Permalink
Browse files

Merge branch 'master' of git://github.com/technicalpickles/ssl_requir…

…ement into techmerge
  • Loading branch information...
2 parents 6fce9a5 + 508daa8 commit 07a9808cab83255a30de38cbfba21c6c8f888a66 @bcurren committed Jul 31, 2009
Showing with 103 additions and 42 deletions.
  1. +72 −42 README
  2. +31 −0 shoulda_macros/ssl_requirement_macros.rb
View
114 README
@@ -7,30 +7,30 @@ they should be redirected.
Example:
- class ApplicationController < ActionController::Base
- include SslRequirement
- end
-
- class AccountController < ApplicationController
- ssl_required :signup, :payment
- ssl_allowed :index
-
- def signup
- # Non-SSL access will be redirected to SSL
- end
-
- def payment
- # Non-SSL access will be redirected to SSL
+ class ApplicationController < ActionController::Base
+ include SslRequirement
end
- def index
- # This action will work either with or without SSL
+ class AccountController < ApplicationController
+ ssl_required :signup, :payment
+ ssl_allowed :index
+
+ def signup
+ # Non-SSL access will be redirected to SSL
+ end
+
+ def payment
+ # Non-SSL access will be redirected to SSL
+ end
+
+ def index
+ # This action will work either with or without SSL
+ end
+
+ def other
+ # SSL access will be redirected to non-SSL
+ end
end
-
- def other
- # SSL access will be redirected to non-SSL
- end
- end
If a majority (or all) of your actions require SSL, then use ssl_exceptions instead of ssl_required.
You can list out the actions that you do NOT want to be SSL protected. Calling ssl_exceptions without
@@ -42,11 +42,11 @@ than just the declarative specification. Say, only premium accounts get SSL.
For SSL domains that differ from the domain of the redirecting site, add the
following code to development.rb / test.rb / production.rb:
-# Redirects to https://secure.example.com instead of the default
-# https://www.example.com.
-config.after_initialize do
- SslRequirement.ssl_host = 'secure.example.com'
-end
+ # Redirects to https://secure.example.com instead of the default
+ # https://www.example.com.
+ config.after_initialize do
+ SslRequirement.ssl_host = 'secure.example.com'
+ end
For non-SSL domains that differ from domain of redirecting site, add the
following code to development.rb / test.rb / production.rb:
@@ -58,7 +58,8 @@ config.after_initialize do
end
You are able to turn disable ssl redirects by adding the following environment configuration file:
- SslRequirement.disable_ssl_check = true
+
+ SslRequirement.disable_ssl_check = true
P.S.: Beware when you include the SslRequirement module. At the time of
inclusion, it'll add the before_filter that validates the declarations. Some
@@ -75,26 +76,55 @@ SslRequirement.non_ssl_host (see above)
Here is an example of creating a secure url:
-<%= url_for(:controller => "c", :action => "a", :secure => true) %>
+ <%= url_for(:controller => "c", :action => "a", :secure => true) %>
If disable_ssl_check returns false url_for will return the following:
-https://yoursite.com/c/a
+ https://yoursite.com/c/a
Furthermore, you can use the secure option in a named route to create a secure form as follows:
-<% form_tag session_path(:secure => true), :class => 'home_login' do -%>
- <p>
- <label for="name">Email</label>
- <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
- </p>
- <p>
- <label for="password">Password</label>
- <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
- </p>
- <p>
- <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
- </p>
-<% end -%>
+ <% form_tag session_path(:secure => true), :class => 'home_login' do -%>
+ <p>
+ <label for="name">Email</label>
+ <%= text_field_tag 'email', '', :class => 'text', :tabindex => 1 %>
+ </p>
+ <p>
+ <label for="password">Password</label>
+ <%= password_field_tag 'password', '', :class => 'text', :tabindex => 2 %>
+ </p>
+ <p>
+ <%= submit_tag "Login", :id => 'login_submit', :value => "", :alt => "Login" %>
+ </p>
+ <% end -%>
+
+Testing with Shoulda
+====================
+
+If you are using Shoulda, a few contexts and macros are provided:
+
+ class RegistrationsControllerTest < ActionController::TestCase
+ without_ssl_context do
+ context "GET to :new" do
+ setup do
+ get :new
+ end
+ should_redirect_to_ssl
+ end
+ end
+
+ with_ssl_context do
+ context "GET to :new" do
+ setup do
+ get :new
+ end
+ # your usual testing goes here
+ end
+ end
+ end
+
+
+Copyright
+=========
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license
@@ -0,0 +1,31 @@
+Test::Unit::TestCase.class_eval do
+ def self.without_ssl_context
+ context "without ssl" do
+ setup do
+ @request.env['HTTPS'] = nil
+ end
+
+ context "" do
+ yield
+ end
+ end
+ end
+
+ def self.with_ssl_context
+ context "with ssl" do
+ setup do
+ @request.env['HTTPS'] = 'on'
+ end
+
+ context "" do
+ yield
+ end
+ end
+ end
+
+ def self.should_redirect_to_ssl
+ should 'redirect to ssl' do
+ assert_redirected_to "https://" + @request.host + @request.request_uri
+ end
+ end
+end

0 comments on commit 07a9808

Please sign in to comment.