aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/force_ssl_test.rb
blob: 7f59f6acaf759415de5b238c57a0af0e5a37f731 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
# frozen_string_literal: true

require "abstract_unit"

class ForceSSLController < ActionController::Base
  def banana
    render plain: "monkey"
  end

  def cheeseburger
    render plain: "sikachu"
  end
end

class ForceSSLControllerLevel < ForceSSLController
  ActiveSupport::Deprecation.silence do
    force_ssl
  end
end

class ForceSSLCustomOptions < ForceSSLController
  ActiveSupport::Deprecation.silence do
    force_ssl host: "secure.example.com", only: :redirect_host
    force_ssl port: 8443, only: :redirect_port
    force_ssl subdomain: "secure", only: :redirect_subdomain
    force_ssl domain: "secure.com", only: :redirect_domain
    force_ssl path: "/foo", only: :redirect_path
    force_ssl status: :found, only: :redirect_status
    force_ssl flash: { message: "Foo, Bar!" }, only: :redirect_flash
    force_ssl alert: "Foo, Bar!", only: :redirect_alert
    force_ssl notice: "Foo, Bar!", only: :redirect_notice
  end

  def force_ssl_action
    render plain: action_name
  end

  alias_method :redirect_host, :force_ssl_action
  alias_method :redirect_port, :force_ssl_action
  alias_method :redirect_subdomain, :force_ssl_action
  alias_method :redirect_domain, :force_ssl_action
  alias_method :redirect_path, :force_ssl_action
  alias_method :redirect_status, :force_ssl_action
  alias_method :redirect_flash, :force_ssl_action
  alias_method :redirect_alert, :force_ssl_action
  alias_method :redirect_notice, :force_ssl_action

  def use_flash
    render plain: flash[:message]
  end

  def use_alert
    render plain: flash[:alert]
  end

  def use_notice
    render plain: flash[:notice]
  end
end

class ForceSSLOnlyAction < ForceSSLController
  ActiveSupport::Deprecation.silence do
    force_ssl only: :cheeseburger
  end
end

class ForceSSLExceptAction < ForceSSLController
  ActiveSupport::Deprecation.silence do
    force_ssl except: :banana
  end
end

class ForceSSLIfCondition < ForceSSLController
  ActiveSupport::Deprecation.silence do
    force_ssl if: :use_force_ssl?
  end

  def use_force_ssl?
    action_name == "cheeseburger"
  end
end

class ForceSSLFlash < ForceSSLController
  ActiveSupport::Deprecation.silence do
    force_ssl except: [:banana, :set_flash, :use_flash]
  end

  def set_flash
    flash["that"] = "hello"
    redirect_to "/force_ssl_flash/cheeseburger"
  end

  def use_flash
    @flash_copy = {}.update flash
    @flashy = flash["that"]
    render inline: "hello"
  end
end

class RedirectToSSL < ForceSSLController
  def banana
    force_ssl_redirect || render(plain: "monkey")
  end
  def cheeseburger
    force_ssl_redirect("secure.cheeseburger.host") || render(plain: "ihaz")
  end
end

class ForceSSLControllerLevelTest < ActionController::TestCase
  def test_banana_redirects_to_https
    get :banana
    assert_response 301
    assert_equal "https://test.host/force_ssl_controller_level/banana", redirect_to_url
  end

  def test_banana_redirects_to_https_with_extra_params
    get :banana, params: { token: "secret" }
    assert_response 301
    assert_equal "https://test.host/force_ssl_controller_level/banana?token=secret", redirect_to_url
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_controller_level/cheeseburger", redirect_to_url
  end
end

class ForceSSLCustomOptionsTest < ActionController::TestCase
  def setup
    @request.env["HTTP_HOST"] = "www.example.com:80"
  end

  def test_redirect_to_custom_host
    get :redirect_host
    assert_response 301
    assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_host", redirect_to_url
  end

  def test_redirect_to_custom_port
    get :redirect_port
    assert_response 301
    assert_equal "https://www.example.com:8443/force_ssl_custom_options/redirect_port", redirect_to_url
  end

  def test_redirect_to_custom_subdomain
    get :redirect_subdomain
    assert_response 301
    assert_equal "https://secure.example.com/force_ssl_custom_options/redirect_subdomain", redirect_to_url
  end

  def test_redirect_to_custom_domain
    get :redirect_domain
    assert_response 301
    assert_equal "https://www.secure.com/force_ssl_custom_options/redirect_domain", redirect_to_url
  end

  def test_redirect_to_custom_path
    get :redirect_path
    assert_response 301
    assert_equal "https://www.example.com/foo", redirect_to_url
  end

  def test_redirect_to_custom_status
    get :redirect_status
    assert_response 302
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_status", redirect_to_url
  end

  def test_redirect_to_custom_flash
    get :redirect_flash
    assert_response 301
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_flash", redirect_to_url

    get :use_flash
    assert_response 200
    assert_equal "Foo, Bar!", @response.body
  end

  def test_redirect_to_custom_alert
    get :redirect_alert
    assert_response 301
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_alert", redirect_to_url

    get :use_alert
    assert_response 200
    assert_equal "Foo, Bar!", @response.body
  end

  def test_redirect_to_custom_notice
    get :redirect_notice
    assert_response 301
    assert_equal "https://www.example.com/force_ssl_custom_options/redirect_notice", redirect_to_url

    get :use_notice
    assert_response 200
    assert_equal "Foo, Bar!", @response.body
  end
end

class ForceSSLOnlyActionTest < ActionController::TestCase
  def test_banana_not_redirects_to_https
    get :banana
    assert_response 200
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_only_action/cheeseburger", redirect_to_url
  end
end

class ForceSSLExceptActionTest < ActionController::TestCase
  def test_banana_not_redirects_to_https
    get :banana
    assert_response 200
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_except_action/cheeseburger", redirect_to_url
  end
end

class ForceSSLIfConditionTest < ActionController::TestCase
  def test_banana_not_redirects_to_https
    get :banana
    assert_response 200
  end

  def test_cheeseburger_redirects_to_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_if_condition/cheeseburger", redirect_to_url
  end
end

class ForceSSLFlashTest < ActionController::TestCase
  def test_cheeseburger_redirects_to_https
    get :set_flash
    assert_response 302
    assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url

    @request.env.delete("PATH_INFO")

    get :cheeseburger
    assert_response 301
    assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url

    @request.env.delete("PATH_INFO")

    get :use_flash
    assert_equal "hello", @controller.instance_variable_get("@flash_copy")["that"]
    assert_equal "hello", @controller.instance_variable_get("@flashy")
  end
end

class ForceSSLDuplicateRoutesTest < ActionController::TestCase
  tests ForceSSLControllerLevel

  def test_force_ssl_redirects_to_same_path
    with_routing do |set|
      set.draw do
        get "/foo", to: "force_ssl_controller_level#banana"
        get "/bar", to: "force_ssl_controller_level#banana"
      end

      @request.env["PATH_INFO"] = "/bar"

      get :banana
      assert_response 301
      assert_equal "https://test.host/bar", redirect_to_url
    end
  end
end

class ForceSSLFormatTest < ActionController::TestCase
  tests ForceSSLControllerLevel

  def test_force_ssl_redirects_to_same_format
    with_routing do |set|
      set.draw do
        get "/foo", to: "force_ssl_controller_level#banana"
      end

      get :banana, format: :json
      assert_response 301
      assert_equal "https://test.host/foo.json", redirect_to_url
    end
  end
end

class ForceSSLOptionalSegmentsTest < ActionController::TestCase
  tests ForceSSLControllerLevel

  def test_force_ssl_redirects_to_same_format
    with_routing do |set|
      set.draw do
        scope "(:locale)" do
          defaults locale: "en" do
            get "/foo", to: "force_ssl_controller_level#banana"
          end
        end
      end

      @request.env["PATH_INFO"] = "/en/foo"
      get :banana, params: { locale: "en" }
      assert_equal "en",  @controller.params[:locale]
      assert_response 301
      assert_equal "https://test.host/en/foo", redirect_to_url
    end
  end
end

class RedirectToSSLTest < ActionController::TestCase
  def test_banana_redirects_to_https_if_not_https
    get :banana
    assert_response 301
    assert_equal "https://test.host/redirect_to_ssl/banana", redirect_to_url
  end

  def test_cheeseburgers_redirects_to_https_with_new_host_if_not_https
    get :cheeseburger
    assert_response 301
    assert_equal "https://secure.cheeseburger.host/redirect_to_ssl/cheeseburger", redirect_to_url
  end

  def test_cheeseburgers_does_not_redirect_if_already_https
    request.env["HTTPS"] = "on"
    get :cheeseburger
    assert_response 200
    assert_equal "ihaz", response.body
  end
end

class ForceSSLControllerLevelTest < ActionController::TestCase
  def test_no_redirect_websocket_ssl_request
    request.env["rack.url_scheme"] = "wss"
    request.env["Upgrade"] = "websocket"
    get :cheeseburger
    assert_response 200
  end
end