Remove SSL support

Besides nobody using it, the implementataion is really crappy so we are better without it.

Remove SSL support
Besides nobody using it, the implementataion is really crappy so we are better without it.
Antonio Terceiro
1 parent 4488de24
Showing 42 changed files with 7 additions and 388 deletions Show diff stats
app/controllers/admin_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/enterprise_registration_controller.rb
app/controllers/public_controller.rb
app/helpers/application_helper.rb
app/models/environment.rb
test/functional/account_controller_test.rb
test/functional/admin_controller_test.rb
test/functional/admin_panel_controller_test.rb
test/functional/application_controller_test.rb
test/functional/browse_controller_test.rb
test/functional/categories_controller_test.rb
test/functional/cms_controller_test.rb
test/functional/content_viewer_controller_test.rb
test/functional/edit_template_controller_test.rb
test/functional/enterprise_registration_controller_test.rb
 class AdminController < ApplicationController
-  require_ssl
 end
@@ -42,34 +42,6 @@ class ApplicationController &lt; ActionController::Base
   include AuthenticatedSystem
   include PermissionCheck
  
-  def self.require_ssl(*options)
-    before_filter :check_ssl, *options
-  end
-  def check_ssl
-    return true if (request.ssl? || ENV['RAILS_ENV'] == 'development')
-    redirect_to_ssl
-  end
-  def redirect_to_ssl
-    if environment.enable_ssl
-      redirect_to(params.merge(:protocol => 'https://', :host => ssl_hostname))
-      true
-    else
-      false
-    end
-  end
-
-  def self.refuse_ssl(*options)
-    before_filter :avoid_ssl, *options
-  end
-  def avoid_ssl
-    if (!request.ssl? || ENV['RAILS_ENV'] == 'development')
-      true
-    else
-      redirect_to(params.merge(:protocol => 'http://'))
-      false
-    end
-  end
-
   before_filter :set_locale
   def set_locale
     FastGettext.available_locales = Noosfero.available_locales
@@ -23,15 +23,6 @@ class CmsController &lt; MyProfileController
     profile.articles.find(c.params[:id]).allow_post_content?(user)
   end
  
-  alias :check_ssl_orig :check_ssl
-  # Redefines the SSL checking to avoid requiring SSL when creating the "New
-  # publication" button on article's public view.
-  def check_ssl
-    if ((params[:action] == 'new') && (!request.xhr?)) || (params[:action] != 'new')
-      check_ssl_orig
-    end
-  end
-
   def boxes_holder
     profile
   end
@@ -341,10 +332,6 @@ class CmsController &lt; MyProfileController
     end
   end
  
-  def maybe_ssl(url)
-    [url, url.sub('https:', 'http:')]
-  end
-
   def valid_article_type?(type)
     (available_article_types + special_article_types).map {|item| item.name}.include?(type)
   end
@@ -2,7 +2,6 @@ class MyProfileController &lt; ApplicationController
  
   needs_profile
  
-  require_ssl
  
   before_filter :login_required
  
@@ -4,7 +4,6 @@ class AccountController &lt; ApplicationController
  
   inverse_captcha :field => 'e_mail'
  
-  require_ssl :except => [ :login_popup, :logout_popup, :profile_details ]
  
   before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
@@ -33,14 +33,6 @@ class ContentViewerController &lt; ApplicationController
       end
     end
  
-    if !@page.public? && !request.ssl?
-      return if redirect_to_ssl
-    end
-
-    if @page.public?
-      return unless avoid_ssl
-    end
-
     if !@page.display_to?(user)
       if profile.display_info_to?(user) || !profile.visible?
         message = _('You are not allowed to view this content. You can contact the owner of this profile to request access then.')
 class EnterpriseRegistrationController < ApplicationController
  
-  require_ssl
  
   before_filter :login_required
  
 class PublicController < ApplicationController
-  refuse_ssl
 end
@@ -876,18 +876,11 @@ module ApplicationHelper
  
   def login_url
     options = Noosfero.url_options.merge({ :controller => 'account', :action => 'login' })
-    if environment.enable_ssl && (ENV['RAILS_ENV'] != 'development')
-      options.merge!(:protocol => 'https://', :host => ssl_hostname)
-    end
     url_for(options)
   end
  
-  def ssl_hostname
-    environment.default_hostname
-  end
-
   def base_url
-    environment.top_url(request.ssl?)
+    environment.top_url
   end
  
   def helper_for_article(article)
@@ -208,7 +208,6 @@ class Environment &lt; ActiveRecord::Base
   settings_items :layout_template, :type => String, :default => 'default'
   settings_items :homepage, :type => String
   settings_items :description, :type => String, :default => '<div style="text-align: center"><a href="http://noosfero.org/"><img src="/images/noosfero-network.png" alt="Noosfero"/></a></div>'
-  settings_items :enable_ssl
   settings_items :local_docs, :type => Array, :default => []
   settings_items :news_amount_by_folder, :type => Integer, :default => 4
   settings_items :help_message_to_add_enterprise, :type => String, :default => ''
@@ -526,8 +525,8 @@ class Environment &lt; ActiveRecord::Base
     end
   end
  
-  def top_url(ssl = false)
-    protocol = (ssl ? 'https' : 'http')
+  def top_url
+    protocol = 'http'
     result = "#{protocol}://#{default_hostname}"
     if Noosfero.url_options.has_key?(:port)
       result << ':' << Noosfero.url_options[:port].to_s
@@ -15,8 +15,6 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     @controller = AccountController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-
-    @request.stubs(:ssl?).returns(true)
   end
  
   def test_local_files_reference
@@ -593,38 +591,6 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     assert_equal 1, assigns(:user).person.boxes[0].blocks.size
   end
  
-  should 'force ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :index
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'alllow login_popup without SSL' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :login_popup
-    assert_response :success
-  end
-
-  should 'allow logout_popup without SSL' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :logout_popup
-    assert_response :success
-  end
-
-  should 'point to SSL URL in login popup' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    get :login_popup
-    assert_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
-  end
-
-  should 'not point to SSL URL in login popup when in development mode' do
-    @request.stubs(:ssl?).returns(false)
-    ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
-    get :login_popup
-    assert_no_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
-  end
-
   should 'render person partial' do
     Environment.any_instance.expects(:signup_person_fields).returns(['contact_phone']).at_least_once
     get :signup
@@ -6,28 +6,8 @@ class AdminController; def rescue_action(e) raise e end; end
  
 class AdminControllerTest < Test::Unit::TestCase
  
-  class AdminTestController < AdminController
-    def index
-      render :text => 'ok', :layout => 'application'
-    end
-  end
-
-  def setup
-    @controller = AdminTestController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
-  end
-
-  should 'require ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    get :index
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'detect ssl' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :index
-    assert_response :success
+  should 'inherit from ApplicationController' do
+    assert_kind_of ApplicationController, AdminController.new
   end
  
 end
@@ -10,7 +10,6 @@ class AdminPanelControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = AdminPanelController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as(create_admin_user(Environment.default))
   end
@@ -252,99 +252,6 @@ class ApplicationControllerTest &lt; Test::Unit::TestCase
     get :index
   end
  
-  should 'require ssl when told to' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'not force ssl in development mode' do
-    ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly
-    assert_response :success
-  end
-
-  should 'not force ssl when not told to' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :doesnt_need_ssl
-    assert_response :success
-  end
-
-  should 'not force ssl when already in ssl' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :sslonly
-    assert_response :success
-  end
-
-  should 'keep arguments when redirecting to ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly, :x => '1', :y => '2'
-    assert_redirected_to :protocol => 'https://', :x => '1', :y => '2'
-  end
-
-  should 'refuse ssl when told to' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :nossl
-    assert_redirected_to :protocol => "http://"
-  end
-
-  should 'not refuse ssl when not told to' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :doesnt_refuse_ssl
-    assert_response :success
-  end
-  should 'not refuse ssl while in development mode' do
-    ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :nossl
-    assert_response :success
-  end
-  should 'not refuse ssl when not in ssl' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :nossl
-    assert_response :success
-  end
-
-  should 'keep arguments when redirecting to non-ssl' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :nossl, :x => '1', :y => '2'
-    assert_redirected_to :protocol => 'http://', :x => '1', :y => '2'
-  end
-
-  should 'add https protocols on redirect_to_ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    get :sslonly, :x => '1', :y => '1'
-    assert_redirected_to :x => '1', :y => '1', :protocol => 'https://'
-  end
-
-  should 'return true in redirect_to_ssl' do
-    env = mock
-    env.expects(:enable_ssl).returns(true)
-    env.stubs(:default_hostname).returns('test.mydomain.net')
-    @controller.stubs(:environment).returns(env)
-    @controller.expects(:params).returns({})
-    @controller.expects(:redirect_to).with({:protocol => 'https://', :host => 'test.mydomain.net'})
-    assert_equal true, @controller.redirect_to_ssl
-  end
-  should 'return false in redirect_to_ssl when ssl is disabled' do
-    env = mock
-    env.expects(:enable_ssl).returns(false)
-    @controller.expects(:environment).returns(env)
-    assert_equal false, @controller.redirect_to_ssl
-  end
-
-  should 'not force ssl when ssl is disabled' do
-    env = Environment.default
-    env.expects(:enable_ssl).returns(false)
-    @controller.stubs(:environment).returns(env)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly
-    assert_response :success
-  end
-
   should 'not display categories menu if categories feature disabled' do
     Environment.any_instance.stubs(:enabled?).with(anything).returns(true)
     c1 = Environment.default.categories.create!(:name => 'Category 1', :display_color => 1, :parent => nil, :display_in_menu => true )
@@ -403,17 +310,6 @@ class ApplicationControllerTest &lt; Test::Unit::TestCase
     assert_no_tag :tag => 'div', :attributes => {:id => 'block-' + b.id.to_s}
   end
  
-  should 'return false when not avoid ssl' do
-    req = mock
-    req.stubs(:ssl?).returns(true)
-
-    @controller.expects(:request).returns(req)
-    @controller.stubs(:params).returns({})
-    @controller.stubs(:redirect_to)
-
-    assert_equal false, @controller.avoid_ssl
-  end
-
   should 'diplay name of environment in description' do
     get :index
     assert_tag :tag => 'meta', :attributes => { :name => 'description', :content => assigns(:environment).name }
@@ -9,7 +9,6 @@ class BrowseControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = BrowseController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(false)
     @response   = ActionController::TestResponse.new
  
     # By pass user validation on person creation
@@ -9,7 +9,6 @@ class CategoriesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = CategoriesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     @env = fast_create(Environment, :name => "My test environment")
@@ -11,7 +11,6 @@ class CmsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = CmsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     @profile = create_user_with_permission('testinguser', 'post_content')
@@ -759,33 +758,6 @@ class CmsControllerTest &lt; Test::Unit::TestCase
     end
   end
  
-  should 'require ssl in general' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :index, :profile => 'testinguser'
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'accept ajax connections to new action without ssl' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    xml_http_request :get, :new, :profile => 'testinguser'
-    assert_response :success
-  end
-
-  should 'not loose type argument in new action when redirecting to ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :new, :profile => 'testinguser', :type => 'Folder'
-    assert_redirected_to :protocol => 'https://', :action => 'new', :type => 'Folder'
-  end
-
-  should 'not accept non-ajax connections to new action without ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :new, :profile => 'testinguser'
-    assert_redirected_to :protocol => 'https://'
-  end
-
   should 'display categories if environment disable_categories disabled' do
     Environment.any_instance.stubs(:enabled?).with(anything).returns(false)
     a = profile.articles.create!(:name => 'test')
@@ -316,7 +316,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     community.add_member(profile)
     login_as(profile.identifier)
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => community.identifier, :page => [ folder.path ]
  
     assert_template 'access_denied.rhtml'
@@ -329,7 +328,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
  
     login_as(profile.identifier)
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => community.identifier, :page => [ 'test' ]
     assert_response :success
   end
@@ -341,7 +339,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
  
     login_as(profile.identifier)
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => community.identifier, :page => [ 'test' ]
     assert_response :success
   end
@@ -400,7 +397,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
     intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false)
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'access_denied.rhtml'
@@ -411,7 +407,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
     intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false)
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'access_denied.rhtml'
@@ -424,7 +419,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile.affiliate(person, Profile::Roles.member(profile.environment.id))
     login_as('test_user')
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'access_denied.rhtml'
@@ -437,7 +431,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile.affiliate(person, Profile::Roles.moderator(profile.environment.id))
     login_as('test_user')
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'view_page'
@@ -450,7 +443,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile.affiliate(person, Profile::Roles.admin(profile.environment.id))
     login_as('test_user')
  
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
     assert_template 'view_page'
@@ -473,28 +465,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     assert_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + profile.identifier + '/cms/publish/' + page.id.to_s)}
   end
  
-  should 'require SSL for viewing non-public articles' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :published => false)
-    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
-    assert_redirected_to :protocol => 'https://', :profile => 'testinguser', :page => [ 'myarticle' ]
-  end
-
-  should 'avoid SSL for viewing public articles' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :published => true)
-    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
-    assert_redirected_to :protocol => 'http://', :profile => 'testinguser', :page => [ 'myarticle' ]
-  end
-
-  should 'not redirect to SSL if already on SSL' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :published => false)
-    login_as('testinguser')
-    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
-    assert_response :success
-  end
-  
   should 'not show link to publication on view if not on person profile' do
     prof = Community.create!(:name => 'test comm', :identifier => 'test_comm')
     page = prof.articles.create!(:name => 'myarticle', :body => 'the body of the text')
@@ -506,14 +476,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     assert_no_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + prof.identifier + '/cms/publish/' + page.id.to_s)}
   end
  
-  should 'deny access before trying SSL when SSL is disabled' do
-    @controller.expects(:redirect_to_ssl).returns(false)
-    profile = create_user('testuser', {}, :visible => false).person
-
-    get :view_page, :profile => 'testuser', :page => profile.home_page.explode_path
-    assert_response 403
-  end
-
   should 'redirect to new article path under an old path' do
     p = create_user('test_user').person
     a = p.articles.create(:name => 'old-name')
@@ -11,7 +11,6 @@ class EditTemplateControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = EditTemplateController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as 'ze'
   end
@@ -11,7 +11,6 @@ all_fixtures
   def setup
     @controller = EnterpriseRegistrationController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as 'ze'
   end
@@ -11,7 +11,6 @@ class EnterpriseValidationControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = EnterpriseValidationController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     login_as 'ze'
@@ -10,7 +10,6 @@ class FavoriteEnterprisesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FavoriteEnterprisesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
@@ -10,7 +10,6 @@ class FeaturesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FeaturesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as(create_admin_user(Environment.find(2)))
   end
@@ -10,7 +10,6 @@ class FriendsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FriendsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
@@ -7,7 +7,6 @@ class MailconfControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MailconfController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     MailConf.stubs(:enabled?).returns(true)
@@ -9,7 +9,6 @@ class ManageProductsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ManageProductsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @enterprise = fast_create(Enterprise, :name => 'teste', :identifier => 'test_ent')
     @user = create_user_with_permission('test_user', 'manage_products', @enterprise)
@@ -12,7 +12,6 @@ class MembershipsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MembershipsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     @profile = create_user('testuser').person
@@ -17,7 +17,6 @@ class MyProfileControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MyProfileController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
  
@@ -10,7 +10,6 @@ class PluginsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = PluginsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @environment = Environment.default
     login_as(create_admin_user(@environment))
@@ -17,7 +17,6 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileDesignController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     @profile = @holder = create_user('designtestuser').person
@@ -10,7 +10,6 @@ class ProfileEditorControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileEditorController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @profile = create_user('default_user').person
     Environment.default.affiliate(@profile, [Environment::Roles.admin(Environment.default.id)] + Profile::Roles.all_roles(Environment.default.id))
@@ -8,7 +8,6 @@ class ProfileMembersControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileMembersController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
  
@@ -6,23 +6,8 @@ class PublicController; def rescue_action(e) raise e end; end
  
 class PublicControllerTest < Test::Unit::TestCase
  
-  class TestingPublicStuffController < PublicController
-    def index
-      render :text => 'test', :layout => false
-    end
-  end
-
-  def setup
-    @controller = TestingPublicStuffController.new
-    @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
-    @response   = ActionController::TestResponse.new
-  end
-
-  # Replace this with your real tests.
-  should 'refuse SSL' do
-    get :index
-    assert_redirected_to :protocol => 'http://'
+  should 'inherit from ApplicationController' do
+    assert_kind_of ApplicationController, PublicController.new
   end
  
 end
@@ -9,7 +9,6 @@ class RegionValidatorsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = RegionValidatorsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as('ze')
   end
@@ -10,7 +10,6 @@ class RoleControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = RoleController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @role = Role.find(:first)
     login_as(:ze)
@@ -10,7 +10,6 @@ class TasksControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = TasksController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
@@ -8,7 +8,6 @@ class ThemesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ThemesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
  
     Theme.stubs(:user_themes_dir).returns(TMP_THEMES_DIR)
@@ -10,7 +10,6 @@ class UsersControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = UsersController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
  
@@ -4,8 +4,6 @@ class LoginToTheApplicationTest &lt; ActionController::IntegrationTest
   fixtures :users, :environments, :profiles
  
   def test_unauthenticated_user_tries_to_access_his_control_panel
-    Environment.any_instance.stubs(:enable_ssl).returns(false) # ignore SSL for this test 
-
     get '/myprofile/ze'
     assert_redirected_to '/account/login'
  
@@ -39,20 +39,4 @@ class TestController &lt; ApplicationController
     '
   end
  
-  require_ssl :only => 'sslonly'
-  def sslonly
-    render :text => 'this should be seen only on SSL', :layout => false
-  end
-  def doesnt_need_ssl
-    render :text => 'this should be seen even without SSL', :layout => false
-  end
-
-  refuse_ssl :only => 'nossl'
-  def nossl
-    render :text => 'this should not be seen over SSL', :layout => false
-  end
-  def doesnt_refuse_ssl
-    render :text => 'this should be seen over SSL or not, whatever', :layout => false
-  end
-
 end
@@ -199,30 +199,6 @@ class ApplicationHelperTest &lt; ActiveSupport::TestCase
     assert_equal '/designs/templates/mytemplate/stylesheets/style.css', template_stylesheet_path
   end
  
-  should 'use https:// for login_url' do
-    environment = Environment.default
-    environment.update_attribute(:enable_ssl, true)
-    environment.domains << Domain.new(:name => "test.domain.net", :is_default => true)
-    stubs(:environment).returns(environment)
-
-    stubs(:url_for).with(has_entries(:protocol => 'https://', :host => 'test.domain.net')).returns('LALALA')
-
-    assert_equal 'LALALA', login_url
-  end
-
-  should 'not force ssl in login_url when environment has ssl disabled' do
-    environment = mock
-    environment.expects(:enable_ssl).returns(false).at_least_once
-    stubs(:environment).returns(environment)
-    request = mock
-    request.stubs(:host).returns('localhost')
-    stubs(:request).returns(request)
-
-    expects(:url_for).with(has_entries(:protocol => 'https://')).never
-    expects(:url_for).with(has_key(:controller)).returns("LALALA")
-    assert_equal "LALALA", login_url
-  end
-
   should 'return nil if disable_categories is enabled' do
     env = fast_create(Environment, :name => 'env test')
     stubs(:environment).returns(env)
@@ -241,12 +241,6 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     assert_equal 'http://www.lalala.net:9999', env.top_url
   end
  
-  should 'use https when asked for a ssl url' do
-    env = Environment.new
-    env.expects(:default_hostname).returns('www.lalala.net')
-    assert_equal 'https://www.lalala.net', env.top_url(true)
-  end
-
   should 'provide an approval_method setting' do
     env = Environment.new
  
@@ -532,16 +526,6 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     assert_equal enterprise, e.enterprise_template
   end
  
-  should 'not enable ssl by default' do
-    e = Environment.new
-    assert !e.enable_ssl
-  end
-
-  should 'be able to enable ssl' do
-    e = Environment.new(:enable_ssl => true)
-    assert_equal true, e.enable_ssl
-  end
-
   should 'have a layout template' do
     e = Environment.new(:layout_template => 'mytemplate')
     assert_equal 'mytemplate', e.layout_template
1	1	class AdminController < ApplicationController
2		- require_ssl
3	2	end
...	...
...	...	@@ -42,34 +42,6 @@ class ApplicationController < ActionController::Base
42	42	include AuthenticatedSystem
43	43	include PermissionCheck
44	44
45		- def self.require_ssl(*options)
46		- before_filter :check_ssl, *options
47		- end
48		- def check_ssl
49		- return true if (request.ssl? \|\| ENV['RAILS_ENV'] == 'development')
50		- redirect_to_ssl
51		- end
52		- def redirect_to_ssl
53		- if environment.enable_ssl
54		- redirect_to(params.merge(:protocol => 'https://', :host => ssl_hostname))
55		- true
56		- else
57		- false
58		- end
59		- end
60		-
61		- def self.refuse_ssl(*options)
62		- before_filter :avoid_ssl, *options
63		- end
64		- def avoid_ssl
65		- if (!request.ssl? \|\| ENV['RAILS_ENV'] == 'development')
66		- true
67		- else
68		- redirect_to(params.merge(:protocol => 'http://'))
69		- false
70		- end
71		- end
72		-
73	45	before_filter :set_locale
74	46	def set_locale
75	47	FastGettext.available_locales = Noosfero.available_locales
...	...
...	...	@@ -23,15 +23,6 @@ class CmsController < MyProfileController
23	23	profile.articles.find(c.params[:id]).allow_post_content?(user)
24	24	end
25	25
26		- alias :check_ssl_orig :check_ssl
27		- # Redefines the SSL checking to avoid requiring SSL when creating the "New
28		- # publication" button on article's public view.
29		- def check_ssl
30		- if ((params[:action] == 'new') && (!request.xhr?)) \|\| (params[:action] != 'new')
31		- check_ssl_orig
32		- end
33		- end
34		-
35	26	def boxes_holder
36	27	profile
37	28	end
...	...	@@ -341,10 +332,6 @@ class CmsController < MyProfileController
341	332	end
342	333	end
343	334
344		- def maybe_ssl(url)
345		- [url, url.sub('https:', 'http:')]
346		- end
347		-
348	335	def valid_article_type?(type)
349	336	(available_article_types + special_article_types).map {\|item\| item.name}.include?(type)
350	337	end
...	...
...	...	@@ -2,7 +2,6 @@ class MyProfileController < ApplicationController
2	2
3	3	needs_profile
4	4
5		- require_ssl
6	5
7	6	before_filter :login_required
8	7
...	...
...	...	@@ -4,7 +4,6 @@ class AccountController < ApplicationController
4	4
5	5	inverse_captcha :field => 'e_mail'
6	6
7		- require_ssl :except => [ :login_popup, :logout_popup, :profile_details ]
8	7
9	8	before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
10	9	before_filter :redirect_if_logged_in, :only => [:login, :signup]
...	...
...	...	@@ -33,14 +33,6 @@ class ContentViewerController < ApplicationController
33	33	end
34	34	end
35	35
36		- if !@page.public? && !request.ssl?
37		- return if redirect_to_ssl
38		- end
39		-
40		- if @page.public?
41		- return unless avoid_ssl
42		- end
43		-
44	36	if !@page.display_to?(user)
45	37	if profile.display_info_to?(user) \|\| !profile.visible?
46	38	message = _('You are not allowed to view this content. You can contact the owner of this profile to request access then.')
...	...
1	1	class EnterpriseRegistrationController < ApplicationController
2	2
3		- require_ssl
4	3
5	4	before_filter :login_required
6	5
...	...
1	1	class PublicController < ApplicationController
2		- refuse_ssl
3	2	end
...	...
...	...	@@ -876,18 +876,11 @@ module ApplicationHelper
876	876
877	877	def login_url
878	878	options = Noosfero.url_options.merge({ :controller => 'account', :action => 'login' })
879		- if environment.enable_ssl && (ENV['RAILS_ENV'] != 'development')
880		- options.merge!(:protocol => 'https://', :host => ssl_hostname)
881		- end
882	879	url_for(options)
883	880	end
884	881
885		- def ssl_hostname
886		- environment.default_hostname
887		- end
888		-
889	882	def base_url
890		- environment.top_url(request.ssl?)
	883	+ environment.top_url
891	884	end
892	885
893	886	def helper_for_article(article)
...	...
...	...	@@ -208,7 +208,6 @@ class Environment < ActiveRecord::Base
208	208	settings_items :layout_template, :type => String, :default => 'default'
209	209	settings_items :homepage, :type => String
210	210	settings_items :description, :type => String, :default => '<div style="text-align: center"><a href="http://noosfero.org/"><img src="/images/noosfero-network.png" alt="Noosfero"/></a></div>'
211		- settings_items :enable_ssl
212	211	settings_items :local_docs, :type => Array, :default => []
213	212	settings_items :news_amount_by_folder, :type => Integer, :default => 4
214	213	settings_items :help_message_to_add_enterprise, :type => String, :default => ''
...	...	@@ -526,8 +525,8 @@ class Environment < ActiveRecord::Base
526	525	end
527	526	end
528	527
529		- def top_url(ssl = false)
530		- protocol = (ssl ? 'https' : 'http')
	528	+ def top_url
	529	+ protocol = 'http'
531	530	result = "#{protocol}://#{default_hostname}"
532	531	if Noosfero.url_options.has_key?(:port)
533	532	result << ':' << Noosfero.url_options[:port].to_s
...	...