Download as
Browse Code »

Commit f7e9e2e49d5ed4c39816ead940354ad4e911d378

Authored by Antonio Terceiro
1 parent 3fb4b9aa
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

ActionItem790: don't crash with private profile and ssl disabled

Showing 4 changed files with 28 additions and 3 deletions   Show diff stats
app/controllers/application.rb
  Diff comments   View file @f7e9e2e
... ... @@ -38,8 +38,9 @@ class ApplicationController < ActionController::Base
38 38 redirect_to_ssl
39 39 end
40 40 def redirect_to_ssl
41   - return true if environment.disable_ssl
  41 + return false if environment.disable_ssl
42 42 redirect_to(params.merge(:protocol => 'https://'))
  43 + true
43 44 end
44 45  
45 46 def self.refuse_ssl(*options)
... ...
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @f7e9e2e
... ... @@ -29,8 +29,7 @@ class ContentViewerController < ApplicationController
29 29 end
30 30  
31 31 if !@page.public? && !request.ssl?
32   - redirect_to_ssl
33   - return
  32 + return if redirect_to_ssl
34 33 end
35 34  
36 35 if !@page.display_to?(user)
... ...
test/functional/application_controller_test.rb
  Diff comments   View file @f7e9e2e
... ... @@ -356,6 +356,21 @@ class ApplicationControllerTest < Test::Unit::TestCase
356 356 assert_redirected_to :x => '1', :y => '1', :protocol => 'https://'
357 357 end
358 358  
  359 + should 'return true in redirect_to_ssl' do
  360 + env = mock
  361 + env.expects(:disable_ssl).returns(false)
  362 + @controller.expects(:environment).returns(env)
  363 + @controller.expects(:params).returns({})
  364 + @controller.expects(:redirect_to).with({:protocol => 'https://'})
  365 + assert_equal true, @controller.redirect_to_ssl
  366 + end
  367 + should 'return false in redirect_to_ssl when ssl is disabled' do
  368 + env = mock
  369 + env.expects(:disable_ssl).returns(true)
  370 + @controller.expects(:environment).returns(env)
  371 + assert_equal false, @controller.redirect_to_ssl
  372 + end
  373 +
359 374 should 'not force ssl when ssl is disabled' do
360 375 env = Environment.default
361 376 env.expects(:disable_ssl).returns(true)
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @f7e9e2e
... ... @@ -451,4 +451,14 @@ class ContentViewerControllerTest < Test::Unit::TestCase
451 451 assert_no_tag :tag => 'a', :attributes => {:href => ('/myprofile/' + prof.identifier + '/cms/publish/' + page.id.to_s)}
452 452 end
453 453  
  454 + should 'deny access before trying SSL when SSL is disabled' do
  455 + @controller.expects(:redirect_to_ssl).returns(false)
  456 + profile = create_user('testuser').person
  457 + profile.public_profile = false
  458 + profile.save!
  459 +
  460 + get :view_page, :profile => 'testuser', :page => profile.home_page.explode_path
  461 + assert_response 403
  462 + end
  463 +
454 464 end
... ...