Download as
Browse Code »

Commit f7e9e2e49d5ed4c39816ead940354ad4e911d378

Authored by Antonio Terceiro
1 parent 3fb4b9aa
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

ActionItem790: don't crash with private profile and ssl disabled

Showing 4 changed files with 28 additions and 3 deletions   Show diff stats
app/controllers/application.rb
  Diff comments   View file @f7e9e2e
... ... @@ -38,8 +38,9 @@ class ApplicationController < ActionController::Base
38 38 redirect_to_ssl
39 39 end
40 40 def redirect_to_ssl
41   - return true if environment.disable_ssl
  41 + return false if environment.disable_ssl
42 42 redirect_to(params.merge(:protocol => 'https://'))
  43 + true
43 44 end
44 45  
45 46 def self.refuse_ssl(*options)
... ...
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @f7e9e2e
... ... @@ -29,8 +29,7 @@ class ContentViewerController < ApplicationController
29 29 end
30 30  
31 31 if !@page.public? && !request.ssl?
32   - redirect_to_ssl
33   - return
  32 + return if redirect_to_ssl
34 33 end
35 34  
36 35 if !@page.display_to?(user)
... ...
test/functional/application_controller_test.rb
  Diff comments   View file @f7e9e2e
... ... @@ -356,6 +356,21 @@ class ApplicationControllerTest < Test::Unit::TestCase
356 356 assert_redirected_to :x => '1', :y => '1', :protocol => 'https://'
357 357 end
358 358  
  359 + should 'return true in redirect_to_ssl' do
  360 + env = mock
  361 + env.expects(:disable_ssl).returns(false)
  362 + @controller.expects(:environment).returns(env)
  363 + @controller.expects(:params).returns({})
  364 + @controller.expects(:redirect_to).with({:protocol => 'https://'})
  365 + assert_equal true, @controller.redirect_to_ssl
  366 + end
  367 + should 'return false in redirect_to_ssl when ssl is disabled' do
  368 + env = mock
  369 + env.expects(:disable_ssl).returns(true)
  370 + @controller.expects(:environment).returns(env)
  371 + assert_equal false, @controller.redirect_to_ssl
  372 + end
  373 +
359 374 should 'not force ssl when ssl is disabled' do
360 375 env = Environment.default
361 376 env.expects(:disable_ssl).returns(true)
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @f7e9e2e
... ... @@ -451,4 +451,14 @@ class ContentViewerControllerTest < Test::Unit::TestCase
451 451 assert_no_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + prof.identifier + '/cms/publish/' + page.id.to_s)}
452 452 end
453 453  
  454 + should 'deny access before trying SSL when SSL is disabled' do
  455 + @controller.expects(:redirect_to_ssl).returns(false)
  456 + profile = create_user('testuser').person
  457 + profile.public_profile = false
  458 + profile.save!
  459 +
  460 + get :view_page, :profile => 'testuser', :page => profile.home_page.explode_path
  461 + assert_response 403
  462 + end
  463 +
454 464 end
... ...