Require ssl on all routes if Teambox.config.secure_logins

* Now using rack-ssl-enforcer to automatically redirect to https * Removing old redundant code (ssl_routes.rb/ssl_helper.rb)
rajivbhati12 · Dec 20, 2010 · 7677bb0 · 7677bb0
1 parent 1a2fd2a
commit 7677bb0
Show file tree

Hide file tree

Showing 8 changed files with 263 additions and 329 deletions.
diff --git a/Gemfile b/Gemfile
@@ -39,7 +39,7 @@ gem 'paperclip', '~> 2.3.6'
 gem 'teambox-permalink_fu', :require => 'permalink_fu'
 gem 'cancan', '~> 1.2.0'
 gem 'immortal'
-#gem 'rails3_acts_as_paranoid', :git => 'git://github.com/goncalossilva/rails3_acts_as_paranoid.git'
+gem 'rack-ssl-enforcer', :require => 'rack/ssl-enforcer' 
 
 group :development do
   gem 'sqlite3-ruby', '~> 1.2.5', :require => nil

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -129,6 +129,7 @@ GEM
     rack (1.2.1)
     rack-mount (0.6.13)
       rack (>= 1.0.0)
+    rack-ssl-enforcer (0.2.0)
     rack-test (0.5.6)
       rack (>= 1.0)
     rails (3.0.3)
@@ -226,6 +227,7 @@ DEPENDENCIES
   paperclip (~> 2.3.6)
   pg (~> 0.9.0)
   pickle (~> 0.2.1)
+  rack-ssl-enforcer
   rails (~> 3.0.3)
   rcov
   rdiscount (~> 1.6.3)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -6,7 +6,6 @@ class ApplicationController < ActionController::Base
   protect_from_forgery # See ActionController::RequestForgeryProtection for details
 
   include AuthenticatedSystem
-  include SslHelper
 
   filter_parameter_logging :password
 

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -1,7 +1,6 @@
 # This controller handles the login/logout function of the site.
 class SessionsController < ApplicationController
 
-  force_ssl :only => :new
   no_login_required :except => :destroy
 
   skip_before_filter :confirmed_user?

diff --git a/app/helpers/ssl_helper.rb b/app/helpers/ssl_helper.rb
diff --git a/config/application.rb b/config/application.rb
@@ -22,6 +22,10 @@ def increment(*args) end
     def decrement(*args) end
   end
 
+  def self.config
+    Rails.configuration.instance_variable_get('@choices')
+  end
+
   class Application < Rails::Application
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
@@ -56,10 +60,10 @@ class Application < Rails::Application
     config.from_file 'teambox.yml'
 
     config.cache_store = UselessStore.new
-  end
 
-  def self.config
-    Rails.configuration.instance_variable_get('@choices')
+    # Redirect http to https if secure_logins is true
+    # https://github.com/tobmatth/rack-ssl-enforcer
+    config.middleware.use Rack::SslEnforcer if Teambox.config.secure_logins
   end
 
   Object.const_set(:APP_CONFIG, config)

diff --git a/config/initializers/ssl_routes.rb b/config/initializers/ssl_routes.rb