PageRenderTime 69ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/test/ssl_requirement_test.rb

https://github.com/technicalpickles/ssl_requirement
Ruby | 220 lines | 179 code | 41 blank | 0 comment | 1 complexity | 03f55293213fb6205a9eb904de1ef439 MD5 | raw file
    

  1. require 'set'
    2. 

  2. require 'rubygems'
    3. 

  3. require 'activesupport'
    4. 

  4. begin
    5. 

  5.   require 'action_controller'
    6. 

  6. rescue LoadError
    7. 

  7.   if ENV['ACTIONCONTROLLER_PATH'].nil?
    8. 

  8.     abort <<MSG
    9. 

  9. Please set the ACTIONCONTROLLER_PATH environment variable to the directory
    10. 

  10. containing the action_controller.rb file.
    11. 

  11. MSG
    12. 

  12.   else
    13. 

  13.     $LOAD_PATH.unshift ENV['ACTIONCONTROLLER_PATH']
    14. 

  14.     begin
    15. 

  15.       require 'action_controller'
    16. 

  16.     rescue LoadError
    17. 

  17.       abort "ActionController could not be found."
    18. 

  18.     end
    19. 

  19.   end
    20. 

  20. end
    21. 

  21. 

  22. require 'action_controller/test_process'
    23. 

  23. require 'test/unit'
    24. 

  24. require "#{File.dirname(__FILE__)}/../lib/ssl_requirement"
    25. 

  25. 

  26. ActionController::Base.logger = nil
    27. 

  27. ActionController::Routing::Routes.reload rescue nil
    28. 

  28. 

  29. class SslRequirementController < ActionController::Base
    30. 

  30.   include SslRequirement
    31. 

  31.   
    32. 

  32.   ssl_required :a, :b
    33. 

  33.   ssl_allowed :c
    34. 

  34.   
    35. 

  35.   def a
    36. 

  36.     render :nothing => true
    37. 

  37.   end
    38. 

  38.   
    39. 

  39.   def b
    40. 

  40.     render :nothing => true
    41. 

  41.   end
    42. 

  42.   
    43. 

  43.   def c
    44. 

  44.     render :nothing => true
    45. 

  45.   end
    46. 

  46.   
    47. 

  47.   def d
    48. 

  48.     render :nothing => true
    49. 

  49.   end
    50. 

  50.   
    51. 

  51.   def set_flash
    52. 

  52.     flash[:foo] = "bar"
    53. 

  53.   end
    54. 

  54. end
    55. 

  55. 

  56. class SslExceptionController < ActionController::Base
    57. 

  57.   include SslRequirement
    58. 

  58.   
    59. 

  59.   ssl_required  :a
    60. 

  60.   ssl_exceptions :b
    61. 

  61.   ssl_allowed :d
    62. 

  62.     
    63. 

  63.   def a
    64. 

  64.     render :nothing => true
    65. 

  65.   end
    66. 

  66.   
    67. 

  67.   def b
    68. 

  68.     render :nothing => true
    69. 

  69.   end
    70. 

  70.   
    71. 

  71.   def c
    72. 

  72.     render :nothing => true
    73. 

  73.   end
    74. 

  74.   
    75. 

  75.   def d
    76. 

  76.     render :nothing => true
    77. 

  77.   end
    78. 

  78.   
    79. 

  79.   def set_flash
    80. 

  80.     flash[:foo] = "bar"
    81. 

  81.   end
    82. 

  82. end
    83. 

  83. 

  84. class SslAllActionsController < ActionController::Base
    85. 

  85.   include SslRequirement
    86. 

  86.   
    87. 

  87.   ssl_exceptions
    88. 

  88.     
    89. 

  89.   def a
    90. 

  90.     render :nothing => true
    91. 

  91.   end
    92. 

  92.   
    93. 

  93. end
    94. 

  94. 

  95. class SslRequirementTest < Test::Unit::TestCase
    96. 

  96.   def setup
    97. 

  97.     @controller = SslRequirementController.new
    98. 

  98.     @request    = ActionController::TestRequest.new
    99. 

  99.     @response   = ActionController::TestResponse.new
    100. 

  100.   end
    101. 

  101.   
    102. 

  102.   def test_redirect_to_https_preserves_flash
    103. 

  103.     get :set_flash
    104. 

  104.     get :b
    105. 

  105.     assert_response :redirect
    106. 

  106.     assert_equal "bar", flash[:foo]
    107. 

  107.   end
    108. 

  108.   
    109. 

  109.   def test_not_redirecting_to_https_does_not_preserve_the_flash
    110. 

  110.     get :set_flash
    111. 

  111.     get :d
    112. 

  112.     assert_response :success
    113. 

  113.     assert_nil flash[:foo]
    114. 

  114.   end
    115. 

  115.   
    116. 

  116.   def test_redirect_to_http_preserves_flash
    117. 

  117.     get :set_flash
    118. 

  118.     @request.env['HTTPS'] = "on"
    119. 

  119.     get :d
    120. 

  120.     assert_response :redirect
    121. 

  121.     assert_equal "bar", flash[:foo]
    122. 

  122.   end
    123. 

  123.   
    124. 

  124.   def test_not_redirecting_to_http_does_not_preserve_the_flash
    125. 

  125.     get :set_flash
    126. 

  126.     @request.env['HTTPS'] = "on"
    127. 

  127.     get :a
    128. 

  128.     assert_response :success
    129. 

  129.     assert_nil flash[:foo]
    130. 

  130.   end
    131. 

  131.   
    132. 

  132.   def test_required_without_ssl
    133. 

  133.     assert_not_equal "on", @request.env["HTTPS"]
    134. 

  134.     get :a
    135. 

  135.     assert_response :redirect
    136. 

  136.     assert_match %r{^https://}, @response.headers['Location']
    137. 

  137.     get :b
    138. 

  138.     assert_response :redirect
    139. 

  139.     assert_match %r{^https://}, @response.headers['Location']
    140. 

  140.   end
    141. 

  141.   
    142. 

  142.   def test_required_with_ssl
    143. 

  143.     @request.env['HTTPS'] = "on"
    144. 

  144.     get :a
    145. 

  145.     assert_response :success
    146. 

  146.     get :b
    147. 

  147.     assert_response :success
    148. 

  148.   end
    149. 

  149. 

  150.   def test_disallowed_without_ssl
    151. 

  151.     assert_not_equal "on", @request.env["HTTPS"]
    152. 

  152.     get :d
    153. 

  153.     assert_response :success
    154. 

  154.   end
    155. 

  155.   
    156. 

  156.   def test_ssl_exceptions_without_ssl
    157. 

  157.     @controller = SslExceptionController.new
    158. 

  158.     get :a
    159. 

  159.     assert_response :redirect
    160. 

  160.     assert_match %r{^https://}, @response.headers['Location']
    161. 

  161.     
    162. 

  162.     get :b
    163. 

  163.     assert_response :success
    164. 

  164.     
    165. 

  165.     get :c # c is not explicity in ssl_required, but it is not listed in ssl_exceptions
    166. 

  166.     assert_response :redirect
    167. 

  167.     assert_match %r{^https://}, @response.headers['Location']
    168. 

  168.   end
    169. 

  169.     
    170. 

  170.   def test_ssl_exceptions_with_ssl
    171. 

  171.     @controller = SslExceptionController.new
    172. 

  172.     @request.env['HTTPS'] = "on"
    173. 

  173.     get :a
    174. 

  174.     assert_response :success
    175. 

  175.     
    176. 

  176.     @request.env['HTTPS'] = "on"
    177. 

  177.     get :c
    178. 

  178.     assert_response :success
    179. 

  179.   end
    180. 

  180.   
    181. 

  181.   def test_ssl_all_actions_without_ssl
    182. 

  182.     @controller = SslAllActionsController.new
    183. 

  183.     get :a
    184. 

  184.     
    185. 

  185.     assert_response :redirect
    186. 

  186.     assert_match %r{^https://}, @response.headers['Location']
    187. 

  187.   end
    188. 

  188.   
    189. 

  189.   def test_disallowed_with_ssl
    190. 

  190.     @request.env['HTTPS'] = "on"
    191. 

  191.     get :d
    192. 

  192.     assert_response :redirect
    193. 

  193.     assert_match %r{^http://}, @response.headers['Location']
    194. 

  194.   end
    195. 

  195. 

  196.   def test_allowed_without_ssl
    197. 

  197.     assert_not_equal "on", @request.env["HTTPS"]
    198. 

  198.     get :c
    199. 

  199.     assert_response :success
    200. 

  200.   end
    201. 

  201. 

  202.   def test_allowed_with_ssl
    203. 

  203.     @request.env['HTTPS'] = "on"
    204. 

  204.     get :c
    205. 

  205.     assert_response :success
    206. 

  206.   end
    207. 

  207. 

  208.   def test_disable_ssl_check
    209. 

  209.     SslRequirement.disable_ssl_check = true
    210. 

  210. 

  211.     assert_not_equal "on", @request.env["HTTPS"]
    212. 

  212.     get :a
    213. 

  213.     assert_response :success
    214. 

  214.     get :b
    215. 

  215.     assert_response :success
    216. 

  216.   ensure
    217. 

  217.     SslRequirement.disable_ssl_check = false
    218. 

  218.   end
    219. 

  219.   
    220. 

  220. end
    221.