
|
end
|
38
|
-
|
39
|
-
|
40
|
-
SslRequirement.non_ssl_host
|
30
|
+
def self.ssl_all?
|
31
|
+
@@ssl_all ||= false
|
41
32
|
end
|
42
33
|
|
43
|
-
|
34
|
+
# called when Module is mixed in
|
44
35
|
def self.included(controller)
|
45
36
|
controller.extend(ClassMethods)
|
46
37
|
controller.before_filter(:ensure_proper_protocol)
|
47
38
|
end
|
48
39
|
|
49
|
-
def self.disable_ssl_check?
|
50
|
-
@@disable_ssl_check ||= false
|
51
|
-
end
|
52
|
-
|
53
|
-
def self.disable_ssl_check=(value)
|
54
|
-
@@disable_ssl_check = value
|
55
|
-
end
|
56
|
-
|
57
40
|
module ClassMethods
|
58
41
|
# Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
|
59
42
|
def ssl_required(*actions)
|
@@ -72,6 +55,8 @@ module SslRequirement
|
|
72
55
|
protected
|
73
56
|
# Returns true if the current action is supposed to run as SSL
|
74
57
|
def ssl_required?
|
58
|
+
return true if SslRequirement.ssl_all?
|
59
|
+
|
75
60
|
required = (self.class.read_inheritable_attribute(:ssl_required_actions) || [])
|
76
61
|
except = self.class.read_inheritable_attribute(:ssl_required_except_actions)
|
77
62
|
|
@@ -93,7 +78,7 @@ module SslRequirement
|
|
93
78
|
private
|
94
79
|
def ensure_proper_protocol
|
95
80
|
return true if SslRequirement.disable_ssl_check?
|
96
|
-
return true if ssl_allowed?
|
81
|
+
return true if ssl_allowed? && !SslRequirement.ssl_all?
|
97
82
|
|
98
83
|
if ssl_required? && !request.ssl?
|
99
84
|
redirect_to determine_redirect_url(request, true)
|
@@ -121,14 +106,6 @@ module SslRequirement
|
|
121
106
|
"#{(non_ssl_host || request_host)}#{determine_port_string(request_port)}"
|
122
107
|
end
|
123
108
|
end
|
124
|
-
|
125
|
-
def self.determine_host(host)
|
126
|
-
if host.is_a?(Proc) || host.respond_to?(:call)
|
127
|
-
host.call
|
128
|
-
else
|
129
|
-
host
|
130
|
-
end
|
131
|
-
end
|
132
109
|
|
133
110
|
def determine_port_string(port)
|
134
111
|
unless port_normal?(port)
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{sslrequirement}
|
8
|
+
s.version = "1.2.0"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["RailsJedi", "David Heinemeier Hansson", "jcnetdev", "bcurren", "bmpercy", "revo", "nathany"]
|
12
|
+
s.date = %q{2010-08-06}
|
13
|
+
s.description = %q{SSL requirement adds a declarative way of specifying that certain actions should only be allowed to run under SSL, and if they're accessed without it, they should be redirected.}
|
14
|
+
s.email = %q{nathan@yardsticksoftware.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"README"
|
17
|
+
]
|
18
|
+
s.files = [
|
19
|
+
".gitignore",
|
20
|
+
"README",
|
21
|
+
"Rakefile",
|
22
|
+
"VERSION",
|
23
|
+
"init.rb",
|
24
|
+
"lib/ssl_requirement.rb",
|
25
|
+
"lib/url_rewriter.rb",
|
26
|
+
"rails/init.rb",
|
27
|
+
"shoulda_macros/ssl_requirement_macros.rb",
|
28
|
+
"sslrequirement.gemspec",
|
29
|
+
"test/ssl_requirement_test.rb",
|
30
|
+
"test/url_rewriter_test.rb"
|
31
|
+
]
|
32
|
+
s.homepage = %q{http://github.com/yardstick/ssl_requirement}
|
33
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
34
|
+
s.require_paths = ["lib"]
|
35
|
+
s.rubygems_version = %q{1.3.7}
|
36
|
+
s.summary = %q{Allow controller actions to force SSL on specific parts of the site.}
|
37
|
+
s.test_files = [
|
38
|
+
"test/ssl_requirement_test.rb",
|
39
|
+
"test/url_rewriter_test.rb"
|
40
|
+
]
|
41
|
+
|
42
|
+
if s.respond_to? :specification_version then
|
43
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
44
|
+
s.specification_version = 3
|
45
|
+
|
46
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
47
|
+
else
|
48
|
+
end
|
49
|
+
else
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
@@ -3,7 +3,7 @@ require 'rubygems'
|
|
3
3
|
require 'active_support'
|
4
4
|
begin
|
5
5
|
require 'action_controller'
|
6
|
-
rescue LoadError
|
6
|
+
rescue LoadError # annoying when this dies due to more unusual errors (like mismatched active_support/action_controller gems)
|
7
7
|
if ENV['ACTIONCONTROLLER_PATH'].nil?
|
8
8
|
abort <<MSG
|
9
9
|
Please set the ACTIONCONTROLLER_PATH environment variable to the directory
|
@@ -314,29 +314,20 @@ class SslRequirementTest < ActionController::TestCase
|
|
314
314
|
@response.headers['Location']
|
315
315
|
end
|
316
316
|
|
317
|
-
#
|
318
|
-
|
319
|
-
|
320
|
-
SslRequirement.
|
321
|
-
|
322
|
-
end
|
317
|
+
# ssl_all to lock down a full site
|
318
|
+
def test_ssl_all
|
319
|
+
SslRequirement.ssl_all = true
|
320
|
+
assert SslRequirement.ssl_all?
|
321
|
+
|
323
322
|
assert_not_equal "on", @request.env["HTTPS"]
|
324
|
-
get :a
|
323
|
+
get :a # requires ssl either way
|
325
324
|
assert_response :redirect
|
326
|
-
|
327
|
-
@response.headers['Location']
|
328
|
-
SslRequirement.ssl_host = nil
|
329
|
-
end
|
330
|
-
|
331
|
-
def test_non_ssl_redirect_with_non_ssl_host_proc
|
332
|
-
SslRequirement.non_ssl_host = Proc.new do
|
333
|
-
@non_ssl_host_override
|
334
|
-
end
|
335
|
-
@request.env['HTTPS'] = 'on'
|
336
|
-
get :d
|
325
|
+
get :c # allow ssl should still redirect
|
337
326
|
assert_response :redirect
|
338
|
-
|
339
|
-
|
340
|
-
|
327
|
+
get :d # doesn't usually require ssl, but now it does
|
328
|
+
assert_response :redirect
|
329
|
+
ensure
|
330
|
+
SslRequirement.ssl_all = false
|
341
331
|
end
|
332
|
+
|
342
333
|
end
|
data/test/url_rewriter_test.rb
CHANGED
@@ -138,32 +138,5 @@ class UrlRewriterTest < Test::Unit::TestCase
|
|
138
138
|
:only_path => true))
|
139
139
|
SslRequirement.non_ssl_host = nil
|
140
140
|
end
|
141
|
-
|
142
|
-
# tests for ssl_host overriding with Procs
|
143
|
-
|
144
|
-
def test_rewrite_secure_with_ssl_host_proc
|
145
|
-
SslRequirement.disable_ssl_check = false
|
146
|
-
SslRequirement.ssl_host = Proc.new do
|
147
|
-
@ssl_host_override
|
148
|
-
end
|
149
|
-
assert_equal("https://#{@ssl_host_override}/c/a",
|
150
|
-
@rewriter.rewrite(:controller => 'c', :action => 'a',
|
151
|
-
:secure => true))
|
152
|
-
SslRequirement.ssl_host = nil
|
153
|
-
end
|
154
141
|
|
155
|
-
def test_rewrite_non_secure_with_non_ssl_host_proc
|
156
|
-
SslRequirement.disable_ssl_check = false
|
157
|
-
SslRequirement.non_ssl_host = Proc.new do
|
158
|
-
@non_ssl_host_override
|
159
|
-
end
|
160
|
-
# with secure option
|
161
|
-
assert_equal("http://#{@non_ssl_host_override}/c/a",
|
162
|
-
@rewriter.rewrite(:controller => 'c', :action => 'a',
|
163
|
-
:secure => false))
|
164
|
-
# without secure option
|
165
|
-
assert_equal("http://#{@non_ssl_host_override}/c/a",
|
166
|
-
@rewriter.rewrite(:controller => 'c', :action => 'a'))
|
167
|
-
SslRequirement.non_ssl_host = nil
|
168
|
-
end
|
169
142
|
end
|
metadata
CHANGED
@@ -1,12 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sslrequirement
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
+
hash: 31
|
4
5
|
prerelease: false
|
5
6
|
segments:
|
6
7
|
- 1
|
7
|
-
-
|
8
|
-
-
|
9
|
-
version: 1.
|
8
|
+
- 2
|
9
|
+
- 0
|
10
|
+
version: 1.2.0
|
10
11
|
platform: ruby
|
11
12
|
authors:
|
12
13
|
- RailsJedi
|
@@ -20,7 +21,7 @@ autorequire:
|
|
20
21
|
bindir: bin
|
21
22
|
cert_chain: []
|
22
23
|
|
23
|
-
date: 2010-
|
24
|
+
date: 2010-08-06 00:00:00 -06:00
|
24
25
|
default_executable:
|
25
26
|
dependencies: []
|
26
27
|
|
@@ -42,6 +43,7 @@ files:
|
|
42
43
|
- lib/url_rewriter.rb
|
43
44
|
- rails/init.rb
|
44
45
|
- shoulda_macros/ssl_requirement_macros.rb
|
46
|
+
- sslrequirement.gemspec
|
45
47
|
- test/ssl_requirement_test.rb
|
46
48
|
- test/url_rewriter_test.rb
|
47
49
|
has_rdoc: true
|
@@ -54,23 +56,27 @@ rdoc_options:
|
|
54
56
|
require_paths:
|
55
57
|
- lib
|
56
58
|
required_ruby_version: !ruby/object:Gem::Requirement
|
59
|
+
none: false
|
57
60
|
requirements:
|
58
61
|
- - ">="
|
59
62
|
- !ruby/object:Gem::Version
|
63
|
+
hash: 3
|
60
64
|
segments:
|
61
65
|
- 0
|
62
66
|
version: "0"
|
63
67
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
68
|
+
none: false
|
64
69
|
requirements:
|
65
70
|
- - ">="
|
66
71
|
- !ruby/object:Gem::Version
|
72
|
+
hash: 3
|
67
73
|
segments:
|
68
74
|
- 0
|
69
75
|
version: "0"
|
70
76
|
requirements: []
|
71
77
|
|
72
78
|
rubyforge_project:
|
73
|
-
rubygems_version: 1.3.
|
79
|
+
rubygems_version: 1.3.7
|
74
80
|
signing_key:
|
75
81
|
specification_version: 3
|
76
82
|
summary: Allow controller actions to force SSL on specific parts of the site.
|