When force redirecting to SSL, make sure that the session is kept. As we're moving from a non-secure to secure environment, it's safe

2012-01-12 20:31:23 +01:00 · 2012-01-12 20:31:23 +01:00 · 321dae5dcc
commit 321dae5dcc
parent e927f06b25
2 changed files with 38 additions and 1 deletions
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@ -29,6 +29,7 @@ def force_ssl(options = {})
          if !request.ssl? && !Rails.env.development?
            redirect_options = {:protocol => 'https://', :status => :moved_permanently}
            redirect_options.merge!(:host => host) if host
+            flash.keep
            redirect_to redirect_options
          end
        end
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@ -26,6 +26,23 @@ class ForceSSLExceptAction < ForceSSLController
  force_ssl :except => :banana
 end

+class ForceSSLFlash < ForceSSLController
+  force_ssl :except => [:banana, :set_flash, :use_flash]
+
+  def set_flash
+    flash["that"] = "hello"
+    redirect_to '/force_ssl_flash/cheeseburger'
+  end
+
+  def use_flash
+    @flash_copy = {}.update flash
+    @flashy = flash["that"]
+    render :inline => "hello"
+  end
+
+end
+
+
 class ForceSSLControllerLevelTest < ActionController::TestCase
  tests ForceSSLControllerLevel

@ -50,7 +67,7 @@ def test_banana_redirects_to_https_with_custom_host
    assert_response 301
    assert_equal "https://secure.test.host/force_ssl_custom_domain/banana", redirect_to_url
  end
-  
+
  def test_cheeseburger_redirects_to_https_with_custom_host
    get :cheeseburger
    assert_response 301
@ -101,3 +118,22 @@ def test_development_environment_not_redirects_to_https
    assert_response 200
  end
 end
+
+class ForceSSLFlashTest < ActionController::TestCase
+  tests ForceSSLFlash
+
+  def test_cheeseburger_redirects_to_https
+    get :set_flash
+    assert_response 302
+    assert_equal "http://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+    get :cheeseburger
+    assert_response 301
+    assert_equal "https://test.host/force_ssl_flash/cheeseburger", redirect_to_url
+
+    get :use_flash
+    assert_equal "hello", assigns["flash_copy"]["that"]
+    assert_equal "hello", assigns["flashy"]
+  end
+
+end