aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/force_ssl_test.rb
blob: 72ae30eb39687a9dc79f1852e82bc3998f0042e4 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
require 'abstract_unit'

class ForceSSLController < ActionController::Base
  def banana
    render :text => "monkey"
  end

  def cheeseburger
    render :text => "sikachu"
  end
end

class ForceSSLControllerLevel < ForceSSLController
  force_ssl
end

class ForceSSLCustomOptions < ForceSSLController
  force_ssl :host => "secure.example.com", :only => :redirect_host
  force_ssl :port => 8443, :only => :redirect_port
  force_ssl :subdomain => 'secure', :only => :redirect_subdomain
  force_ssl :domain => 'secure.com', :only => :redirect_domain
  force_ssl :path => '/foo', :only => :redirect_path
  force_ssl :status => :found, :only => :redirect_status
  force_ssl :flash => { :message => 'Foo, Bar!' }, :only => :redirect_flash
  force_ssl :alert => 'Foo, Bar!', :only => :redirect_alert
  force_ssl :notice => 'Foo, Bar!', :only => :redirect_notice

  def force_ssl_action
    render :text => action_name
  end

  alias_method :redirect_host, :force_ssl_action
  alias_method :redirect_port, :force_ssl_action
  alias_method :redirect_subdomain, :force_ssl_action
  alias_method :redirect_domain, :force_ssl_action
  alias_method :redirect_path, :force_ssl_action
  alias_method :redirect_status, :force_ssl_action
  alias_method :redirect_flash, :force_ssl_action
  alias_method :redirect_alert, :force_ssl_action
  alias_method :redirect_notice, :force_ssl_action

  def use_flash
    render :text => flash[:message]
  end

  def use_alert
    render :text => flash[:alert]
  end

  def use_notice
    render :text => flash[:notice]
  end
end

class ForceSSLOnlyAction < ForceSSLController
  force_ssl :only => :cheeseburger
end

class ForceSSLExceptAction < ForceSSLController
  force_ssl :except => :banana
end

class ForceSSLIfCondition < ForceSSLController
  force_ssl :if => :use_force_ssl?

  def use_force_ssl?
    action_name == 'cheeseburger'
  end
end

class ForceSSLFlash < ForceSSLController
  force_ssl :except => [:banana, :set_flash, :use_flash]

  def set_flash
    flash["that"] = "hello"
    redirect_to '/force_ssl_flash/cheeseburger'
  end

  def use_flash
    @flash_copy = {}.update flash
    @flashy = flash["that"]
    render :inline => "hello"
  end
end

class RedirectToSSL < ForceSSLController
  def banana
    force_ssl_redirect || render(:text => 'monkey')
  end
  def cheeseburger
    force_ssl_redirect('secure.cheeseburger.host') || render(:text => 'ihaz')
  end
end

class ForceSSLControllerLevelTest < ActionController::TestCase
  def test_banana_redirects_to_https
    get :banana
    assert_response 301
    assert_equal "https://test.host/force_ssl_controller_level/banana", redirect_to_url
  end

  def test_banana_redirects_to_https_with_extra_params
    get :banana, params: { token: "secret" }
    assert_response 301
    assert_equal "https://test.host/force_ssl_controller_level/banana?token=secret", redirect_to_url
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_controller_level/cheeseburger", redirect_to_url
  end
end

class ForceSSLCustomOptionsTest < ActionController::TestCase
  def setup
    @request.env['HTTP_HOST'] = 'www.example.com:80'
  end

  def test_redirect_to_custom_host
    get :redirect_host
    assert_response 301
    assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_host", redirect_to_url
  end

  def test_redirect_to_custom_port
    get :redirect_port
    assert_response 301
    assert_equal "https://www.example.com:8443/force_ssl_custom_options/redirect_port", redirect_to_url
  end

  def test_redirect_to_custom_subdomain
    get :redirect_subdomain
    assert_response 301
    assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_subdomain", redirect_to_url
  end

  def test_redirect_to_custom_domain
    get :redirect_domain
    assert_response 301
    assert_equal "https://www.secure.com/force_ssl_custom_options/redirect_domain", redirect_to_url
  end

  def test_redirect_to_custom_path
    get :redirect_path
    assert_response 301
    assert_equal "https://www.example.com/foo", redirect_to_url
  end

  def test_redirect_to_custom_status
    get :redirect_status
    assert_response 302
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_status", redirect_to_url
  end

  def test_redirect_to_custom_flash
    get :redirect_flash
    assert_response 301
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_flash", redirect_to_url

    get :use_flash
    assert_response 200
    assert_equal "Foo, Bar!", @response.body
  end

  def test_redirect_to_custom_alert
    get :redirect_alert
    assert_response 301
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_alert", redirect_to_url

    get :use_alert
    assert_response 200
    assert_equal "Foo, Bar!", @response.body
  end

  def test_redirect_to_custom_notice
    get :redirect_notice
    assert_response 301
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_notice", redirect_to_url

    get :use_notice
    assert_response 200
    assert_equal "Foo, Bar!", @response.body
  end
end

class ForceSSLOnlyActionTest < ActionController::TestCase
  def test_banana_not_redirects_to_https
    get :banana
    assert_response 200
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_only_action/cheeseburger", redirect_to_url
  end
end

class ForceSSLExceptActionTest < ActionController::TestCase
  def test_banana_not_redirects_to_https
    get :banana
    assert_response 200
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_except_action/cheeseburger", redirect_to_url
  end
end

class ForceSSLIfConditionTest < ActionController::TestCase
  def test_banana_not_redirects_to_https
    get :banana
    assert_response 200
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_if_condition/cheeseburger", redirect_to_url
  end
end

class ForceSSLFlashTest < ActionController::TestCase
  def test_cheeseburger_redirects_to_https
    get :set_flash
    assert_response 302
    assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url

    # FIXME: AC::TestCase#build_request_uri doesn't build a new uri if PATH_INFO exists
    @request.env.delete('PATH_INFO')

    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url

    # FIXME: AC::TestCase#build_request_uri doesn't build a new uri if PATH_INFO exists
    @request.env.delete('PATH_INFO')

    get :use_flash
    assert_equal "hello", @controller.instance_variable_get("@flash_copy")["that"]
    assert_equal "hello", @controller.instance_variable_get("@flashy")
  end
end

class ForceSSLDuplicateRoutesTest < ActionController::TestCase
  tests ForceSSLControllerLevel

  def test_force_ssl_redirects_to_same_path
    with_routing do |set|
      set.draw do
        get '/foo', :to => 'force_ssl_controller_level#banana'
        get '/bar', :to => 'force_ssl_controller_level#banana'
      end

      @request.env['PATH_INFO'] = '/bar'

      get :banana
      assert_response 301
      assert_equal 'https://test.host/bar', redirect_to_url
    end
  end
end

class ForceSSLFormatTest < ActionController::TestCase
  tests ForceSSLControllerLevel

  def test_force_ssl_redirects_to_same_format
    with_routing do |set|
      set.draw do
        get '/foo', :to => 'force_ssl_controller_level#banana'
      end

      get :banana, format: :json
      assert_response 301
      assert_equal 'https://test.host/foo.json', redirect_to_url
    end
  end
end

class ForceSSLOptionalSegmentsTest < ActionController::TestCase
  tests ForceSSLControllerLevel

  def test_force_ssl_redirects_to_same_format
    with_routing do |set|
      set.draw do
        scope '(:locale)' do
          defaults :locale => 'en' do
            get '/foo', :to => 'force_ssl_controller_level#banana'
          end
        end
      end

      @request.env['PATH_INFO'] = '/en/foo'
      get :banana, params: { locale: 'en' }
      assert_equal 'en',  @controller.params[:locale]
      assert_response 301
      assert_equal 'https://test.host/en/foo', redirect_to_url
    end
  end
end

class RedirectToSSLTest < ActionController::TestCase
  def test_banana_redirects_to_https_if_not_https
    get :banana
    assert_response 301
    assert_equal "https://test.host/redirect_to_ssl/banana", redirect_to_url
  end

  def test_cheeseburgers_redirects_to_https_with_new_host_if_not_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://secure.cheeseburger.host/redirect_to_ssl/cheeseburger", redirect_to_url
  end

  def test_cheeseburgers_does_not_redirect_if_already_https
    request.env['HTTPS'] = 'on'
    get :cheeseburger
    assert_response 200
    assert_equal 'ihaz', response.body
  end
end