diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index f1b1f2c..08745e5 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -30,6 +30,22 @@ class ApplicationController < ActionController::Base
include AuthenticatedSystem
include PermissionCheck
+ def self.require_ssl(*options)
+ before_filter :check_ssl, *options
+ end
+ def check_ssl
+ return true if (request.ssl? || ENV['RAILS_ENV'] == 'development')
+ redirect_to :protocol => 'https://'
+ end
+
+ def self.refuse_ssl(*options)
+ before_filter :avoid_ssl, *options
+ end
+ def avoid_ssl
+ return true if (!request.ssl? || ENV['RAILS_ENV'] == 'development')
+ redirect_to :protocol => 'http://'
+ end
+
before_init_gettext :maybe_save_locale
after_init_gettext :check_locale
init_gettext 'noosfero'
diff --git a/app/controllers/my_profile/cms_controller.rb b/app/controllers/my_profile/cms_controller.rb
index 7fe52bb..fcea2df 100644
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -165,7 +165,7 @@ class CmsController < MyProfileController
def record_coming_from_public_view
referer = request.referer
- if (referer == url_for(@article.url)) || (@article == @profile.home_page && referer == url_for(@profile.url))
+ if (maybe_ssl(url_for(@article.url)).include?(referer)) || (@article == @profile.home_page && maybe_ssl(url_for(@profile.url)).include?(referer))
@back_to = 'public_view'
@back_url = @article.url
end
@@ -173,11 +173,15 @@ class CmsController < MyProfileController
def record_creating_from_public_view
referer = request.referer
- if (referer =~ Regexp.new("^#{url_for(profile.url)}"))
+ if (referer =~ Regexp.new("^#{(url_for(profile.url).sub('https:', 'https?:'))}"))
@back_to = 'public_view'
@back_url = referer
end
end
+ def maybe_ssl(url)
+ [url, url.sub('https:', 'http:')]
+ end
+
end
diff --git a/app/controllers/my_profile_controller.rb b/app/controllers/my_profile_controller.rb
index 3d62eb6..9d2d209 100644
--- a/app/controllers/my_profile_controller.rb
+++ b/app/controllers/my_profile_controller.rb
@@ -2,6 +2,8 @@ class MyProfileController < ApplicationController
needs_profile
+ require_ssl
+
# declares that the controller needs an specific type of profile. Example:
#
# class PersonDetailControlles < ProfileAdminController
diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb
index 58a318a..ecc446f 100644
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -1,7 +1,9 @@
-class AccountController < PublicController
+class AccountController < ApplicationController
inverse_captcha :field => 'e_mail'
+ require_ssl :except => [ :login_popup ]
+
# say something nice, you goof! something sweet.
def index
unless logged_in?
diff --git a/app/controllers/public/catalog_controller.rb b/app/controllers/public/catalog_controller.rb
index 09ec6f7..6f59dd0 100644
--- a/app/controllers/public/catalog_controller.rb
+++ b/app/controllers/public/catalog_controller.rb
@@ -1,4 +1,4 @@
-class CatalogController < ApplicationController
+class CatalogController < PublicController
needs_profile
before_filter :check_enterprise_and_environment
diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb
index d2f7645..a8e4470 100644
--- a/app/controllers/public/content_viewer_controller.rb
+++ b/app/controllers/public/content_viewer_controller.rb
@@ -1,4 +1,4 @@
-class ContentViewerController < PublicController
+class ContentViewerController < ApplicationController
needs_profile
@@ -28,6 +28,11 @@ class ContentViewerController < PublicController
end
end
+ if !@page.public? && !request.ssl?
+ redirect_to :protocol => 'https://'
+ return
+ end
+
if !@page.display_to?(user)
# FIXME find a nice "access denied" layout
render :action => 'access_denied', :status => 403, :layout => false
diff --git a/app/controllers/public/enterprise_registration_controller.rb b/app/controllers/public/enterprise_registration_controller.rb
index 1c14286..2b4910e 100644
--- a/app/controllers/public/enterprise_registration_controller.rb
+++ b/app/controllers/public/enterprise_registration_controller.rb
@@ -1,5 +1,7 @@
class EnterpriseRegistrationController < ApplicationController
+ require_ssl
+
before_filter :login_required
# Just go to the first step.
diff --git a/app/controllers/public/profile_controller.rb b/app/controllers/public/profile_controller.rb
index 1ea0994..1893333 100644
--- a/app/controllers/public/profile_controller.rb
+++ b/app/controllers/public/profile_controller.rb
@@ -1,4 +1,4 @@
-class ProfileController < ApplicationController
+class ProfileController < PublicController
needs_profile
before_filter :check_access_to_profile
diff --git a/app/controllers/public/search_controller.rb b/app/controllers/public/search_controller.rb
index 3618886..e8c376b 100644
--- a/app/controllers/public/search_controller.rb
+++ b/app/controllers/public/search_controller.rb
@@ -1,4 +1,4 @@
-class SearchController < ApplicationController
+class SearchController < PublicController
helper TagsHelper
diff --git a/app/controllers/public/tag_controller.rb b/app/controllers/public/tag_controller.rb
index 282211a..89f06b3 100644
--- a/app/controllers/public/tag_controller.rb
+++ b/app/controllers/public/tag_controller.rb
@@ -1,3 +1,3 @@
-class TagController < ApplicationController
+class TagController < PublicController
end
diff --git a/app/controllers/public_controller.rb b/app/controllers/public_controller.rb
index 2857026..2ace734 100644
--- a/app/controllers/public_controller.rb
+++ b/app/controllers/public_controller.rb
@@ -1,2 +1,3 @@
class PublicController < ApplicationController
+ refuse_ssl
end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 4115e30..84356ec 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -707,4 +707,10 @@ module ApplicationHelper
end
end
+ def login_url
+ options = { :controller => 'account', :action => 'login' }
+ options.merge!(:protocol => 'https://', :host => request.host) unless ENV['RAILS_ENV'] == 'development'
+ url_for(options)
+ end
+
end
diff --git a/app/views/account/_login_form.rhtml b/app/views/account/_login_form.rhtml
index c02853a..8fa77df 100644
--- a/app/views/account/_login_form.rhtml
+++ b/app/views/account/_login_form.rhtml
@@ -1,5 +1,5 @@
<% labelled_form_for :user, @user,
- :url => { :controller => 'account', :action => 'login' },
+ :url => login_url,
:html => { :help => _('If you are a registered user, enter your username and password to be authenticated.')+''+_('To join on this environment, click on "I want to be an user!".')+''+_('If you forgot your password, click on "I forgot my password!" link.') } do |f| %>
<%= f.text_field :login,
diff --git a/app/views/account/login.rhtml b/app/views/account/login.rhtml
index bc97630..07342da 100644
--- a/app/views/account/login.rhtml
+++ b/app/views/account/login.rhtml
@@ -5,7 +5,7 @@
<% @user = User.new unless @user %>
<% labelled_form_for :user, @user,
- :url => { :controller => 'account', :action => 'login' },
+ :url => login_url,
:html => { :help => _('If you are a registered user, enter your username and password to be authenticated.')+''+_('To join on this environment, click on "I want to be an user!".')+''+_('If you forgot your password, click on "I forgot my password!" link.') } do |f| %>
<%= f.text_field :login,
diff --git a/app/views/account/login_block.rhtml b/app/views/account/login_block.rhtml
index 85b1ebd..7697f60 100644
--- a/app/views/account/login_block.rhtml
+++ b/app/views/account/login_block.rhtml
@@ -11,7 +11,7 @@
<% labelled_form_for :user, @user,
:html => { :help => _('If you are a registered user, enter your username and password to be authenticated.')+''+_('To join on this environment, click on "New user".')+''+_('If you forgot your password, click on "I forgot my password!" link.') },
- :url => { :controller => 'account', :action => 'login' } do |f| %>
+ :url => login_url do |f| %>
<%= f.text_field :login,
:help => _('Here goes the nickname that you give on the registration.'),
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 769b245..21ebbe5 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -15,6 +15,8 @@ class AccountControllerTest < Test::Unit::TestCase
@controller = AccountController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
+
+ @request.stubs(:ssl?).returns(true)
end
def test_local_files_reference
@@ -515,6 +517,29 @@ class AccountControllerTest < Test::Unit::TestCase
assert_equal 1, assigns(:user).person.boxes[0].blocks.size
end
+ should 'force ssl' do
+ @request.expects(:ssl?).returns(false).at_least_once
+ get :index
+ assert_redirected_to :protocol => 'https://'
+ end
+
+ should 'alllow login_popup without SSL' do
+ @request.expects(:ssl?).returns(false).at_least_once
+ get :login_popup
+ assert_response :success
+ end
+
+ should 'point to SSL URL in login popup' do
+ get :login_popup
+ assert_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
+ end
+
+ should 'not point to SSL URL in login popup when in development mode' do
+ ENV.expects(:[]).with('RAILS_ENV').returns('development').at_least_once
+ get :login_popup
+ assert_no_tag :tag => 'form', :attributes => { :action => /^https:\/\// }
+ end
+
protected
def create_user(options = {}, extra_options ={})
post :signup, { :user => { :login => 'quire',
diff --git a/test/functional/application_controller_test.rb b/test/functional/application_controller_test.rb
index b13a8f2..2b12c23 100644
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -224,4 +224,52 @@ class ApplicationControllerTest < Test::Unit::TestCase
get :index
end
+ should 'require ssl when told to' do
+ @request.expects(:ssl?).returns(false).at_least_once
+ get :sslonly
+ assert_redirected_to :protocol => 'https://'
+ end
+
+ should 'not force ssl in development mode' do
+ ENV.expects(:[]).with('RAILS_ENV').returns('development')
+ @request.expects(:ssl?).returns(false).at_least_once
+ get :sslonly
+ assert_response :success
+ end
+
+ should 'not force ssl when not told to' do
+ @request.expects(:ssl?).returns(false).at_least_once
+ get :doesnt_need_ssl
+ assert_response :success
+ end
+
+ should 'not force ssl when already in ssl' do
+ @request.expects(:ssl?).returns(true).at_least_once
+ get :sslonly
+ assert_response :success
+ end
+
+ should 'refuse ssl when told to' do
+ @request.expects(:ssl?).returns(true).at_least_once
+ get :nossl
+ assert_redirected_to :protocol => "http://"
+ end
+
+ should 'not refuse ssl when not told to' do
+ @request.expects(:ssl?).returns(true).at_least_once
+ get :doesnt_refuse_ssl
+ assert_response :success
+ end
+ should 'not refuse ssl while in development mode' do
+ ENV.expects(:[]).with('RAILS_ENV').returns('development')
+ @request.expects(:ssl?).returns(true).at_least_once
+ get :nossl
+ assert_response :success
+ end
+ should 'not refuse ssl when not in ssl' do
+ @request.expects(:ssl?).returns(false).at_least_once
+ get :nossl
+ assert_response :success
+ end
+
end
diff --git a/test/functional/cms_controller_test.rb b/test/functional/cms_controller_test.rb
index dea7b07..534125b 100644
--- a/test/functional/cms_controller_test.rb
+++ b/test/functional/cms_controller_test.rb
@@ -11,6 +11,7 @@ class CmsControllerTest < Test::Unit::TestCase
def setup
@controller = CmsController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
@profile = create_user_with_permission('testinguser', 'post_content')
@@ -513,14 +514,14 @@ class CmsControllerTest < Test::Unit::TestCase
get :edit, :profile => 'testinguser', :id => article.id
assert_tag :tag => 'input', :attributes => { :type => 'hidden', :name => 'back_to', :value => 'public_view' }
- assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => 'http://colivre.net/testinguser/myarticle' }
+ assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => /^https?:\/\/colivre.net\/testinguser\/myarticle/ }
end
should 'detect when comming from home page' do
@request.expects(:referer).returns('http://colivre.net/testinguser')
get :edit, :profile => 'testinguser', :id => @profile.home_page.id
assert_tag :tag => 'input', :attributes => { :type => 'hidden', :name => 'back_to', :value => 'public_view' }
- assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => 'http://colivre.net/testinguser/' + @profile.home_page.slug }
+ assert_tag :tag => 'a', :descendant => { :content => 'Cancel' }, :attributes => { :href => /^https?:\/\/colivre.net\/testinguser\/#{@profile.home_page.slug}$/ }
end
should 'go back to public view when saving coming from there' do
diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb
index 1efb0d7..ae7f2bb 100644
--- a/test/functional/content_viewer_controller_test.rb
+++ b/test/functional/content_viewer_controller_test.rb
@@ -370,6 +370,8 @@ class ContentViewerControllerTest < Test::Unit::TestCase
should 'not give access to private articles if logged off' do
profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false)
+
+ @request.stubs(:ssl?).returns(true)
get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
assert_template 'access_denied'
@@ -379,6 +381,8 @@ class ContentViewerControllerTest < Test::Unit::TestCase
login_as('testinguser')
profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false)
+
+ @request.stubs(:ssl?).returns(true)
get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
assert_template 'access_denied'
@@ -391,6 +395,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase
profile.affiliate(person, Profile::Roles.member)
login_as('test_user')
+ @request.stubs(:ssl?).returns(true)
get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
assert_template 'view_page'
@@ -412,6 +417,20 @@ class ContentViewerControllerTest < Test::Unit::TestCase
assert_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + profile.identifier + '/cms/publish/' + page.id.to_s)}
end
+
+ should 'require SSL for viewing non-public articles' do
+ page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :public_article => false)
+ get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
+ assert_redirected_to :protocol => 'https://'
+ end
+
+ should 'not redirect to SSL if already on SSL' do
+ @request.expects(:ssl?).returns(true).at_least_once
+ page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :public_article => false)
+ login_as('testinguser')
+ get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
+ assert_response :success
+ end
should 'not show link to publication on view if not on person profile' do
prof = Community.create!(:name => 'test comm', :identifier => 'test_comm')
diff --git a/test/functional/enterprise_editor_controller_test.rb b/test/functional/enterprise_editor_controller_test.rb
index 7bceee6..3afdaa1 100644
--- a/test/functional/enterprise_editor_controller_test.rb
+++ b/test/functional/enterprise_editor_controller_test.rb
@@ -8,6 +8,7 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase
def setup
@controller = EnterpriseEditorController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
end
diff --git a/test/functional/enterprise_registration_controller_test.rb b/test/functional/enterprise_registration_controller_test.rb
index 1e39bee..d03bd0f 100644
--- a/test/functional/enterprise_registration_controller_test.rb
+++ b/test/functional/enterprise_registration_controller_test.rb
@@ -11,6 +11,7 @@ all_fixtures
def setup
@controller = EnterpriseRegistrationController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
login_as 'ze'
end
diff --git a/test/functional/enterprise_validation_controller_test.rb b/test/functional/enterprise_validation_controller_test.rb
index 8c35346..f048fcd 100644
--- a/test/functional/enterprise_validation_controller_test.rb
+++ b/test/functional/enterprise_validation_controller_test.rb
@@ -11,6 +11,7 @@ class EnterpriseValidationControllerTest < Test::Unit::TestCase
def setup
@controller = EnterpriseValidationController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
login_as 'ze'
diff --git a/test/functional/favorite_enterprises_controller_test.rb b/test/functional/favorite_enterprises_controller_test.rb
index be7a76b..74753c9 100644
--- a/test/functional/favorite_enterprises_controller_test.rb
+++ b/test/functional/favorite_enterprises_controller_test.rb
@@ -10,6 +10,7 @@ class FavoriteEnterprisesControllerTest < Test::Unit::TestCase
def setup
@controller = FavoriteEnterprisesController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
self.profile = create_user('testuser').person
diff --git a/test/functional/friends_controller_test.rb b/test/functional/friends_controller_test.rb
index 6cef61e..283be98 100644
--- a/test/functional/friends_controller_test.rb
+++ b/test/functional/friends_controller_test.rb
@@ -10,6 +10,7 @@ class FriendsControllerTest < Test::Unit::TestCase
def setup
@controller = FriendsController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
self.profile = create_user('testuser').person
diff --git a/test/functional/mailconf_controller_test.rb b/test/functional/mailconf_controller_test.rb
index ed6d0ef..62a0c02 100644
--- a/test/functional/mailconf_controller_test.rb
+++ b/test/functional/mailconf_controller_test.rb
@@ -7,6 +7,7 @@ class MailconfControllerTest < Test::Unit::TestCase
def setup
@controller = MailconfController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
MailConf.stubs(:enabled?).returns(true)
diff --git a/test/functional/manage_products_controller_test.rb b/test/functional/manage_products_controller_test.rb
index 0dbbe59..a2185d7 100644
--- a/test/functional/manage_products_controller_test.rb
+++ b/test/functional/manage_products_controller_test.rb
@@ -9,6 +9,7 @@ class ManageProductsControllerTest < Test::Unit::TestCase
def setup
@controller = ManageProductsController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
@enterprise = Enterprise.create(:name => 'teste', :identifier => 'test_ent')
@user = create_user_with_permission('test_user', 'manage_products', @enterprise)
diff --git a/test/functional/memberships_controller_test.rb b/test/functional/memberships_controller_test.rb
index f2fae80..41935c8 100644
--- a/test/functional/memberships_controller_test.rb
+++ b/test/functional/memberships_controller_test.rb
@@ -12,6 +12,7 @@ class MembershipsControllerTest < Test::Unit::TestCase
def setup
@controller = MembershipsController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
@profile = create_user('testuser').person
diff --git a/test/functional/my_profile_controller_test.rb b/test/functional/my_profile_controller_test.rb
index 74ca402..efccbb2 100644
--- a/test/functional/my_profile_controller_test.rb
+++ b/test/functional/my_profile_controller_test.rb
@@ -17,6 +17,7 @@ class MyProfileControllerTest < Test::Unit::TestCase
def setup
@controller = MyProfileController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
end
@@ -46,4 +47,13 @@ class MyProfileControllerTest < Test::Unit::TestCase
assert_response 403 # forbidden
end
+ should 'require ssl' do
+ @controller = OnlyForPersonTestController.new
+ org = Organization.create!(:identifier => 'hacking_institute', :name => 'Hacking Institute')
+
+ @request.expects(:ssl?).returns(false).at_least_once
+ get :index, :profile => 'hacking_institute'
+ assert_redirected_to :protocol => 'https://'
+ end
+
end
diff --git a/test/functional/profile_design_controller_test.rb b/test/functional/profile_design_controller_test.rb
index 1bc4ecd..acd0169 100644
--- a/test/functional/profile_design_controller_test.rb
+++ b/test/functional/profile_design_controller_test.rb
@@ -9,6 +9,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase
def setup
@controller = ProfileDesignController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
@holder = create_user('designtestuser').person
diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb
index b77a8ed..edc296c 100644
--- a/test/functional/profile_editor_controller_test.rb
+++ b/test/functional/profile_editor_controller_test.rb
@@ -10,6 +10,7 @@ class ProfileEditorControllerTest < Test::Unit::TestCase
def setup
@controller = ProfileEditorController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
login_as('ze')
@profile = Person['ze']
diff --git a/test/functional/profile_members_controller_test.rb b/test/functional/profile_members_controller_test.rb
index ed877be..65931ea 100644
--- a/test/functional/profile_members_controller_test.rb
+++ b/test/functional/profile_members_controller_test.rb
@@ -8,6 +8,7 @@ class ProfileMembersControllerTest < Test::Unit::TestCase
def setup
@controller = ProfileMembersController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
end
diff --git a/test/functional/public_controller_test.rb b/test/functional/public_controller_test.rb
index 5256c86..0c41fc5 100644
--- a/test/functional/public_controller_test.rb
+++ b/test/functional/public_controller_test.rb
@@ -6,15 +6,23 @@ class PublicController; def rescue_action(e) raise e end; end
class PublicControllerTest < Test::Unit::TestCase
+ class TestingPublicStuffController < PublicController
+ def index
+ render :text => 'test', :layout => false
+ end
+ end
+
def setup
- @controller = PublicController.new
+ @controller = TestingPublicStuffController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
end
# Replace this with your real tests.
- def test_truth
- assert true
+ should 'refuse SSL' do
+ get :index
+ assert_redirected_to :protocol => 'http://'
end
end
diff --git a/test/functional/tasks_controller_test.rb b/test/functional/tasks_controller_test.rb
index dab7fce..169fbcf 100644
--- a/test/functional/tasks_controller_test.rb
+++ b/test/functional/tasks_controller_test.rb
@@ -10,6 +10,7 @@ class TasksControllerTest < Test::Unit::TestCase
def setup
@controller = TasksController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
self.profile = create_user('testuser').person
diff --git a/test/functional/themes_controller_test.rb b/test/functional/themes_controller_test.rb
index 7f94f8b..d9682c1 100644
--- a/test/functional/themes_controller_test.rb
+++ b/test/functional/themes_controller_test.rb
@@ -8,6 +8,7 @@ class ThemesControllerTest < Test::Unit::TestCase
def setup
@controller = ThemesController.new
@request = ActionController::TestRequest.new
+ @request.stubs(:ssl?).returns(true)
@response = ActionController::TestResponse.new
Theme.stubs(:user_themes_dir).returns(TMP_THEMES_DIR)
diff --git a/test/integration/forgot_password_test.rb b/test/integration/forgot_password_test.rb
index a288487..66c5b4a 100644
--- a/test/integration/forgot_password_test.rb
+++ b/test/integration/forgot_password_test.rb
@@ -2,6 +2,10 @@ require "#{File.dirname(__FILE__)}/../test_helper"
class ForgotPasswordTest < ActionController::IntegrationTest
+ def setup
+ ActionController::Integration::Session.any_instance.stubs(:https?).returns(true)
+ end
+
def test_forgot_password
User.destroy_all
diff --git a/test/integration/signup_test.rb b/test/integration/signup_test.rb
index 259abb7..dbbd5f4 100644
--- a/test/integration/signup_test.rb
+++ b/test/integration/signup_test.rb
@@ -1,8 +1,12 @@
require "#{File.dirname(__FILE__)}/../test_helper"
-class AccountTest < ActionController::IntegrationTest
+class SignupTest < ActionController::IntegrationTest
all_fixtures
+ def setup
+ ActionController::Integration::Session.any_instance.stubs(:https?).returns(true)
+ end
+
def test_should_require_acceptance_of_terms_for_signup
Environment.default.update_attributes(:terms_of_use => 'You agree to not be annoying.')
diff --git a/test/integration/user_registers_at_the_application_test.rb b/test/integration/user_registers_at_the_application_test.rb
index 1b375c1..780cba9 100644
--- a/test/integration/user_registers_at_the_application_test.rb
+++ b/test/integration/user_registers_at_the_application_test.rb
@@ -9,6 +9,11 @@ class UserRegistersAtTheApplicationTest < ActionController::IntegrationTest
assert_can_signup
get '/account/signup'
+
+ # going SSL
+ assert_response :redirect
+ follow_redirect!
+
assert_response :success
post '/account/signup', :user => { :login => 'mylogin', :password => 'mypassword', :password_confirmation => 'mypassword', :email => 'mylogin@example.com' }
@@ -30,6 +35,11 @@ class UserRegistersAtTheApplicationTest < ActionController::IntegrationTest
assert_can_signup
get '/account/signup'
+
+ # going SSL
+ assert_response :redirect
+ follow_redirect!
+
assert_response :success
post '/account/signup', :user => { :login => 'ze', :password => 'mypassword', :password_confirmation => 'mypassword', :email => 'mylogin@example.com' }
diff --git a/test/mocks/test/test_controller.rb b/test/mocks/test/test_controller.rb
index d83dbfb..79fcd42 100644
--- a/test/mocks/test/test_controller.rb
+++ b/test/mocks/test/test_controller.rb
@@ -39,4 +39,20 @@ class TestController < ApplicationController
'
end
+ require_ssl :only => 'sslonly'
+ def sslonly
+ render :text => 'this should be seen only on SSL', :layout => false
+ end
+ def doesnt_need_ssl
+ render :text => 'this should be seen even without SSL', :layout => false
+ end
+
+ refuse_ssl :only => 'nossl'
+ def nossl
+ render :text => 'this should not be seen over SSL', :layout => false
+ end
+ def doesnt_refuse_ssl
+ render :text => 'this should be seen over SSL or not, whatever', :layout => false
+ end
+
end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 5aab683..0a48307 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -239,6 +239,8 @@ class ActionController::IntegrationTest
def login(username, password)
+ ActionController::Integration::Session.any_instance.stubs(:https?).returns(true)
+
post '/account/login', :user => { :login => username, :password => password }
assert_response :redirect
follow_redirect!
--
libgit2 0.21.2