From 321dae5dccded1eff6587582c8f0e0b88ca8303c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20Bunsch=20and=20Przemek=20D=C4=85bek?=
 <marcin+przemek.dabek@futuresimple.com>
Date: Thu, 12 Jan 2012 20:31:23 +0100
Subject: When force redirecting to SSL, make sure that the session is kept. As
 we're moving from a non-secure to secure environment, it's safe

---
 .../lib/action_controller/metal/force_ssl.rb       |  1 +
 actionpack/test/controller/force_ssl_test.rb       | 38 +++++++++++++++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index 0fd42f9d8a..b45f211e83 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -29,6 +29,7 @@ module ActionController
           if !request.ssl? && !Rails.env.development?
             redirect_options = {:protocol => 'https://', :status => :moved_permanently}
             redirect_options.merge!(:host => host) if host
+            flash.keep
             redirect_to redirect_options
           end
         end
diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb
index 43b20fdead..125012631e 100644
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -26,6 +26,23 @@ class ForceSSLExceptAction < ForceSSLController
   force_ssl :except => :banana
 end
 
+class ForceSSLFlash < ForceSSLController
+  force_ssl :except => [:banana, :set_flash, :use_flash]
+
+  def set_flash
+    flash["that"] = "hello"
+    redirect_to '/force_ssl_flash/cheeseburger'
+  end
+
+  def use_flash
+    @flash_copy = {}.update flash
+    @flashy = flash["that"]
+    render :inline => "hello"
+  end
+
+end
+
+
 class ForceSSLControllerLevelTest < ActionController::TestCase
   tests ForceSSLControllerLevel
 
@@ -50,7 +67,7 @@ class ForceSSLCustomDomainTest < ActionController::TestCase
     assert_response 301
     assert_equal "https://secure.test.host/force_ssl_custom_domain/banana", redirect_to_url
   end
-  
+
   def test_cheeseburger_redirects_to_https_with_custom_host
     get :cheeseburger
     assert_response 301
@@ -101,3 +118,22 @@ class ForceSSLExcludeDevelopmentTest < ActionController::TestCase
     assert_response 200
   end
 end
+
+class ForceSSLFlashTest < ActionController::TestCase
+  tests ForceSSLFlash
+
+  def test_cheeseburger_redirects_to_https
+    get :set_flash
+    assert_response 302
+    assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+    get :cheeseburger
+    assert_response 301
+    assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+    get :use_flash
+    assert_equal "hello", assigns["flash_copy"]["that"]
+    assert_equal "hello", assigns["flashy"]
+  end
+
+end
-- 
cgit v1.2.3