def test_ssl_requirement ssl_requirement_actions = [:signup,:password_forgot,:questionnaire,:change,:update_personal_data,:about_easy_login,:login] login_requirement_actions = [:change,:update_personal_data,:about_easy_login] ssl_requirement_actions.each do |action| assert_not_equal "on", @request.env["HTTPS"] if login_requirement_actions.include?(action) @request.session[:student_id] = @student.id end get action assert_response :redirect if action == :login assert_match %r<^https://test.host/\?_saiyo_session_id=$>, @response.headers['Location'] else assert_match %r<^https://test.host/user/account/#{action}/?>, @response.headers['Location'] end test_logout @request = ActionController::TestRequest.new @request.user_agent = "DoCoMo/2.0 D902i(c100;TB;W23H16;ser999999999999999;icc0000000000000000000f)" end end
使用したプラグインはこちら(ssl_requirement)
ただし、改変してある。これは、例えば携帯サイトを作成する場合の、不要なリダイレクト
を排除したものである。
module SslRequirement def self.included(controller) controller.extend(ClassMethods) controller.before_filter(:ensure_proper_protocol) end module ClassMethods # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol). def ssl_required(*actions) write_inheritable_array(:ssl_required_actions, actions) end def ssl_allowed(*actions) write_inheritable_array(:ssl_allowed_actions, actions) end end protected # Returns true if the current action is supposed to run as SSL def ssl_required? (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym) end def ssl_allowed? (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym) end #Changeset---------------------------- #Commented out some codes to allow accessing to all actions by 'https' #because it need not to prevent accessing by 'https'. #I have to prevent only accessings to action (shoud be accessed by 'https') by 'http' private def ensure_proper_protocol #return true if ssl_allowed? if ssl_required? && !request.ssl? redirect_to "https://" + request.host + request.request_uri return false #elsif request.ssl? && !ssl_required? # redirect_to "http://" + request.host + request.request_uri # return false else return true end end end