Commit 265f85f769eddafdb1bc263146172519551369c9
1 parent
2b571b6d
Exists in
master
and in
29 other branches
ActionItem438: enabling "New publication" popup without SSL
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2474 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
2 changed files
with
28 additions
and
0 deletions
Show diff stats
app/controllers/my_profile/cms_controller.rb
@@ -3,6 +3,16 @@ class CmsController < MyProfileController | @@ -3,6 +3,16 @@ class CmsController < MyProfileController | ||
3 | protect 'post_content', :profile, :except => [:set_home_page] | 3 | protect 'post_content', :profile, :except => [:set_home_page] |
4 | protect 'edit_profile', :profile, :only => [:set_home_page] | 4 | protect 'edit_profile', :profile, :only => [:set_home_page] |
5 | 5 | ||
6 | + alias :check_ssl_orig :check_ssl | ||
7 | + # Redefines the SSL checking to avoid requiring SSL when creating the "New | ||
8 | + # publication" button on article's public view. | ||
9 | + def check_ssl | ||
10 | + if ((params[:action] == 'new') && (!request.xhr?)) || (params[:action] != 'new') | ||
11 | + #raise 'bli' | ||
12 | + check_ssl_orig | ||
13 | + end | ||
14 | + end | ||
15 | + | ||
6 | def boxes_holder | 16 | def boxes_holder |
7 | profile | 17 | profile |
8 | end | 18 | end |
test/functional/cms_controller_test.rb
@@ -592,4 +592,22 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -592,4 +592,22 @@ class CmsControllerTest < Test::Unit::TestCase | ||
592 | end | 592 | end |
593 | end | 593 | end |
594 | 594 | ||
595 | + should 'require ssl in general' do | ||
596 | + @request.expects(:ssl?).returns(false).at_least_once | ||
597 | + get :index, :profile => 'testinguser' | ||
598 | + assert_redirected_to :protocol => 'https://' | ||
599 | + end | ||
600 | + | ||
601 | + should 'accept ajax connections to new action without ssl' do | ||
602 | + @request.expects(:ssl?).returns(false).at_least_once | ||
603 | + xml_http_request :get, :new, :profile => 'testinguser' | ||
604 | + assert_response :success | ||
605 | + end | ||
606 | + | ||
607 | + should 'not accept non-ajax connections to new action without ssl' do | ||
608 | + @request.expects(:ssl?).returns(false).at_least_once | ||
609 | + get :new, :profile => 'testinguser' | ||
610 | + assert_redirected_to :protocol => 'https://' | ||
611 | + end | ||
612 | + | ||
595 | end | 613 | end |