Merge branch 'hotfix/0.8.0.1'

app/helpers/link_to_helper.rb

@@ -36,7 +36,7 @@ def incoming_message_path(incoming_message)
     end
 
     def outgoing_message_url(outgoing_message, options = {})
-        return request_path(outgoing_message.info_request, options.merge(:anchor => "outgoing-#{outgoing_message.id}"))
+        request_url(outgoing_message.info_request, options.merge(:anchor => "outgoing-#{outgoing_message.id}"))
     end
 
     def outgoing_message_path(outgoing_message)

app/views/request/_wall_listing.rhtml

@@ -8,7 +8,7 @@ end %>
         <% if event.event_type == 'sent' %>
             <%= _('A new request, <em><a href="{{request_url}}">{{request_title}}</a></em>, was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>request_path(info_request),:request_title=>info_request.title) %>
         <% elsif event.event_type == 'followup_sent' %>
-            <%= _('A <a href="{{request_url}}">follow up</a> to <em>{{request_title}}</em> was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>outgoing_message_url(event.outgoing_message),:request_title=>info_request.title) %>
+            <%= _('A <a href="{{request_url}}">follow up</a> to <em>{{request_title}}</em> was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>outgoing_message_path(event.outgoing_message),:request_title=>info_request.title) %>
         <% elsif event.event_type == 'response' %>
             <%= _('A <a href="{{request_url}}">response</a> to <em>{{request_title}}</em> was sent by {{public_body_name}} to {{info_request_user}} on {{date}}.  The request status is: {{request_status}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>incoming_message_path(event.incoming_message_selective_columns("incoming_messages.id")),:request_title=>info_request.title,:request_status=>info_request.display_status) %>
         <% elsif event.event_type == 'comment' %>

config/environment.rb

@@ -116,6 +116,9 @@
 
 # Domain for URLs (so can work for scripts, not just web pages)
 ActionMailer::Base.default_url_options[:host] = Configuration::domain
+if Configuration::force_ssl
+  ActionMailer::Base.default_url_options[:protocol] = "https"
+end
 
 # fallback locale and available locales
 available_locales = Configuration::available_locales.split(/ /)

config/test.yml

@@ -13,6 +13,11 @@ SITE_NAME: 'Alaveteli'
 # It makes things simpler if this is the same as the Rails test domain test.host
 DOMAIN: 'test.host'
 
+# If true forces everyone (in the production environment) to use encrypted connections
+# (via https) by redirecting unencrypted connections. This is *highly* recommended
+# so that logins can't be intercepted by naughty people.
+FORCE_SSL: false
+
 # ISO country code of country currrently deployed in
 # (http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
 ISO_COUNTRY_CODE: DE

lib/configuration.rb

@@ -6,7 +6,6 @@ module Configuration
   DEFAULTS = {
     :ADMIN_PASSWORD => '',
     :ADMIN_USERNAME => '',
-    :DISABLE_EMERGENCY_USER => false,
     :AVAILABLE_LOCALES => '',
     :BLACKHOLE_PREFIX => 'do-not-reply-to-this-address',
     :BLOG_FEED => '',
@@ -15,6 +14,7 @@ module Configuration
     :COOKIE_STORE_SESSION_SECRET => 'this default is insecure as code is open source, please override for live sites in config/general; this will do for local development',
     :DEBUG_RECORD_MEMORY => false,
     :DEFAULT_LOCALE => '',
+    :DISABLE_EMERGENCY_USER => false,
     :DOMAIN => 'localhost:3000',
     :EXCEPTION_NOTIFICATIONS_FROM => '',
     :EXCEPTION_NOTIFICATIONS_TO => '',

spec/models/track_mailer_spec.rb

@@ -160,20 +160,19 @@
 
     describe 'delivering the email' do
 
-        before do
+        before :each do
           @post_redirect = mock_model(PostRedirect, :save! => true,
                                                     :email_token => "token")
           PostRedirect.stub!(:new).and_return(@post_redirect)
           ActionMailer::Base.deliveries = []
+          @user = mock_model(User,
+            :name_and_email => MailHandler.address_from_name_and_email('Tippy Test', 'tippy@localhost'),
+            :url_name => 'tippy_test'
+          )
+          TrackMailer.deliver_event_digest(@user, []) # no items in it email for minimal test
         end
 
         it 'should deliver one email, with right headers' do
-            @user = mock_model(User,
-                    :name_and_email => MailHandler.address_from_name_and_email('Tippy Test', 'tippy@localhost'),
-                    :url_name => 'tippy_test'
-            )
-
-            TrackMailer.deliver_event_digest(@user, []) # no items in it email for minimal test
             deliveries = ActionMailer::Base.deliveries
             if deliveries.size > 1 # debugging if there is an error
                 deliveries.each do |d|
@@ -190,6 +189,22 @@
 
             deliveries.clear
         end
+
+        context "force ssl is off" do
+            # Force SSL is off in the tests. Since the code that selectively switches the protocols
+            # is in the initialiser for Rails it's hard to test. Hmmm...
+            # We could Configuration.stub!(:force_ssl).and_return(true) but the config/environment.rb
+            # wouldn't get reloaded 
+
+            it "should have http links in the email" do
+                deliveries = ActionMailer::Base.deliveries
+                deliveries.size.should == 1
+                mail = deliveries[0]
+
+                mail.body.should include("http://")            
+                mail.body.should_not include("https://")            
+            end
+        end
     end
 
 end