From 7cbdfa83035aacb0d4dbfa84525b54e9122efb75 Mon Sep 17 00:00:00 2001
From: Prem Sichanugrist <s@sikachu.com>
Date: Mon, 28 Mar 2011 03:05:14 +0800
Subject: Add controller-specific `force_ssl` method to force web browser to
 use HTTPS protocol

This would become useful for site which sometime transferring sensitive information such as account information on particular controller or action.

This featured was requested by DHH.
---
 actionpack/test/controller/force_ssl_test.rb | 83 ++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 actionpack/test/controller/force_ssl_test.rb

(limited to 'actionpack/test/controller')

diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb
new file mode 100644
index 0000000000..3e723e20d9
--- /dev/null
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -0,0 +1,83 @@
+require 'abstract_unit'
+
+class ForceSSLController < ActionController::Base
+  def banana
+    render :text => "monkey"
+  end
+
+  def cheeseburger
+    render :text => "sikachu"
+  end
+end
+
+class ForceSSLControllerLevel < ForceSSLController
+  force_ssl
+end
+
+class ForceSSLOnlyAction < ForceSSLController
+  force_ssl :only => :cheeseburger
+end
+
+class ForceSSLExceptAction < ForceSSLController
+  force_ssl :except => :banana
+end
+
+class ForceSSLControllerLevelTest < ActionController::TestCase
+  tests ForceSSLControllerLevel
+
+  def test_banana_redirects_to_https
+    get :banana
+    assert_response 301
+    assert_equal "https://test.host/force_ssl_controller_level/banana", redirect_to_url
+  end
+
+  def test_cheeseburger_redirects_to_https
+    get :cheeseburger
+    assert_response 301
+    assert_equal "https://test.host/force_ssl_controller_level/cheeseburger", redirect_to_url
+  end
+end
+
+class ForceSSLOnlyActionTest < ActionController::TestCase
+  tests ForceSSLOnlyAction
+
+  def test_banana_not_redirects_to_https
+    get :banana
+    assert_response 200
+  end
+
+  def test_cheeseburger_redirects_to_https
+    get :cheeseburger
+    assert_response 301
+    assert_equal "https://test.host/force_ssl_only_action/cheeseburger", redirect_to_url
+  end
+end
+
+class ForceSSLExceptActionTest < ActionController::TestCase
+  tests ForceSSLExceptAction
+
+  def test_banana_not_redirects_to_https
+    get :banana
+    assert_response 200
+  end
+
+  def test_cheeseburger_redirects_to_https
+    get :cheeseburger
+    assert_response 301
+    assert_equal "https://test.host/force_ssl_except_action/cheeseburger", redirect_to_url
+  end
+end
+
+class ForceSSLExcludeDevelopmentTest < ActionController::TestCase
+  tests ForceSSLControllerLevel
+
+  def setup
+    Rails.env.stubs(:development?).returns(false)
+  end
+
+  def test_development_environment_not_redirects_to_https
+    Rails.env.stubs(:development?).returns(true)
+    get :banana
+    assert_response 200
+  end
+end
\ No newline at end of file
-- 
cgit v1.2.3