test/ssl_requirement_test.rb @@ -1,11 +1,9 @@ SSL Requirement =============== -SSL requirement adds a declarative way of specifying that certain actions should -only be allowed to run under SSL, and if they're accessed without it, they should -be redirected. - -The methods are: account_url, account_host, and account_domain. +SSL requirement adds a declarative way of specifying that certain actions +should only be allowed to run under SSL, and if they're accessed without it, +they should be redirected. Example: @@ -15,6 +13,7 @@ Example: class AccountController < ApplicationController ssl_required :signup, :payment + ssl_allowed :index def signup # Non-SSL access will be redirected to SSL @@ -23,14 +22,22 @@ Example: def payment # Non-SSL access will be redirected to SSL end + + def index + # This action will work either with or without SSL + end + + def other + # SSL access will be redirected to non-SSL + end end -You can overwrite the protected method ssl_required? to rely on other things than -just the declarative specification. Say, only premium accounts get SSL. +You can overwrite the protected method ssl_required? to rely on other things +than just the declarative specification. Say, only premium accounts get SSL. -P.S.: Beware when you include the SslRequirement module. At the time of inclusion, -it'll add the before_filter that validates the declarations. Some times you'll want to -run other before_filters before that. They should then be declared ahead of including -this module. +P.S.: Beware when you include the SslRequirement module. At the time of +inclusion, it'll add the before_filter that validates the declarations. Some +times you'll want to run other before_filters before that. They should then be +declared ahead of including this module. Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license \ No newline at end of file README @@ -29,6 +29,10 @@ module SslRequirement def ssl_required(*actions) write_inheritable_array(:ssl_required_actions, actions) end + + def ssl_allowed(*actions) + write_inheritable_array(:ssl_allowed_actions, actions) + end end protected @@ -36,9 +40,15 @@ module SslRequirement def ssl_required? (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym) end + + def ssl_allowed? + (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym) + end private def ensure_proper_protocol + return true if ssl_allowed? + if ssl_required? && !request.ssl? redirect_to "https://" + request.host + request.request_uri return false lib/ssl_requirement.rb 79ded847042aa9f8b4d619a70aa709cdf73b6704 Jamis Buck jamis@37signals.com http://github.com/rails/ssl_requirement/commit/aa2dded823f8a9b378c22ba0159971508918928a aa2dded823f8a9b378c22ba0159971508918928a 2005-11-15T14:50:17-08:00 2005-11-15T14:50:17-08:00 [ssl_requirement plugin] add unit tests and ssl_allowed option (for actions that optionally support SSL) 1adaf335bd80d4f7a3b59984874531f1d238dbf4 Jamis Buck jamis@37signals.com