ActionItem438: implemented SSL requirements

Changes: * Implemented require_ssl and refuse_ssl in ApplicationController * Changed AccountController to require SSL + pointing to HTTPS in login forms * Changed PublicController to refuse SSL, and fixed all controllers in app/controllers/public to inherit from it (with some exceptions). * Changed MyProfileController to require SSL Side-effects: * Some controllers had been changed in an unappropriated way for the new SSL requirement. * Some tests changed to reflect the new SSL requirements. * Needed to tweak content_viewer controller to deal with SSL URL's: + Fixed detection of user coming from public view that was broke by the SSL thing. * adapted enterprise_registration tests git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2458 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem438: implemented SSL requirements
Changes: * Implemented require_ssl and refuse_ssl in ApplicationController * Changed AccountController to require SSL + pointing to HTTPS in login forms * Changed PublicController to refuse SSL, and fixed all controllers in app/controllers/public to inherit from it (with some exceptions). * Changed MyProfileController to require SSL Side-effects: * Some controllers had been changed in an unappropriated way for the new SSL requirement. * Some tests changed to reflect the new SSL requirements. * Needed to tweak content_viewer controller to deal with SSL URL's: + Fixed detection of user coming from public view that was broke by the SSL thing. * adapted enterprise_registration tests git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2458 3f533792-8f58-4932-b0fe-aaf55b0a4547
AntonioTerceiro
1 parent d240b511
Showing 39 changed files with 215 additions and 17 deletions Show diff stats
app/controllers/application.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/catalog_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/enterprise_registration_controller.rb
app/controllers/public/profile_controller.rb
app/controllers/public/search_controller.rb
app/controllers/public/tag_controller.rb
app/controllers/public_controller.rb
app/helpers/application_helper.rb
app/views/account/_login_form.rhtml
app/views/account/login.rhtml
app/views/account/login_block.rhtml
test/functional/account_controller_test.rb
test/functional/application_controller_test.rb
test/functional/cms_controller_test.rb
test/functional/content_viewer_controller_test.rb
test/functional/enterprise_editor_controller_test.rb
@@ -30,6 +30,22 @@ class ApplicationController &lt; ActionController::Base
   include AuthenticatedSystem
   include PermissionCheck
  
+  def self.require_ssl(*options)
+    before_filter :check_ssl, *options
+  end
+  def check_ssl
+    return true if (request.ssl? || ENV['RAILS_ENV'] == 'development')
+    redirect_to :protocol => 'https://'
+  end
+
+  def self.refuse_ssl(*options)
+    before_filter :avoid_ssl, *options
+  end
+  def avoid_ssl
+    return true if (!request.ssl? || ENV['RAILS_ENV'] == 'development')
+    redirect_to :protocol => 'http://'
+  end
+
   before_init_gettext :maybe_save_locale
   after_init_gettext :check_locale
   init_gettext 'noosfero'
@@ -165,7 +165,7 @@ class CmsController &lt; MyProfileController
  
   def record_coming_from_public_view
     referer = request.referer
-    if (referer == url_for(@article.url)) || (@article == @profile.home_page && referer == url_for(@profile.url))
+    if (maybe_ssl(url_for(@article.url)).include?(referer)) || (@article == @profile.home_page && maybe_ssl(url_for(@profile.url)).include?(referer))
       @back_to = 'public_view'
       @back_url = @article.url
     end
@@ -173,11 +173,15 @@ class CmsController &lt; MyProfileController
  
   def record_creating_from_public_view
     referer = request.referer
-    if (referer =~ Regexp.new("^#{url_for(profile.url)}"))
+    if (referer =~ Regexp.new("^#{(url_for(profile.url).sub('https:', 'https?:'))}"))
       @back_to = 'public_view'
       @back_url = referer
     end
   end
  
+  def maybe_ssl(url)
+    [url, url.sub('https:', 'http:')]
+  end
+
 end
  
@@ -2,6 +2,8 @@ class MyProfileController &lt; ApplicationController
  
   needs_profile
  
+  require_ssl
+
   # declares that the controller needs an specific type of profile. Example:
   #
   #  class PersonDetailControlles < ProfileAdminController
-class AccountController < PublicController
+class AccountController < ApplicationController
  
   inverse_captcha :field => 'e_mail'
  
+  require_ssl :except => [ :login_popup ]
+
   # say something nice, you goof!  something sweet.
   def index
     unless logged_in?
-class CatalogController < ApplicationController
+class CatalogController < PublicController
   needs_profile
   before_filter :check_enterprise_and_environment
  
-class ContentViewerController < PublicController
+class ContentViewerController < ApplicationController
  
   needs_profile
  
@@ -28,6 +28,11 @@ class ContentViewerController &lt; PublicController
       end
     end
  
+    if !@page.public? && !request.ssl?
+      redirect_to :protocol => 'https://'
+      return
+    end
+
     if !@page.display_to?(user)
       # FIXME find a nice "access denied" layout
       render :action => 'access_denied', :status => 403, :layout => false
 class EnterpriseRegistrationController < ApplicationController
  
+  require_ssl
+
   before_filter :login_required
  
   # Just go to the first step.
-class ProfileController < ApplicationController
+class ProfileController < PublicController
  
   needs_profile
   before_filter :check_access_to_profile
-class SearchController < ApplicationController  
+class SearchController < PublicController
  
   helper TagsHelper
  
-class TagController < ApplicationController
+class TagController < PublicController
  
 end
 class PublicController < ApplicationController
+  refuse_ssl
 end
@@ -707,4 +707,10 @@ module ApplicationHelper
     end
   end
  
+  def login_url
+    options = { :controller => 'account', :action => 'login' }
+    options.merge!(:protocol => 'https://', :host => request.host) unless ENV['RAILS_ENV'] == 'development'
+    url_for(options)
+  end
+
 end
 <% labelled_form_for :user, @user,
-   :url => { :controller => 'account', :action => 'login' },
+   :url => login_url,
    :html => { :help => _('If you are a registered user, enter your username and password to be authenticated.')+'<p/>'+_('To join on this environment, click on "<b>I want to be an user!</b>".')+'<p/>'+_('If you forgot your password, click on "<b>I forgot my password!</b>" link.') } do |f| %>
  
 <%= f.text_field :login,
@@ -5,7 +5,7 @@
 <% @user = User.new unless @user %>
  
 <% labelled_form_for :user, @user,
-   :url => { :controller => 'account', :action => 'login' },
+   :url => login_url,
    :html => { :help => _('If you are a registered user, enter your username and password to be authenticated.')+'<p/>'+_('To join on this environment, click on "<b>I want to be an user!</b>".')+'<p/>'+_('If you forgot your password, click on "<b>I forgot my password!</b>" link.') } do |f| %>
  
 <%= f.text_field :login,
@@ -11,7 +11,7 @@
  
     <% labelled_form_for :user, @user,
        :html => { :help => _('If you are a registered user, enter your username and password to be authenticated.')+'<p/>'+_('To join on this environment, click on "<b>New user</b>".')+'<p/>'+_('If you forgot your password, click on "<b>I forgot my password!</b>" link.') },
-       :url => { :controller => 'account', :action => 'login' } do |f| %>
+       :url => login_url do |f| %>
  
 <%= f.text_field :login,
                  :help => _('Here goes the nickname that you give on the registration.'),
@@ -15,6 +15,8 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     @controller = AccountController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
+
+    @request.stubs(:ssl?).returns(true)
   end
  
   def test_local_files_reference
@@ -515,6 +517,29 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     assert_equal 1, assigns(:user).person.boxes[0].blocks.size
   end
  
+  should 'force ssl' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :index
+    assert_redirected_to :protocol => 'https://'
+  end
+
+  should 'alllow login_popup without SSL' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :login_popup
+    assert_response :success
+  end
+
+  should 'point to SSL URL in login popup' do
+    get :login_popup
+    assert_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
+  end
+
+  should 'not point to SSL URL in login popup when in development mode' do
+    ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
+    get :login_popup
+    assert_no_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
+  end
+
   protected
     def create_user(options = {}, extra_options ={})
       post :signup, { :user => { :login => 'quire',
@@ -224,4 +224,52 @@ class ApplicationControllerTest &lt; Test::Unit::TestCase
     get :index
   end
  
+  should 'require ssl when told to' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :sslonly
+    assert_redirected_to :protocol => 'https://'
+  end
+
+  should 'not force ssl in development mode' do
+    ENV.expects(:[]).with('RAILS_ENV').returns('development')
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :sslonly
+    assert_response :success
+  end
+
+  should 'not force ssl when not told to' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :doesnt_need_ssl
+    assert_response :success
+  end
+
+  should 'not force ssl when already in ssl' do
+    @request.expects(:ssl?).returns(true).at_least_once
+    get :sslonly
+    assert_response :success
+  end
+
+  should 'refuse ssl when told to' do
+    @request.expects(:ssl?).returns(true).at_least_once
+    get :nossl
+    assert_redirected_to :protocol => "http://"
+  end
+
+  should 'not refuse ssl when not told to' do
+    @request.expects(:ssl?).returns(true).at_least_once
+    get :doesnt_refuse_ssl
+    assert_response :success
+  end
+  should 'not refuse ssl while in development mode' do
+    ENV.expects(:[]).with('RAILS_ENV').returns('development')
+    @request.expects(:ssl?).returns(true).at_least_once
+    get :nossl
+    assert_response :success
+  end
+  should 'not refuse ssl when not in ssl' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :nossl
+    assert_response :success
+  end
+
 end
@@ -11,6 +11,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = CmsController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     @profile = create_user_with_permission('testinguser', 'post_content')
@@ -513,14 +514,14 @@ class CmsControllerTest &lt; Test::Unit::TestCase
  
     get :edit, :profile => 'testinguser', :id => article.id
     assert_tag :tag => 'input', :attributes => { :type => 'hidden', :name => 'back_to', :value => 'public_view' }
-    assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => 'http://colivre.net/testinguser/myarticle' }
+    assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => /^https?:\/\/colivre.net\/testinguser\/myarticle/ }
   end
  
   should 'detect when comming from home page' do
     @request.expects(:referer).returns('http://colivre.net/testinguser')
     get :edit, :profile => 'testinguser', :id => @profile.home_page.id
     assert_tag :tag => 'input', :attributes => { :type => 'hidden', :name => 'back_to', :value => 'public_view' }
-    assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => 'http://colivre.net/testinguser/' + @profile.home_page.slug }
+    assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => /^https?:\/\/colivre.net\/testinguser\/#{@profile.home_page.slug}$/ }
   end
  
   should 'go back to public view when saving coming from there' do
@@ -370,6 +370,8 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
   should 'not give access to private articles if logged off' do
     profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
     intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false)
+
+    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'access_denied'
@@ -379,6 +381,8 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     login_as('testinguser')
     profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
     intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false)
+
+    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'access_denied'
@@ -391,6 +395,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile.affiliate(person, Profile::Roles.member)
     login_as('test_user')
  
+    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'view_page'
@@ -412,6 +417,20 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
  
     assert_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + profile.identifier + '/cms/publish/' + page.id.to_s)}
   end
+
+  should 'require SSL for viewing non-public articles' do
+    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :public_article => false)
+    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
+    assert_redirected_to :protocol => 'https://'
+  end
+
+  should 'not redirect to SSL if already on SSL' do
+    @request.expects(:ssl?).returns(true).at_least_once
+    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :public_article => false)
+    login_as('testinguser')
+    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
+    assert_response :success
+  end
  
   should 'not show link to publication on view if not on person profile' do
     prof = Community.create!(:name => 'test comm', :identifier => 'test_comm')
@@ -8,6 +8,7 @@ class EnterpriseEditorControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = EnterpriseEditorController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
  
@@ -11,6 +11,7 @@ all_fixtures
   def setup
     @controller = EnterpriseRegistrationController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as 'ze'
   end
@@ -11,6 +11,7 @@ class EnterpriseValidationControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = EnterpriseValidationController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     login_as 'ze'
@@ -10,6 +10,7 @@ class FavoriteEnterprisesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FavoriteEnterprisesController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
@@ -10,6 +10,7 @@ class FriendsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FriendsController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
@@ -7,6 +7,7 @@ class MailconfControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MailconfController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     MailConf.stubs(:enabled?).returns(true)
@@ -9,6 +9,7 @@ class ManageProductsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ManageProductsController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @enterprise = Enterprise.create(:name => 'teste', :identifier => 'test_ent')
     @user = create_user_with_permission('test_user', 'manage_products', @enterprise)
@@ -12,6 +12,7 @@ class MembershipsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MembershipsController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     @profile = create_user('testuser').person
@@ -17,6 +17,7 @@ class MyProfileControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MyProfileController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
  
@@ -46,4 +47,13 @@ class MyProfileControllerTest &lt; Test::Unit::TestCase
     assert_response 403 # forbidden
   end
  
+  should 'require ssl' do
+    @controller = OnlyForPersonTestController.new
+    org = Organization.create!(:identifier => 'hacking_institute', :name => 'Hacking Institute')
+
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :index, :profile => 'hacking_institute'
+    assert_redirected_to :protocol => 'https://'
+  end
+
 end
@@ -9,6 +9,7 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileDesignController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     @holder = create_user('designtestuser').person
@@ -10,6 +10,7 @@ class ProfileEditorControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileEditorController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as('ze')
     @profile = Person['ze']
@@ -8,6 +8,7 @@ class ProfileMembersControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileMembersController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
  
@@ -6,15 +6,23 @@ class PublicController; def rescue_action(e) raise e end; end
  
 class PublicControllerTest < Test::Unit::TestCase
  
+  class TestingPublicStuffController < PublicController
+    def index
+      render :text => 'test', :layout => false
+    end
+  end
+
   def setup
-    @controller = PublicController.new
+    @controller = TestingPublicStuffController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
  
   # Replace this with your real tests.
-  def test_truth
-    assert true
+  should 'refuse SSL' do
+    get :index
+    assert_redirected_to :protocol => 'http://'
   end
  
 end
@@ -10,6 +10,7 @@ class TasksControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = TasksController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
@@ -8,6 +8,7 @@ class ThemesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ThemesController.new
     @request    = ActionController::TestRequest.new
+    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     Theme.stubs(:user_themes_dir).returns(TMP_THEMES_DIR)
@@ -2,6 +2,10 @@ require &quot;#{File.dirname(__FILE__)}/../test_helper&quot;
  
 class ForgotPasswordTest < ActionController::IntegrationTest
  
+  def setup
+    ActionController::Integration::Session.any_instance.stubs(:https?).returns(true)
+  end
+
   def test_forgot_password
  
     User.destroy_all
 require "#{File.dirname(__FILE__)}/../test_helper"
  
-class AccountTest < ActionController::IntegrationTest
+class SignupTest < ActionController::IntegrationTest
   all_fixtures
  
+  def setup
+    ActionController::Integration::Session.any_instance.stubs(:https?).returns(true)
+  end
+
   def test_should_require_acceptance_of_terms_for_signup
     Environment.default.update_attributes(:terms_of_use => 'You agree to not be annoying.')
  
@@ -9,6 +9,11 @@ class UserRegistersAtTheApplicationTest &lt; ActionController::IntegrationTest
     assert_can_signup
  
     get '/account/signup'
+
+    # going SSL
+    assert_response :redirect
+    follow_redirect!
+
     assert_response :success
  
     post '/account/signup', :user => { :login => 'mylogin', :password => 'mypassword', :password_confirmation => 'mypassword', :email => 'mylogin@example.com' }
@@ -30,6 +35,11 @@ class UserRegistersAtTheApplicationTest &lt; ActionController::IntegrationTest
     assert_can_signup
  
     get '/account/signup'
+
+    # going SSL
+    assert_response :redirect
+    follow_redirect!
+
     assert_response :success
  
     post '/account/signup', :user => { :login => 'ze', :password => 'mypassword', :password_confirmation => 'mypassword', :email => 'mylogin@example.com' }
@@ -39,4 +39,20 @@ class TestController &lt; ApplicationController
     '
   end
  
+  require_ssl :only => 'sslonly'
+  def sslonly
+    render :text => 'this should be seen only on SSL', :layout => false
+  end
+  def doesnt_need_ssl
+    render :text => 'this should be seen even without SSL', :layout => false
+  end
+
+  refuse_ssl :only => 'nossl'
+  def nossl
+    render :text => 'this should not be seen over SSL', :layout => false
+  end
+  def doesnt_refuse_ssl
+    render :text => 'this should be seen over SSL or not, whatever', :layout => false
+  end
+
 end
@@ -239,6 +239,8 @@ class ActionController::IntegrationTest
  
  
   def login(username, password)
+    ActionController::Integration::Session.any_instance.stubs(:https?).returns(true)
+
     post '/account/login', :user => { :login => username, :password => password }
     assert_response :redirect
     follow_redirect!
...	...	@@ -30,6 +30,22 @@ class ApplicationController < ActionController::Base
30	30	include AuthenticatedSystem
31	31	include PermissionCheck
32	32
	33	+ def self.require_ssl(*options)
	34	+ before_filter :check_ssl, *options
	35	+ end
	36	+ def check_ssl
	37	+ return true if (request.ssl? \|\| ENV['RAILS_ENV'] == 'development')
	38	+ redirect_to :protocol => 'https://'
	39	+ end
	40	+
	41	+ def self.refuse_ssl(*options)
	42	+ before_filter :avoid_ssl, *options
	43	+ end
	44	+ def avoid_ssl
	45	+ return true if (!request.ssl? \|\| ENV['RAILS_ENV'] == 'development')
	46	+ redirect_to :protocol => 'http://'
	47	+ end
	48	+
33	49	before_init_gettext :maybe_save_locale
34	50	after_init_gettext :check_locale
35	51	init_gettext 'noosfero'
...	...
...	...	@@ -165,7 +165,7 @@ class CmsController < MyProfileController
165	165
166	166	def record_coming_from_public_view
167	167	referer = request.referer
168		- if (referer == url_for(@article.url)) \|\| (@article == @profile.home_page && referer == url_for(@profile.url))
	168	+ if (maybe_ssl(url_for(@article.url)).include?(referer)) \|\| (@article == @profile.home_page && maybe_ssl(url_for(@profile.url)).include?(referer))
169	169	@back_to = 'public_view'
170	170	@back_url = @article.url
171	171	end
...	...	@@ -173,11 +173,15 @@ class CmsController < MyProfileController
173	173
174	174	def record_creating_from_public_view
175	175	referer = request.referer
176		- if (referer =~ Regexp.new("^#{url_for(profile.url)}"))
	176	+ if (referer =~ Regexp.new("^#{(url_for(profile.url).sub('https:', 'https?:'))}"))
177	177	@back_to = 'public_view'
178	178	@back_url = referer
179	179	end
180	180	end
181	181
	182	+ def maybe_ssl(url)
	183	+ [url, url.sub('https:', 'http:')]
	184	+ end
	185	+
182	186	end
183	187
...	...
...	...	@@ -2,6 +2,8 @@ class MyProfileController < ApplicationController
2	2
3	3	needs_profile
4	4
	5	+ require_ssl
	6	+
5	7	# declares that the controller needs an specific type of profile. Example:
6	8	#
7	9	# class PersonDetailControlles < ProfileAdminController
...	...
1		-class AccountController < PublicController
	1	+class AccountController < ApplicationController
2	2
3	3	inverse_captcha :field => 'e_mail'
4	4
	5	+ require_ssl :except => [ :login_popup ]
	6	+
5	7	# say something nice, you goof! something sweet.
6	8	def index
7	9	unless logged_in?
...	...
1		-class CatalogController < ApplicationController
	1	+class CatalogController < PublicController
2	2	needs_profile
3	3	before_filter :check_enterprise_and_environment
4	4
...	...
1		-class ContentViewerController < PublicController
	1	+class ContentViewerController < ApplicationController
2	2
3	3	needs_profile
4	4
...	...	@@ -28,6 +28,11 @@ class ContentViewerController < PublicController
28	28	end
29	29	end
30	30
	31	+ if !@page.public? && !request.ssl?
	32	+ redirect_to :protocol => 'https://'
	33	+ return
	34	+ end
	35	+
31	36	if !@page.display_to?(user)
32	37	# FIXME find a nice "access denied" layout
33	38	render :action => 'access_denied', :status => 403, :layout => false
...	...
1	1	class EnterpriseRegistrationController < ApplicationController
2	2
	3	+ require_ssl
	4	+
3	5	before_filter :login_required
4	6
5	7	# Just go to the first step.
...	...
1		-class ProfileController < ApplicationController
	1	+class ProfileController < PublicController
2	2
3	3	needs_profile
4	4	before_filter :check_access_to_profile
...	...
1		-class SearchController < ApplicationController
	1	+class SearchController < PublicController
2	2
3	3	helper TagsHelper
4	4
...	...
1		-class TagController < ApplicationController
	1	+class TagController < PublicController
2	2
3	3	end
...	...