SSLテスト

Rails 
 def test_ssl_requirement
    ssl_requirement_actions = [:signup,:password_forgot,:questionnaire,:change,:update_personal_data,:about_easy_login,:login]
    login_requirement_actions = [:change,:update_personal_data,:about_easy_login]
   
    ssl_requirement_actions.each do |action|
      assert_not_equal "on", @request.env["HTTPS"]
      
      if login_requirement_actions.include?(action)
        @request.session[:student_id] = @student.id
      end
      
      get action
      assert_response :redirect
      
      if action == :login
        assert_match %r<^https://test.host/\?_saiyo_session_id=$>, @response.headers['Location']
      else
        assert_match %r<^https://test.host/user/account/#{action}/?>, @response.headers['Location']
      end
      
      test_logout
      @request    = ActionController::TestRequest.new
      @request.user_agent = "DoCoMo/2.0 D902i(c100;TB;W23H16;ser999999999999999;icc0000000000000000000f)"
    end
  end


使用したプラグインはこちら(ssl_requirement)
ただし、改変してある。これは、例えば携帯サイトを作成する場合の、不要なリダイレクト
を排除したものである。

 module SslRequirement
  def self.included(controller)
    controller.extend(ClassMethods)
    controller.before_filter(:ensure_proper_protocol)
  end
 
  module ClassMethods
    # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
    def ssl_required(*actions)
      write_inheritable_array(:ssl_required_actions, actions)
    end
 
    def ssl_allowed(*actions)
      write_inheritable_array(:ssl_allowed_actions, actions)
    end
  end
  
  protected
    # Returns true if the current action is supposed to run as SSL
    def ssl_required?
      (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
    end
    
    def ssl_allowed?
      (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
    end
 
#Changeset----------------------------
#Commented out some codes to allow accessing to all actions by 'https' 
#because it need not to prevent accessing by 'https'.
#I have to prevent only accessings to action (shoud be accessed by 'https') by 'http' 
  private
    def ensure_proper_protocol
      #return true if ssl_allowed?
      
      if ssl_required? && !request.ssl?
        redirect_to "https://" + request.host + request.request_uri
        return false
      #elsif request.ssl? && !ssl_required?
      #  redirect_to "http://" + request.host + request.request_uri
      #  return false
      else
        return true
      end
    end
end