0
@@ -1,8 +1 @@
0
---- 
0
-format: 1
0
-handler: 
0
-  piston:remote-revision: 9088
0
-  piston:root: http://dev.rubyonrails.org/svn/rails/plugins/ssl_requirement
0
-  piston:uuid: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
0
-lock: false

0
@@ -1,44 +1 @@
0
-SSL Requirement
0
-===============
0
-
0
-SSL requirement adds a declarative way of specifying that certain actions
0
-should only be allowed to run under SSL, and if they're accessed without it,
0
-they should be redirected.
0
-
0
-Example:
0
-
0
-  class ApplicationController < ActiveRecord::Base
0
-    include SslRequirement
0
-  end
0
-
0
-  class AccountController < ApplicationController
0
-    ssl_required :signup, :payment
0
-    ssl_allowed :index
0
-    
0
-    def signup
0
-      # Non-SSL access will be redirected to SSL
0
-    end
0
-    
0
-    def payment
0
-      # Non-SSL access will be redirected to SSL
0
-    end
0
-
0
-    def index
0
-      # This action will work either with or without SSL
0
-    end
0
-
0
-    def other
0
-      # SSL access will be redirected to non-SSL
0
-    end
0
-  end
0
-  
0
-You can overwrite the protected method ssl_required? to rely on other things
0
-than just the declarative specification. Say, only premium accounts get SSL.
0
-
0
-P.S.: Beware when you include the SslRequirement module. At the time of
0
-inclusion, it'll add the before_filter that validates the declarations. Some
0
-times you'll want to run other before_filters before that. They should then be
0
-declared ahead of including this module.
0
-
0
-Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license

0
@@ -1,63 +1 @@
0
-# Copyright (c) 2005 David Heinemeier Hansson
0
-#
0
-# Permission is hereby granted, free of charge, to any person obtaining
0
-# a copy of this software and associated documentation files (the
0
-# "Software"), to deal in the Software without restriction, including
0
-# without limitation the rights to use, copy, modify, merge, publish,
0
-# distribute, sublicense, and/or sell copies of the Software, and to
0
-# permit persons to whom the Software is furnished to do so, subject to
0
-# the following conditions:
0
-#
0
-# The above copyright notice and this permission notice shall be
0
-# included in all copies or substantial portions of the Software.
0
-#
0
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
0
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
0
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
0
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
0
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
0
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
0
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
0
-module SslRequirement
0
-  def self.included(controller)
0
-    controller.extend(ClassMethods)
0
-    controller.before_filter(:ensure_proper_protocol)
0
-  end
0
-
0
-  module ClassMethods
0
-    # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
0
-    def ssl_required(*actions)
0
-      write_inheritable_array(:ssl_required_actions, actions)
0
-    end
0
-
0
-    def ssl_allowed(*actions)
0
-      write_inheritable_array(:ssl_allowed_actions, actions)
0
-    end
0
-  end
0
-  
0
-  protected
0
-    # Returns true if the current action is supposed to run as SSL
0
-    def ssl_required?
0
-      (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
0
-    end
0
-    
0
-    def ssl_allowed?
0
-      (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
0
-    end
0
-
0
-  private
0
-    def ensure_proper_protocol
0
-      return true if ssl_allowed?
0
-
0
-      if ssl_required? && !request.ssl?
0
-        redirect_to "https://" + request.host + request.request_uri
0
-        flash.keep
0
-        return false
0
-      elsif request.ssl? && !ssl_required?
0
-        redirect_to "http://" + request.host + request.request_uri
0
-        flash.keep
0
-        return false
0
-      end
0
-    end
0
-end

0
@@ -1,133 +1 @@
0
-begin
0
-  require 'action_controller'
0
-rescue LoadError
0
-  if ENV['ACTIONCONTROLLER_PATH'].nil?
0
-    abort <<MSG
0
-Please set the ACTIONCONTROLLER_PATH environment variable to the directory
0
-containing the action_controller.rb file.
0
-MSG
0
-  else
0
-    $LOAD_PATH.unshift << ENV['ACTIONCONTROLLER_PATH']
0
-    begin
0
-      require 'action_controller'
0
-    rescue LoadError
0
-      abort "ActionController could not be found."
0
-    end
0
-  end
0
-end
0
-
0
-require 'action_controller/test_process'
0
-require 'test/unit'
0
-require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
0
-
0
-ActionController::Base.logger = nil
0
-ActionController::Routing::Routes.reload rescue nil
0
-
0
-class SslRequirementController < ActionController::Base
0
-  include SslRequirement
0
-  
0
-  ssl_required :a, :b
0
-  ssl_allowed :c
0
-  
0
-  def a
0
-    render :nothing => true
0
-  end
0
-  
0
-  def b
0
-    render :nothing => true
0
-  end
0
-  
0
-  def c
0
-    render :nothing => true
0
-  end
0
-  
0
-  def d
0
-    render :nothing => true
0
-  end
0
-  
0
-  def set_flash
0
-    flash[:foo] = "bar"
0
-  end
0
-end
0
-
0
-class SslRequirementTest < Test::Unit::TestCase
0
-  def setup
0
-    @controller = SslRequirementController.new
0
-    @request    = ActionController::TestRequest.new
0
-    @response   = ActionController::TestResponse.new
0
-  end
0
-  
0
-  def test_redirect_to_https_preserves_flash
0
-    get :set_flash
0
-    get :b
0
-    assert_response :redirect
0
-    assert_equal "bar", flash[:foo]
0
-  end
0
-  
0
-  def test_not_redirecting_to_https_does_not_preserve_the_flash
0
-    get :set_flash
0
-    get :d
0
-    assert_response :success
0
-    assert_nil flash[:foo]
0
-  end
0
-  
0
-  def test_redirect_to_http_preserves_flash
0
-    get :set_flash
0
-    @request.env['HTTPS'] = "on"
0
-    get :d
0
-    assert_response :redirect
0
-    assert_equal "bar", flash[:foo]
0
-  end
0
-  
0
-  def test_not_redirecting_to_http_does_not_preserve_the_flash
0
-    get :set_flash
0
-    @request.env['HTTPS'] = "on"
0
-    get :a
0
-    assert_response :success
0
-    assert_nil flash[:foo]
0
-  end
0
-  
0
-  def test_required_without_ssl
0
-    assert_not_equal "on", @request.env["HTTPS"]
0
-    get :a
0
-    assert_response :redirect
0
-    assert_match %r{^https://}, @response.headers['Location']
0
-    get :b
0
-    assert_response :redirect
0
-    assert_match %r{^https://}, @response.headers['Location']
0
-  end
0
-  
0
-  def test_required_with_ssl
0
-    @request.env['HTTPS'] = "on"
0
-    get :a
0
-    assert_response :success
0
-    get :b
0
-    assert_response :success
0
-  end
0
-
0
-  def test_disallowed_without_ssl
0
-    assert_not_equal "on", @request.env["HTTPS"]
0
-    get :d
0
-    assert_response :success
0
-  end
0
-
0
-  def test_disallowed_with_ssl
0
-    @request.env['HTTPS'] = "on"
0
-    get :d
0
-    assert_response :redirect
0
-    assert_match %r{^http://}, @response.headers['Location']
0
-  end
0
-
0
-  def test_allowed_without_ssl
0
-    assert_not_equal "on", @request.env["HTTPS"]
0
-    get :c
0
-    assert_response :success
0
-  end
0
-
0
-  def test_allowed_with_ssl
0
-    @request.env['HTTPS'] = "on"
0
-    get :c
0
-    assert_response :success
0
-  end
0
-end