3 files changed, 59 insertions, 24 deletions

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
new file mode 100644
index 0000000000..eb8ed7dfbd
--- /dev/null
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -0,0 +1,35 @@
+module ActionController
+  # This module provides a method which will redirects browser to use HTTPS
+  # protocol. This will ensure that user's sensitive information will be
+  # transferred safely over the internet. You _should_ always force browser
+  # to use HTTPS when you're transferring sensitive information such as
+  # user authentication, account information, or credit card information.
+  #
+  # Note that if you really concern about your application safety, you might
+  # consider using +config.force_ssl+ in your configuration config file instead.
+  # That will ensure all the data transferred via HTTPS protocol and prevent
+  # user from getting session hijacked when accessing the site under unsecured
+  # HTTP protocol.
+  module ForceSSL
+    extend ActiveSupport::Concern
+    include AbstractController::Callbacks
+
+    module ClassMethods
+      # Force the request to this particular controller or specified actions to be
+      # under HTTPS protocol.
+      #
+      # Note that this method will not be effective on development environment.
+      #
+      # ==== Options
+      # * <tt>only</tt>   - The callback should be run only for this action
+      # * <tt>except<tt>  - The callback should be run for all actions except this action
+      def force_ssl(options = {})
+        before_filter(options) do
+          if !request.ssl? && !Rails.env.development?
+            redirect_to :protocol => 'https://', :status => :moved_permanently
+          end
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 39c804d707..b98429792d 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -8,9 +8,7 @@ module ActionController
     # === Simple \Basic example
     #
     #   class PostsController < ApplicationController
-    #     USER_NAME, PASSWORD = "dhh", "secret"
-    #
-    #     before_filter :authenticate, :except => [ :index ]
+    #     http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
     #
     #     def index
     #       render :text => "Everyone can see me!"
@@ -19,15 +17,7 @@ module ActionController
     #     def edit
     #       render :text => "I'm only accessible if you know the password"
     #     end
-    #
-    #     private
-    #       def authenticate
-    #         authenticate_or_request_with_http_basic do |user_name, password|
-    #           user_name == USER_NAME && password == PASSWORD
-    #         end
-    #       end
-    #   end
-    #
+    #  end
     #
     # === Advanced \Basic example
     #
@@ -115,6 +105,18 @@ module ActionController
       extend self
 
       module ControllerMethods
+        extend ActiveSupport::Concern
+        
+        module ClassMethods
+          def http_basic_authenticate_with(options = {})
+            before_filter(options.except(:name, :password, :realm)) do
+              authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
+                name == options[:name] && password == options[:password]
+              end
+            end
+          end
+        end
+        
         def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
           authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
         end
@@ -378,7 +380,6 @@ module ActionController
     #
     #   RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
     module Token
-
       extend self
 
       module ControllerMethods
@@ -458,6 +459,5 @@ module ActionController
         controller.__send__ :render, :text => "HTTP Token: Access denied.\n", :status => :unauthorized
       end
     end
-
   end
 end
diff --git a/actionpack/lib/action_controller/metal/implicit_render.rb b/actionpack/lib/action_controller/metal/implicit_render.rb
index cfa7004048..678f4ca763 100644
--- a/actionpack/lib/action_controller/metal/implicit_render.rb
+++ b/actionpack/lib/action_controller/metal/implicit_render.rb
@@ -1,21 +1,21 @@
 module ActionController
   module ImplicitRender
-    def send_action(*)
-      ret = super
-      default_render unless response_body
-      ret
+    def send_action(method, *args)
+      if respond_to?(method, true)
+        ret = super
+        default_render unless response_body
+        ret
+      else
+        default_render
+      end
     end
 
     def default_render
       render
     end
 
-    def method_for_action(action_name)
-      super || begin
-        if template_exists?(action_name.to_s, _prefixes)
-          "default_render"
-        end
-      end
+    def action_method?(action_name)
+      super || template_exists?(action_name.to_s, _prefixes)
     end
   end
 end