1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
|
# frozen_string_literal: true
require "abstract_unit"
class ForceSSLController < ActionController::Base
def banana
render plain: "monkey"
end
def cheeseburger
render plain: "sikachu"
end
end
class ForceSSLControllerLevel < ForceSSLController
ActiveSupport::Deprecation.silence do
force_ssl
end
end
class ForceSSLCustomOptions < ForceSSLController
ActiveSupport::Deprecation.silence do
force_ssl host: "secure.example.com", only: :redirect_host
force_ssl port: 8443, only: :redirect_port
force_ssl subdomain: "secure", only: :redirect_subdomain
force_ssl domain: "secure.com", only: :redirect_domain
force_ssl path: "/foo", only: :redirect_path
force_ssl status: :found, only: :redirect_status
force_ssl flash: { message: "Foo, Bar!" }, only: :redirect_flash
force_ssl alert: "Foo, Bar!", only: :redirect_alert
force_ssl notice: "Foo, Bar!", only: :redirect_notice
end
def force_ssl_action
render plain: action_name
end
alias_method :redirect_host, :force_ssl_action
alias_method :redirect_port, :force_ssl_action
alias_method :redirect_subdomain, :force_ssl_action
alias_method :redirect_domain, :force_ssl_action
alias_method :redirect_path, :force_ssl_action
alias_method :redirect_status, :force_ssl_action
alias_method :redirect_flash, :force_ssl_action
alias_method :redirect_alert, :force_ssl_action
alias_method :redirect_notice, :force_ssl_action
def use_flash
render plain: flash[:message]
end
def use_alert
render plain: flash[:alert]
end
def use_notice
render plain: flash[:notice]
end
end
class ForceSSLOnlyAction < ForceSSLController
ActiveSupport::Deprecation.silence do
force_ssl only: :cheeseburger
end
end
class ForceSSLExceptAction < ForceSSLController
ActiveSupport::Deprecation.silence do
force_ssl except: :banana
end
end
class ForceSSLIfCondition < ForceSSLController
ActiveSupport::Deprecation.silence do
force_ssl if: :use_force_ssl?
end
def use_force_ssl?
action_name == "cheeseburger"
end
end
class ForceSSLFlash < ForceSSLController
ActiveSupport::Deprecation.silence do
force_ssl except: [:banana, :set_flash, :use_flash]
end
def set_flash
flash["that"] = "hello"
redirect_to "/force_ssl_flash/cheeseburger"
end
def use_flash
@flash_copy = {}.update flash
@flashy = flash["that"]
render inline: "hello"
end
end
class RedirectToSSL < ForceSSLController
def banana
force_ssl_redirect || render(plain: "monkey")
end
def cheeseburger
force_ssl_redirect("secure.cheeseburger.host") || render(plain: "ihaz")
end
end
class ForceSSLControllerLevelTest < ActionController::TestCase
def test_banana_redirects_to_https
get :banana
assert_response 301
assert_equal "https://test.host/force_ssl_controller_level/banana", redirect_to_url
end
def test_banana_redirects_to_https_with_extra_params
get :banana, params: { token: "secret" }
assert_response 301
assert_equal "https://test.host/force_ssl_controller_level/banana?token=secret", redirect_to_url
end
def test_cheeseburger_redirects_to_https
get :cheeseburger
assert_response 301
assert_equal "https://test.host/force_ssl_controller_level/cheeseburger", redirect_to_url
end
end
class ForceSSLCustomOptionsTest < ActionController::TestCase
def setup
@request.env["HTTP_HOST"] = "www.example.com:80"
end
def test_redirect_to_custom_host
get :redirect_host
assert_response 301
assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_host", redirect_to_url
end
def test_redirect_to_custom_port
get :redirect_port
assert_response 301
assert_equal "https://www.example.com:8443/force_ssl_custom_options/redirect_port", redirect_to_url
end
def test_redirect_to_custom_subdomain
get :redirect_subdomain
assert_response 301
assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_subdomain", redirect_to_url
end
def test_redirect_to_custom_domain
get :redirect_domain
assert_response 301
assert_equal "https://www.secure.com/force_ssl_custom_options/redirect_domain", redirect_to_url
end
def test_redirect_to_custom_path
get :redirect_path
assert_response 301
assert_equal "https://www.example.com/foo", redirect_to_url
end
def test_redirect_to_custom_status
get :redirect_status
assert_response 302
assert_equal "https://www.example.com/force_ssl_custom_options/redirect_status", redirect_to_url
end
def test_redirect_to_custom_flash
get :redirect_flash
assert_response 301
assert_equal "https://www.example.com/force_ssl_custom_options/redirect_flash", redirect_to_url
get :use_flash
assert_response 200
assert_equal "Foo, Bar!", @response.body
end
def test_redirect_to_custom_alert
get :redirect_alert
assert_response 301
assert_equal "https://www.example.com/force_ssl_custom_options/redirect_alert", redirect_to_url
get :use_alert
assert_response 200
assert_equal "Foo, Bar!", @response.body
end
def test_redirect_to_custom_notice
get :redirect_notice
assert_response 301
assert_equal "https://www.example.com/force_ssl_custom_options/redirect_notice", redirect_to_url
get :use_notice
assert_response 200
assert_equal "Foo, Bar!", @response.body
end
end
class ForceSSLOnlyActionTest < ActionController::TestCase
def test_banana_not_redirects_to_https
get :banana
assert_response 200
end
def test_cheeseburger_redirects_to_https
get :cheeseburger
assert_response 301
assert_equal "https://test.host/force_ssl_only_action/cheeseburger", redirect_to_url
end
end
class ForceSSLExceptActionTest < ActionController::TestCase
def test_banana_not_redirects_to_https
get :banana
assert_response 200
end
def test_cheeseburger_redirects_to_https
get :cheeseburger
assert_response 301
assert_equal "https://test.host/force_ssl_except_action/cheeseburger", redirect_to_url
end
end
class ForceSSLIfConditionTest < ActionController::TestCase
def test_banana_not_redirects_to_https
get :banana
assert_response 200
end
def test_cheeseburger_redirects_to_https
get :cheeseburger
assert_response 301
assert_equal "https://test.host/force_ssl_if_condition/cheeseburger", redirect_to_url
end
end
class ForceSSLFlashTest < ActionController::TestCase
def test_cheeseburger_redirects_to_https
get :set_flash
assert_response 302
assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url
@request.env.delete("PATH_INFO")
get :cheeseburger
assert_response 301
assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url
@request.env.delete("PATH_INFO")
get :use_flash
assert_equal "hello", @controller.instance_variable_get("@flash_copy")["that"]
assert_equal "hello", @controller.instance_variable_get("@flashy")
end
end
class ForceSSLDuplicateRoutesTest < ActionController::TestCase
tests ForceSSLControllerLevel
def test_force_ssl_redirects_to_same_path
with_routing do |set|
set.draw do
get "/foo", to: "force_ssl_controller_level#banana"
get "/bar", to: "force_ssl_controller_level#banana"
end
@request.env["PATH_INFO"] = "/bar"
get :banana
assert_response 301
assert_equal "https://test.host/bar", redirect_to_url
end
end
end
class ForceSSLFormatTest < ActionController::TestCase
tests ForceSSLControllerLevel
def test_force_ssl_redirects_to_same_format
with_routing do |set|
set.draw do
get "/foo", to: "force_ssl_controller_level#banana"
end
get :banana, format: :json
assert_response 301
assert_equal "https://test.host/foo.json", redirect_to_url
end
end
end
class ForceSSLOptionalSegmentsTest < ActionController::TestCase
tests ForceSSLControllerLevel
def test_force_ssl_redirects_to_same_format
with_routing do |set|
set.draw do
scope "(:locale)" do
defaults locale: "en" do
get "/foo", to: "force_ssl_controller_level#banana"
end
end
end
@request.env["PATH_INFO"] = "/en/foo"
get :banana, params: { locale: "en" }
assert_equal "en", @controller.params[:locale]
assert_response 301
assert_equal "https://test.host/en/foo", redirect_to_url
end
end
end
class RedirectToSSLTest < ActionController::TestCase
def test_banana_redirects_to_https_if_not_https
get :banana
assert_response 301
assert_equal "https://test.host/redirect_to_ssl/banana", redirect_to_url
end
def test_cheeseburgers_redirects_to_https_with_new_host_if_not_https
get :cheeseburger
assert_response 301
assert_equal "https://secure.cheeseburger.host/redirect_to_ssl/cheeseburger", redirect_to_url
end
def test_cheeseburgers_does_not_redirect_if_already_https
request.env["HTTPS"] = "on"
get :cheeseburger
assert_response 200
assert_equal "ihaz", response.body
end
end
class ForceSSLControllerLevelTest < ActionController::TestCase
def test_no_redirect_websocket_ssl_request
request.env["rack.url_scheme"] = "wss"
request.env["Upgrade"] = "websocket"
get :cheeseburger
assert_response 200
end
end
|