diff options
author | Prem Sichanugrist <s@sikachu.com> | 2011-03-28 03:05:14 +0800 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2011-03-28 04:58:47 +0800 |
commit | 7cbdfa83035aacb0d4dbfa84525b54e9122efb75 (patch) | |
tree | 9dea7eb6505377b5360c3447ecc19f6d30e06b2c /actionpack/test | |
parent | 84aab7aa53e0ec4430df89807aa8220353b2d0c9 (diff) | |
download | rails-7cbdfa83035aacb0d4dbfa84525b54e9122efb75.tar.gz rails-7cbdfa83035aacb0d4dbfa84525b54e9122efb75.tar.bz2 rails-7cbdfa83035aacb0d4dbfa84525b54e9122efb75.zip |
Add controller-specific `force_ssl` method to force web browser to use HTTPS protocol
This would become useful for site which sometime transferring sensitive information such as account information on particular controller or action.
This featured was requested by DHH.
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/controller/force_ssl_test.rb | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb new file mode 100644 index 0000000000..3e723e20d9 --- /dev/null +++ b/actionpack/test/controller/force_ssl_test.rb @@ -0,0 +1,83 @@ +require 'abstract_unit' + +class ForceSSLController < ActionController::Base + def banana + render :text => "monkey" + end + + def cheeseburger + render :text => "sikachu" + end +end + +class ForceSSLControllerLevel < ForceSSLController + force_ssl +end + +class ForceSSLOnlyAction < ForceSSLController + force_ssl :only => :cheeseburger +end + +class ForceSSLExceptAction < ForceSSLController + force_ssl :except => :banana +end + +class ForceSSLControllerLevelTest < ActionController::TestCase + tests ForceSSLControllerLevel + + def test_banana_redirects_to_https + get :banana + assert_response 301 + assert_equal "https://test.host/force_ssl_controller_level/banana", redirect_to_url + end + + def test_cheeseburger_redirects_to_https + get :cheeseburger + assert_response 301 + assert_equal "https://test.host/force_ssl_controller_level/cheeseburger", redirect_to_url + end +end + +class ForceSSLOnlyActionTest < ActionController::TestCase + tests ForceSSLOnlyAction + + def test_banana_not_redirects_to_https + get :banana + assert_response 200 + end + + def test_cheeseburger_redirects_to_https + get :cheeseburger + assert_response 301 + assert_equal "https://test.host/force_ssl_only_action/cheeseburger", redirect_to_url + end +end + +class ForceSSLExceptActionTest < ActionController::TestCase + tests ForceSSLExceptAction + + def test_banana_not_redirects_to_https + get :banana + assert_response 200 + end + + def test_cheeseburger_redirects_to_https + get :cheeseburger + assert_response 301 + assert_equal "https://test.host/force_ssl_except_action/cheeseburger", redirect_to_url + end +end + +class ForceSSLExcludeDevelopmentTest < ActionController::TestCase + tests ForceSSLControllerLevel + + def setup + Rails.env.stubs(:development?).returns(false) + end + + def test_development_environment_not_redirects_to_https + Rails.env.stubs(:development?).returns(true) + get :banana + assert_response 200 + end +end
\ No newline at end of file |