Remove SSL support

Besides nobody using it, the implementataion is really crappy so we are better without it.

Remove SSL support
Besides nobody using it, the implementataion is really crappy so we are better without it.
Antonio Terceiro
1 parent 4488de24
Showing 42 changed files with 7 additions and 388 deletions Show diff stats
app/controllers/admin_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/enterprise_registration_controller.rb
app/controllers/public_controller.rb
app/helpers/application_helper.rb
app/models/environment.rb
test/functional/account_controller_test.rb
test/functional/admin_controller_test.rb
test/functional/admin_panel_controller_test.rb
test/functional/application_controller_test.rb
test/functional/browse_controller_test.rb
test/functional/categories_controller_test.rb
test/functional/cms_controller_test.rb
test/functional/content_viewer_controller_test.rb
test/functional/edit_template_controller_test.rb
test/functional/enterprise_registration_controller_test.rb
 class AdminController < ApplicationController
-  require_ssl
 end
@@ -42,34 +42,6 @@ class ApplicationController &lt; ActionController::Base
   include AuthenticatedSystem
   include PermissionCheck
-  def self.require_ssl(*options)
-    before_filter :check_ssl, *options
-  end
-  def check_ssl
-    return true if (request.ssl? || ENV['RAILS_ENV'] == 'development')
-    redirect_to_ssl
-  end
-  def redirect_to_ssl
-    if environment.enable_ssl
-      redirect_to(params.merge(:protocol => 'https://', :host => ssl_hostname))
-      true
-    else
-      false
-    end
-  end
-
-  def self.refuse_ssl(*options)
-    before_filter :avoid_ssl, *options
-  end
-  def avoid_ssl
-    if (!request.ssl? || ENV['RAILS_ENV'] == 'development')
-      true
-    else
-      redirect_to(params.merge(:protocol => 'http://'))
-      false
-    end
-  end
-
   before_filter :set_locale
   def set_locale
     FastGettext.available_locales = Noosfero.available_locales
@@ -23,15 +23,6 @@ class CmsController &lt; MyProfileController
     profile.articles.find(c.params[:id]).allow_post_content?(user)
   end
-  alias :check_ssl_orig :check_ssl
-  # Redefines the SSL checking to avoid requiring SSL when creating the "New
-  # publication" button on article's public view.
-  def check_ssl
-    if ((params[:action] == 'new') && (!request.xhr?)) || (params[:action] != 'new')
-      check_ssl_orig
-    end
-  end
-
   def boxes_holder
     profile
   end
@@ -341,10 +332,6 @@ class CmsController &lt; MyProfileController
     end
   end
-  def maybe_ssl(url)
-    [url, url.sub('https:', 'http:')]
-  end
-
   def valid_article_type?(type)
     (available_article_types + special_article_types).map {|item| item.name}.include?(type)
   end
@@ -2,7 +2,6 @@ class MyProfileController &lt; ApplicationController
   needs_profile
-  require_ssl
   before_filter :login_required
@@ -4,7 +4,6 @@ class AccountController &lt; ApplicationController
   inverse_captcha :field => 'e_mail'
-  require_ssl :except => [ :login_popup, :logout_popup, :profile_details ]
   before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
@@ -33,14 +33,6 @@ class ContentViewerController &lt; ApplicationController
       end
     end
-    if !@page.public? && !request.ssl?
-      return if redirect_to_ssl
-    end
-
-    if @page.public?
-      return unless avoid_ssl
-    end
-
     if !@page.display_to?(user)
       if profile.display_info_to?(user) || !profile.visible?
         message = _('You are not allowed to view this content. You can contact the owner of this profile to request access then.')
 class EnterpriseRegistrationController < ApplicationController
-  require_ssl
   before_filter :login_required
 class PublicController < ApplicationController
-  refuse_ssl
 end
@@ -876,18 +876,11 @@ module ApplicationHelper
   def login_url
     options = Noosfero.url_options.merge({ :controller => 'account', :action => 'login' })
-    if environment.enable_ssl && (ENV['RAILS_ENV'] != 'development')
-      options.merge!(:protocol => 'https://', :host => ssl_hostname)
-    end
     url_for(options)
   end
-  def ssl_hostname
-    environment.default_hostname
-  end
-
   def base_url
-    environment.top_url(request.ssl?)
+    environment.top_url
   end
   def helper_for_article(article)
@@ -208,7 +208,6 @@ class Environment &lt; ActiveRecord::Base
   settings_items :layout_template, :type => String, :default => 'default'
   settings_items :homepage, :type => String
   settings_items :description, :type => String, :default => '<div style="text-align: center"><a href="http://noosfero.org/"><img src="/images/noosfero-network.png" alt="Noosfero"/></a></div>'
-  settings_items :enable_ssl
   settings_items :local_docs, :type => Array, :default => []
   settings_items :news_amount_by_folder, :type => Integer, :default => 4
   settings_items :help_message_to_add_enterprise, :type => String, :default => ''
@@ -526,8 +525,8 @@ class Environment &lt; ActiveRecord::Base
     end
   end
-  def top_url(ssl = false)
-    protocol = (ssl ? 'https' : 'http')
+  def top_url
+    protocol = 'http'
     result = "#{protocol}://#{default_hostname}"
     if Noosfero.url_options.has_key?(:port)
       result << ':' << Noosfero.url_options[:port].to_s
@@ -15,8 +15,6 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     @controller = AccountController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-
-    @request.stubs(:ssl?).returns(true)
   end
   def test_local_files_reference
@@ -593,38 +591,6 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     assert_equal 1, assigns(:user).person.boxes[0].blocks.size
   end
-  should 'force ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :index
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'alllow login_popup without SSL' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :login_popup
-    assert_response :success
-  end
-
-  should 'allow logout_popup without SSL' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :logout_popup
-    assert_response :success
-  end
-
-  should 'point to SSL URL in login popup' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    get :login_popup
-    assert_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
-  end
-
-  should 'not point to SSL URL in login popup when in development mode' do
-    @request.stubs(:ssl?).returns(false)
-    ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
-    get :login_popup
-    assert_no_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
-  end
-
   should 'render person partial' do
     Environment.any_instance.expects(:signup_person_fields).returns(['contact_phone']).at_least_once
     get :signup
@@ -6,28 +6,8 @@ class AdminController; def rescue_action(e) raise e end; end
 class AdminControllerTest < Test::Unit::TestCase
-  class AdminTestController < AdminController
-    def index
-      render :text => 'ok', :layout => 'application'
-    end
-  end
-
-  def setup
-    @controller = AdminTestController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
-  end
-
-  should 'require ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    get :index
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'detect ssl' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :index
-    assert_response :success
+  should 'inherit from ApplicationController' do
+    assert_kind_of ApplicationController, AdminController.new
   end
 end
@@ -10,7 +10,6 @@ class AdminPanelControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = AdminPanelController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as(create_admin_user(Environment.default))
   end
@@ -252,99 +252,6 @@ class ApplicationControllerTest &lt; Test::Unit::TestCase
     get :index
   end
-  should 'require ssl when told to' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'not force ssl in development mode' do
-    ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly
-    assert_response :success
-  end
-
-  should 'not force ssl when not told to' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :doesnt_need_ssl
-    assert_response :success
-  end
-
-  should 'not force ssl when already in ssl' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :sslonly
-    assert_response :success
-  end
-
-  should 'keep arguments when redirecting to ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly, :x => '1', :y => '2'
-    assert_redirected_to :protocol => 'https://', :x => '1', :y => '2'
-  end
-
-  should 'refuse ssl when told to' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :nossl
-    assert_redirected_to :protocol => "http://"
-  end
-
-  should 'not refuse ssl when not told to' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :doesnt_refuse_ssl
-    assert_response :success
-  end
-  should 'not refuse ssl while in development mode' do
-    ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :nossl
-    assert_response :success
-  end
-  should 'not refuse ssl when not in ssl' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :nossl
-    assert_response :success
-  end
-
-  should 'keep arguments when redirecting to non-ssl' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    get :nossl, :x => '1', :y => '2'
-    assert_redirected_to :protocol => 'http://', :x => '1', :y => '2'
-  end
-
-  should 'add https protocols on redirect_to_ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    get :sslonly, :x => '1', :y => '1'
-    assert_redirected_to :x => '1', :y => '1', :protocol => 'https://'
-  end
-
-  should 'return true in redirect_to_ssl' do
-    env = mock
-    env.expects(:enable_ssl).returns(true)
-    env.stubs(:default_hostname).returns('test.mydomain.net')
-    @controller.stubs(:environment).returns(env)
-    @controller.expects(:params).returns({})
-    @controller.expects(:redirect_to).with({:protocol => 'https://', :host => 'test.mydomain.net'})
-    assert_equal true, @controller.redirect_to_ssl
-  end
-  should 'return false in redirect_to_ssl when ssl is disabled' do
-    env = mock
-    env.expects(:enable_ssl).returns(false)
-    @controller.expects(:environment).returns(env)
-    assert_equal false, @controller.redirect_to_ssl
-  end
-
-  should 'not force ssl when ssl is disabled' do
-    env = Environment.default
-    env.expects(:enable_ssl).returns(false)
-    @controller.stubs(:environment).returns(env)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :sslonly
-    assert_response :success
-  end
-
   should 'not display categories menu if categories feature disabled' do
     Environment.any_instance.stubs(:enabled?).with(anything).returns(true)
     c1 = Environment.default.categories.create!(:name => 'Category 1', :display_color => 1, :parent => nil, :display_in_menu => true )
@@ -403,17 +310,6 @@ class ApplicationControllerTest &lt; Test::Unit::TestCase
     assert_no_tag :tag => 'div', :attributes => {:id => 'block-' + b.id.to_s}
   end
-  should 'return false when not avoid ssl' do
-    req = mock
-    req.stubs(:ssl?).returns(true)
-
-    @controller.expects(:request).returns(req)
-    @controller.stubs(:params).returns({})
-    @controller.stubs(:redirect_to)
-
-    assert_equal false, @controller.avoid_ssl
-  end
-
   should 'diplay name of environment in description' do
     get :index
     assert_tag :tag => 'meta', :attributes => { :name => 'description', :content => assigns(:environment).name }
@@ -9,7 +9,6 @@ class BrowseControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = BrowseController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(false)
     @response   = ActionController::TestResponse.new
     # By pass user validation on person creation
@@ -9,7 +9,6 @@ class CategoriesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = CategoriesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @env = fast_create(Environment, :name => "My test environment")
@@ -11,7 +11,6 @@ class CmsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = CmsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @profile = create_user_with_permission('testinguser', 'post_content')
@@ -759,33 +758,6 @@ class CmsControllerTest &lt; Test::Unit::TestCase
     end
   end
-  should 'require ssl in general' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :index, :profile => 'testinguser'
-    assert_redirected_to :protocol => 'https://'
-  end
-
-  should 'accept ajax connections to new action without ssl' do
-    @request.expects(:ssl?).returns(false).at_least_once
-    xml_http_request :get, :new, :profile => 'testinguser'
-    assert_response :success
-  end
-
-  should 'not loose type argument in new action when redirecting to ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :new, :profile => 'testinguser', :type => 'Folder'
-    assert_redirected_to :protocol => 'https://', :action => 'new', :type => 'Folder'
-  end
-
-  should 'not accept non-ajax connections to new action without ssl' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    @request.expects(:ssl?).returns(false).at_least_once
-    get :new, :profile => 'testinguser'
-    assert_redirected_to :protocol => 'https://'
-  end
-
   should 'display categories if environment disable_categories disabled' do
     Environment.any_instance.stubs(:enabled?).with(anything).returns(false)
     a = profile.articles.create!(:name => 'test')
@@ -316,7 +316,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     community.add_member(profile)
     login_as(profile.identifier)
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => community.identifier, :page => [ folder.path ]
     assert_template 'access_denied.rhtml'
@@ -329,7 +328,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     login_as(profile.identifier)
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => community.identifier, :page => [ 'test' ]
     assert_response :success
   end
@@ -341,7 +339,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     login_as(profile.identifier)
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => community.identifier, :page => [ 'test' ]
     assert_response :success
   end
@@ -400,7 +397,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
     intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false)
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
     assert_template 'access_denied.rhtml'
@@ -411,7 +407,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
     intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false)
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
     assert_template 'access_denied.rhtml'
@@ -424,7 +419,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile.affiliate(person, Profile::Roles.member(profile.environment.id))
     login_as('test_user')
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
     assert_template 'access_denied.rhtml'
@@ -437,7 +431,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile.affiliate(person, Profile::Roles.moderator(profile.environment.id))
     login_as('test_user')
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
     assert_template 'view_page'
@@ -450,7 +443,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     profile.affiliate(person, Profile::Roles.admin(profile.environment.id))
     login_as('test_user')
-    @request.stubs(:ssl?).returns(true)
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
     assert_template 'view_page'
@@ -473,28 +465,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     assert_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + profile.identifier + '/cms/publish/' + page.id.to_s)}
   end
-  should 'require SSL for viewing non-public articles' do
-    Environment.default.update_attribute(:enable_ssl, true)
-    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :published => false)
-    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
-    assert_redirected_to :protocol => 'https://', :profile => 'testinguser', :page => [ 'myarticle' ]
-  end
-
-  should 'avoid SSL for viewing public articles' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :published => true)
-    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
-    assert_redirected_to :protocol => 'http://', :profile => 'testinguser', :page => [ 'myarticle' ]
-  end
-
-  should 'not redirect to SSL if already on SSL' do
-    @request.expects(:ssl?).returns(true).at_least_once
-    page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :published => false)
-    login_as('testinguser')
-    get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
-    assert_response :success
-  end
-  
   should 'not show link to publication on view if not on person profile' do
     prof = Community.create!(:name => 'test comm', :identifier => 'test_comm')
     page = prof.articles.create!(:name => 'myarticle', :body => 'the body of the text')
@@ -506,14 +476,6 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     assert_no_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + prof.identifier + '/cms/publish/' + page.id.to_s)}
   end
-  should 'deny access before trying SSL when SSL is disabled' do
-    @controller.expects(:redirect_to_ssl).returns(false)
-    profile = create_user('testuser', {}, :visible => false).person
-
-    get :view_page, :profile => 'testuser', :page => profile.home_page.explode_path
-    assert_response 403
-  end
-
   should 'redirect to new article path under an old path' do
     p = create_user('test_user').person
     a = p.articles.create(:name => 'old-name')
@@ -11,7 +11,6 @@ class EditTemplateControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = EditTemplateController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as 'ze'
   end
@@ -11,7 +11,6 @@ all_fixtures
   def setup
     @controller = EnterpriseRegistrationController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as 'ze'
   end
@@ -11,7 +11,6 @@ class EnterpriseValidationControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = EnterpriseValidationController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as 'ze'
@@ -10,7 +10,6 @@ class FavoriteEnterprisesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FavoriteEnterprisesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     self.profile = create_user('testuser').person
@@ -10,7 +10,6 @@ class FeaturesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FeaturesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as(create_admin_user(Environment.find(2)))
   end
@@ -10,7 +10,6 @@ class FriendsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = FriendsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     self.profile = create_user('testuser').person
@@ -7,7 +7,6 @@ class MailconfControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MailconfController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     MailConf.stubs(:enabled?).returns(true)
@@ -9,7 +9,6 @@ class ManageProductsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ManageProductsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @enterprise = fast_create(Enterprise, :name => 'teste', :identifier => 'test_ent')
     @user = create_user_with_permission('test_user', 'manage_products', @enterprise)
@@ -12,7 +12,6 @@ class MembershipsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MembershipsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @profile = create_user('testuser').person
@@ -17,7 +17,6 @@ class MyProfileControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = MyProfileController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
@@ -10,7 +10,6 @@ class PluginsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = PluginsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @environment = Environment.default
     login_as(create_admin_user(@environment))
@@ -17,7 +17,6 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileDesignController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @profile = @holder = create_user('designtestuser').person
@@ -10,7 +10,6 @@ class ProfileEditorControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileEditorController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @profile = create_user('default_user').person
     Environment.default.affiliate(@profile, [Environment::Roles.admin(Environment.default.id)] + Profile::Roles.all_roles(Environment.default.id))
@@ -8,7 +8,6 @@ class ProfileMembersControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ProfileMembersController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
@@ -6,23 +6,8 @@ class PublicController; def rescue_action(e) raise e end; end
 class PublicControllerTest < Test::Unit::TestCase
-  class TestingPublicStuffController < PublicController
-    def index
-      render :text => 'test', :layout => false
-    end
-  end
-
-  def setup
-    @controller = TestingPublicStuffController.new
-    @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
-    @response   = ActionController::TestResponse.new
-  end
-
-  # Replace this with your real tests.
-  should 'refuse SSL' do
-    get :index
-    assert_redirected_to :protocol => 'http://'
+  should 'inherit from ApplicationController' do
+    assert_kind_of ApplicationController, PublicController.new
   end
 end
@@ -9,7 +9,6 @@ class RegionValidatorsControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = RegionValidatorsController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     login_as('ze')
   end
@@ -10,7 +10,6 @@ class RoleControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = RoleController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     @role = Role.find(:first)
     login_as(:ze)
@@ -10,7 +10,6 @@ class TasksControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = TasksController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     self.profile = create_user('testuser').person
@@ -8,7 +8,6 @@ class ThemesControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = ThemesController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
     Theme.stubs(:user_themes_dir).returns(TMP_THEMES_DIR)
@@ -10,7 +10,6 @@ class UsersControllerTest &lt; Test::Unit::TestCase
   def setup
     @controller = UsersController.new
     @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(true)
     @response   = ActionController::TestResponse.new
   end
@@ -4,8 +4,6 @@ class LoginToTheApplicationTest &lt; ActionController::IntegrationTest
   fixtures :users, :environments, :profiles
   def test_unauthenticated_user_tries_to_access_his_control_panel
-    Environment.any_instance.stubs(:enable_ssl).returns(false) # ignore SSL for this test 
-
     get '/myprofile/ze'
     assert_redirected_to '/account/login'
@@ -39,20 +39,4 @@ class TestController &lt; ApplicationController
     '
   end
-  require_ssl :only => 'sslonly'
-  def sslonly
-    render :text => 'this should be seen only on SSL', :layout => false
-  end
-  def doesnt_need_ssl
-    render :text => 'this should be seen even without SSL', :layout => false
-  end
-
-  refuse_ssl :only => 'nossl'
-  def nossl
-    render :text => 'this should not be seen over SSL', :layout => false
-  end
-  def doesnt_refuse_ssl
-    render :text => 'this should be seen over SSL or not, whatever', :layout => false
-  end
-
 end
@@ -199,30 +199,6 @@ class ApplicationHelperTest &lt; ActiveSupport::TestCase
     assert_equal '/designs/templates/mytemplate/stylesheets/style.css', template_stylesheet_path
   end
-  should 'use https:// for login_url' do
-    environment = Environment.default
-    environment.update_attribute(:enable_ssl, true)
-    environment.domains << Domain.new(:name => "test.domain.net", :is_default => true)
-    stubs(:environment).returns(environment)
-
-    stubs(:url_for).with(has_entries(:protocol => 'https://', :host => 'test.domain.net')).returns('LALALA')
-
-    assert_equal 'LALALA', login_url
-  end
-
-  should 'not force ssl in login_url when environment has ssl disabled' do
-    environment = mock
-    environment.expects(:enable_ssl).returns(false).at_least_once
-    stubs(:environment).returns(environment)
-    request = mock
-    request.stubs(:host).returns('localhost')
-    stubs(:request).returns(request)
-
-    expects(:url_for).with(has_entries(:protocol => 'https://')).never
-    expects(:url_for).with(has_key(:controller)).returns("LALALA")
-    assert_equal "LALALA", login_url
-  end
-
   should 'return nil if disable_categories is enabled' do
     env = fast_create(Environment, :name => 'env test')
     stubs(:environment).returns(env)
@@ -241,12 +241,6 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     assert_equal 'http://www.lalala.net:9999', env.top_url
   end
-  should 'use https when asked for a ssl url' do
-    env = Environment.new
-    env.expects(:default_hostname).returns('www.lalala.net')
-    assert_equal 'https://www.lalala.net', env.top_url(true)
-  end
-
   should 'provide an approval_method setting' do
     env = Environment.new
@@ -532,16 +526,6 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     assert_equal enterprise, e.enterprise_template
   end
-  should 'not enable ssl by default' do
-    e = Environment.new
-    assert !e.enable_ssl
-  end
-
-  should 'be able to enable ssl' do
-    e = Environment.new(:enable_ssl => true)
-    assert_equal true, e.enable_ssl
-  end
-
   should 'have a layout template' do
     e = Environment.new(:layout_template => 'mytemplate')
     assert_equal 'mytemplate', e.layout_template
1	class AdminController < ApplicationController	1	class AdminController < ApplicationController
2	- require_ssl
3	end	2	end
	@@ -42,34 +42,6 @@ class ApplicationController < ActionController::Base		@@ -42,34 +42,6 @@ class ApplicationController < ActionController::Base
42	include AuthenticatedSystem	42	include AuthenticatedSystem
43	include PermissionCheck	43	include PermissionCheck
44		44
45	- def self.require_ssl(*options)
46	- before_filter :check_ssl, *options
47	- end
48	- def check_ssl
49	- return true if (request.ssl? \|\| ENV['RAILS_ENV'] == 'development')
50	- redirect_to_ssl
51	- end
52	- def redirect_to_ssl
53	- if environment.enable_ssl
54	- redirect_to(params.merge(:protocol => 'https://', :host => ssl_hostname))
55	- true
56	- else
57	- false
58	- end
59	- end
60	-
61	- def self.refuse_ssl(*options)
62	- before_filter :avoid_ssl, *options
63	- end
64	- def avoid_ssl
65	- if (!request.ssl? \|\| ENV['RAILS_ENV'] == 'development')
66	- true
67	- else
68	- redirect_to(params.merge(:protocol => 'http://'))
69	- false
70	- end
71	- end
72	-
73	before_filter :set_locale	45	before_filter :set_locale
74	def set_locale	46	def set_locale
75	FastGettext.available_locales = Noosfero.available_locales	47	FastGettext.available_locales = Noosfero.available_locales
	@@ -23,15 +23,6 @@ class CmsController < MyProfileController		@@ -23,15 +23,6 @@ class CmsController < MyProfileController
23	profile.articles.find(c.params[:id]).allow_post_content?(user)	23	profile.articles.find(c.params[:id]).allow_post_content?(user)
24	end	24	end
25		25
26	- alias :check_ssl_orig :check_ssl
27	- # Redefines the SSL checking to avoid requiring SSL when creating the "New
28	- # publication" button on article's public view.
29	- def check_ssl
30	- if ((params[:action] == 'new') && (!request.xhr?)) \|\| (params[:action] != 'new')
31	- check_ssl_orig
32	- end
33	- end
34	-
35	def boxes_holder	26	def boxes_holder
36	profile	27	profile
37	end	28	end
	@@ -341,10 +332,6 @@ class CmsController < MyProfileController		@@ -341,10 +332,6 @@ class CmsController < MyProfileController
341	end	332	end
342	end	333	end
343		334
344	- def maybe_ssl(url)
345	- [url, url.sub('https:', 'http:')]
346	- end
347	-
348	def valid_article_type?(type)	335	def valid_article_type?(type)
349	(available_article_types + special_article_types).map {\|item\| item.name}.include?(type)	336	(available_article_types + special_article_types).map {\|item\| item.name}.include?(type)
350	end	337	end
	@@ -2,7 +2,6 @@ class MyProfileController < ApplicationController		@@ -2,7 +2,6 @@ class MyProfileController < ApplicationController
2		2
3	needs_profile	3	needs_profile
4		4
5	- require_ssl
6		5
7	before_filter :login_required	6	before_filter :login_required
8		7
	@@ -4,7 +4,6 @@ class AccountController < ApplicationController		@@ -4,7 +4,6 @@ class AccountController < ApplicationController
4		4
5	inverse_captcha :field => 'e_mail'	5	inverse_captcha :field => 'e_mail'
6		6
7	- require_ssl :except => [ :login_popup, :logout_popup, :profile_details ]
8		7
9	before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]	8	before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
10	before_filter :redirect_if_logged_in, :only => [:login, :signup]	9	before_filter :redirect_if_logged_in, :only => [:login, :signup]
	@@ -33,14 +33,6 @@ class ContentViewerController < ApplicationController		@@ -33,14 +33,6 @@ class ContentViewerController < ApplicationController
33	end	33	end
34	end	34	end
35		35
36	- if !@page.public? && !request.ssl?
37	- return if redirect_to_ssl
38	- end
39	-
40	- if @page.public?
41	- return unless avoid_ssl
42	- end
43	-
44	if !@page.display_to?(user)	36	if !@page.display_to?(user)
45	if profile.display_info_to?(user) \|\| !profile.visible?	37	if profile.display_info_to?(user) \|\| !profile.visible?
46	message = _('You are not allowed to view this content. You can contact the owner of this profile to request access then.')	38	message = _('You are not allowed to view this content. You can contact the owner of this profile to request access then.')
1	class EnterpriseRegistrationController < ApplicationController	1	class EnterpriseRegistrationController < ApplicationController
2		2
3	- require_ssl
4		3
5	before_filter :login_required	4	before_filter :login_required
6		5
1	class PublicController < ApplicationController	1	class PublicController < ApplicationController
2	- refuse_ssl
3	end	2	end
	@@ -15,8 +15,6 @@ class AccountControllerTest < Test::Unit::TestCase		@@ -15,8 +15,6 @@ class AccountControllerTest < Test::Unit::TestCase
15	@controller = AccountController.new	15	@controller = AccountController.new
16	@request = ActionController::TestRequest.new	16	@request = ActionController::TestRequest.new
17	@response = ActionController::TestResponse.new	17	@response = ActionController::TestResponse.new
18	-
19	- @request.stubs(:ssl?).returns(true)
20	end	18	end
21		19
22	def test_local_files_reference	20	def test_local_files_reference
	@@ -593,38 +591,6 @@ class AccountControllerTest < Test::Unit::TestCase		@@ -593,38 +591,6 @@ class AccountControllerTest < Test::Unit::TestCase
593	assert_equal 1, assigns(:user).person.boxes[0].blocks.size	591	assert_equal 1, assigns(:user).person.boxes[0].blocks.size
594	end	592	end
595		593
596	- should 'force ssl' do
597	- Environment.default.update_attribute(:enable_ssl, true)
598	- @request.expects(:ssl?).returns(false).at_least_once
599	- get :index
600	- assert_redirected_to :protocol => 'https://'
601	- end
602	-
603	- should 'alllow login_popup without SSL' do
604	- @request.expects(:ssl?).returns(false).at_least_once
605	- get :login_popup
606	- assert_response :success
607	- end
608	-
609	- should 'allow logout_popup without SSL' do
610	- @request.expects(:ssl?).returns(false).at_least_once
611	- get :logout_popup
612	- assert_response :success
613	- end
614	-
615	- should 'point to SSL URL in login popup' do
616	- Environment.default.update_attribute(:enable_ssl, true)
617	- get :login_popup
618	- assert_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
619	- end
620	-
621	- should 'not point to SSL URL in login popup when in development mode' do
622	- @request.stubs(:ssl?).returns(false)
623	- ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
624	- get :login_popup
625	- assert_no_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
626	- end
627	-
628	should 'render person partial' do	594	should 'render person partial' do
629	Environment.any_instance.expects(:signup_person_fields).returns(['contact_phone']).at_least_once	595	Environment.any_instance.expects(:signup_person_fields).returns(['contact_phone']).at_least_once
630	get :signup	596	get :signup
	@@ -6,28 +6,8 @@ class AdminController; def rescue_action(e) raise e end; end		@@ -6,28 +6,8 @@ class AdminController; def rescue_action(e) raise e end; end
6		6
7	class AdminControllerTest < Test::Unit::TestCase	7	class AdminControllerTest < Test::Unit::TestCase
8		8
9	- class AdminTestController < AdminController
10	- def index
11	- render :text => 'ok', :layout => 'application'
12	- end
13	- end
14	-
15	- def setup
16	- @controller = AdminTestController.new
17	- @request = ActionController::TestRequest.new
18	- @response = ActionController::TestResponse.new
19	- end
20	-
21	- should 'require ssl' do
22	- Environment.default.update_attribute(:enable_ssl, true)
23	- get :index
24	- assert_redirected_to :protocol => 'https://'
25	- end
26	-
27	- should 'detect ssl' do
28	- @request.expects(:ssl?).returns(true).at_least_once
29	- get :index
30	- assert_response :success	9	+ should 'inherit from ApplicationController' do
		10	+ assert_kind_of ApplicationController, AdminController.new
31	end	11	end
32		12
33	end	13	end