require 'abstract_unit' class ForceSSLController < ActionController::Base def banana render :text => "monkey" end def cheeseburger render :text => "sikachu" end end class ForceSSLControllerLevel < ForceSSLController force_ssl end class ForceSSLCustomOptions < ForceSSLController force_ssl :host => "secure.example.com", :only => :redirect_host force_ssl :port => 8443, :only => :redirect_port force_ssl :subdomain => 'secure', :only => :redirect_subdomain force_ssl :domain => 'secure.com', :only => :redirect_domain force_ssl :path => '/foo', :only => :redirect_path force_ssl :status => :found, :only => :redirect_status force_ssl :flash => { :message => 'Foo, Bar!' }, :only => :redirect_flash force_ssl :alert => 'Foo, Bar!', :only => :redirect_alert force_ssl :notice => 'Foo, Bar!', :only => :redirect_notice def force_ssl_action render :text => action_name end alias_method :redirect_host, :force_ssl_action alias_method :redirect_port, :force_ssl_action alias_method :redirect_subdomain, :force_ssl_action alias_method :redirect_domain, :force_ssl_action alias_method :redirect_path, :force_ssl_action alias_method :redirect_status, :force_ssl_action alias_method :redirect_flash, :force_ssl_action alias_method :redirect_alert, :force_ssl_action alias_method :redirect_notice, :force_ssl_action def use_flash render :text => flash[:message] end def use_alert render :text => flash[:alert] end def use_notice render :text => flash[:notice] end end class ForceSSLOnlyAction < ForceSSLController force_ssl :only => :cheeseburger end class ForceSSLExceptAction < ForceSSLController force_ssl :except => :banana end class ForceSSLIfCondition < ForceSSLController force_ssl :if => :use_force_ssl? def use_force_ssl? action_name == 'cheeseburger' end end class ForceSSLFlash < ForceSSLController force_ssl :except => [:banana, :set_flash, :use_flash] def set_flash flash["that"] = "hello" redirect_to '/force_ssl_flash/cheeseburger' end def use_flash @flash_copy = {}.update flash @flashy = flash["that"] render :inline => "hello" end end class RedirectToSSL < ForceSSLController def banana force_ssl_redirect || render(:text => 'monkey') end def cheeseburger force_ssl_redirect('secure.cheeseburger.host') || render(:text => 'ihaz') end end class ForceSSLControllerLevelTest < ActionController::TestCase def test_banana_redirects_to_https get :banana assert_response 301 assert_equal "https://test.host/force_ssl_controller_level/banana", redirect_to_url end def test_banana_redirects_to_https_with_extra_params get :banana, params: { token: "secret" } assert_response 301 assert_equal "https://test.host/force_ssl_controller_level/banana?token=secret", redirect_to_url end def test_cheeseburger_redirects_to_https get :cheeseburger assert_response 301 assert_equal "https://test.host/force_ssl_controller_level/cheeseburger", redirect_to_url end end class ForceSSLCustomOptionsTest < ActionController::TestCase def setup @request.env['HTTP_HOST'] = 'www.example.com:80' end def test_redirect_to_custom_host get :redirect_host assert_response 301 assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_host", redirect_to_url end def test_redirect_to_custom_port get :redirect_port assert_response 301 assert_equal "https://www.example.com:8443/force_ssl_custom_options/redirect_port", redirect_to_url end def test_redirect_to_custom_subdomain get :redirect_subdomain assert_response 301 assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_subdomain", redirect_to_url end def test_redirect_to_custom_domain get :redirect_domain assert_response 301 assert_equal "https://www.secure.com/force_ssl_custom_options/redirect_domain", redirect_to_url end def test_redirect_to_custom_path get :redirect_path assert_response 301 assert_equal "https://www.example.com/foo", redirect_to_url end def test_redirect_to_custom_status get :redirect_status assert_response 302 assert_equal "https://www.example.com/force_ssl_custom_options/redirect_status", redirect_to_url end def test_redirect_to_custom_flash get :redirect_flash assert_response 301 assert_equal "https://www.example.com/force_ssl_custom_options/redirect_flash", redirect_to_url get :use_flash assert_response 200 assert_equal "Foo, Bar!", @response.body end def test_redirect_to_custom_alert get :redirect_alert assert_response 301 assert_equal "https://www.example.com/force_ssl_custom_options/redirect_alert", redirect_to_url get :use_alert assert_response 200 assert_equal "Foo, Bar!", @response.body end def test_redirect_to_custom_notice get :redirect_notice assert_response 301 assert_equal "https://www.example.com/force_ssl_custom_options/redirect_notice", redirect_to_url get :use_notice assert_response 200 assert_equal "Foo, Bar!", @response.body end end class ForceSSLOnlyActionTest < ActionController::TestCase def test_banana_not_redirects_to_https get :banana assert_response 200 end def test_cheeseburger_redirects_to_https get :cheeseburger assert_response 301 assert_equal "https://test.host/force_ssl_only_action/cheeseburger", redirect_to_url end end class ForceSSLExceptActionTest < ActionController::TestCase def test_banana_not_redirects_to_https get :banana assert_response 200 end def test_cheeseburger_redirects_to_https get :cheeseburger assert_response 301 assert_equal "https://test.host/force_ssl_except_action/cheeseburger", redirect_to_url end end class ForceSSLIfConditionTest < ActionController::TestCase def test_banana_not_redirects_to_https get :banana assert_response 200 end def test_cheeseburger_redirects_to_https get :cheeseburger assert_response 301 assert_equal "https://test.host/force_ssl_if_condition/cheeseburger", redirect_to_url end end class ForceSSLFlashTest < ActionController::TestCase def test_cheeseburger_redirects_to_https get :set_flash assert_response 302 assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url # FIXME: AC::TestCase#build_request_uri doesn't build a new uri if PATH_INFO exists @request.env.delete('PATH_INFO') get :cheeseburger assert_response 301 assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url # FIXME: AC::TestCase#build_request_uri doesn't build a new uri if PATH_INFO exists @request.env.delete('PATH_INFO') get :use_flash assert_equal "hello", assigns["flash_copy"]["that"] assert_equal "hello", assigns["flashy"] end end class ForceSSLDuplicateRoutesTest < ActionController::TestCase tests ForceSSLControllerLevel def test_force_ssl_redirects_to_same_path with_routing do |set| set.draw do get '/foo', :to => 'force_ssl_controller_level#banana' get '/bar', :to => 'force_ssl_controller_level#banana' end @request.env['PATH_INFO'] = '/bar' get :banana assert_response 301 assert_equal 'https://test.host/bar', redirect_to_url end end end class ForceSSLFormatTest < ActionController::TestCase tests ForceSSLControllerLevel def test_force_ssl_redirects_to_same_format with_routing do |set| set.draw do get '/foo', :to => 'force_ssl_controller_level#banana' end get :banana, format: :json assert_response 301 assert_equal 'https://test.host/foo.json', redirect_to_url end end end class ForceSSLOptionalSegmentsTest < ActionController::TestCase tests ForceSSLControllerLevel def test_force_ssl_redirects_to_same_format with_routing do |set| set.draw do scope '(:locale)' do defaults :locale => 'en' do get '/foo', :to => 'force_ssl_controller_level#banana' end end end @request.env['PATH_INFO'] = '/en/foo' get :banana, params: { locale: 'en' } assert_equal 'en', @controller.params[:locale] assert_response 301 assert_equal 'https://test.host/en/foo', redirect_to_url end end end class RedirectToSSLTest < ActionController::TestCase def test_banana_redirects_to_https_if_not_https get :banana assert_response 301 assert_equal "https://test.host/redirect_to_ssl/banana", redirect_to_url end def test_cheeseburgers_redirects_to_https_with_new_host_if_not_https get :cheeseburger assert_response 301 assert_equal "https://secure.cheeseburger.host/redirect_to_ssl/cheeseburger", redirect_to_url end def test_banana_does_not_redirect_if_already_https request.env['HTTPS'] = 'on' get :cheeseburger assert_response 200 assert_equal 'ihaz', response.body end end