Merge pull request #102 from mamhoff/remove-ssl-requirement

Remove require_ssl from User Sessions Controller for Alchemy 5+
AlchemyCMS · May 27, 2020 · 4a5736c · 4a5736c
2 parents 74b80d1 + ec9a39d
commit 4a5736c
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 45 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,5 +1,5 @@
 language: ruby
-dist: trusty
+dist: bionic
 sudo: false
 cache:
   bundler: true

diff --git a/app/controllers/alchemy/admin/passwords_controller.rb b/app/controllers/alchemy/admin/passwords_controller.rb
@@ -3,11 +3,13 @@ module Admin
     class PasswordsController < ::Devise::PasswordsController
       include Alchemy::Admin::Locale
 
-      before_action { enforce_ssl if ssl_required? && !request.ssl? }
+      if Alchemy.gem_version <= Gem::Version.new("4.9")
+        before_action { enforce_ssl if ssl_required? && !request.ssl? }
+      end
 
-      helper 'Alchemy::Admin::Base'
+      helper "Alchemy::Admin::Base"
 
-      layout 'alchemy/admin'
+      layout "alchemy/admin"
 
       private
 
@@ -16,7 +18,7 @@ def new_session_path(resource_name)
         alchemy.admin_login_path
       end
 
-      def admin_edit_password_url(resource, options={})
+      def admin_edit_password_url(_resource, options = {})
         alchemy.admin_edit_password_url(options)
       end
 
@@ -27,7 +29,6 @@ def after_resetting_password_path_for(resource)
           alchemy.root_path
         end
       end
-
     end
   end
 end
diff --git a/app/controllers/alchemy/admin/user_sessions_controller.rb b/app/controllers/alchemy/admin/user_sessions_controller.rb
@@ -1,19 +1,24 @@
+# frozen_string_literal: true
+
+require_dependency "alchemy/version"
+
 module Alchemy
   module Admin
     class UserSessionsController < ::Devise::SessionsController
       include Alchemy::Admin::Locale
 
       protect_from_forgery prepend: true
 
-      before_action except: 'destroy' do
-        enforce_ssl if ssl_required? && !request.ssl?
+      if Alchemy.gem_version <= Gem::Version.new("4.9")
+        before_action except: "destroy" do
+          enforce_ssl if ssl_required? && !request.ssl?
+        end
       end
-
       before_action :check_user_count, :only => :new
 
-      helper 'Alchemy::Admin::Base'
+      helper "Alchemy::Admin::Base"
 
-      layout 'alchemy/admin'
+      layout "alchemy/admin"
 
       def create
         authenticate_user!
@@ -23,10 +28,10 @@ def create
             redirect_path = admin_dashboard_path
           else
             # We have to strip double slashes from beginning of path, because of strange rails/rack bug.
-            redirect_path = session[:redirect_path].gsub(/\A\/{2,}/, '/')
+            redirect_path = session[:redirect_path].gsub(/\A\/{2,}/, "/")
           end
           redirect_to redirect_path,
-            notice: t(:signed_in, scope: 'devise.sessions')
+            notice: t(:signed_in, scope: "devise.sessions")
         else
           super
         end

diff --git a/spec/controllers/admin/user_sessions_controller_spec.rb b/spec/controllers/admin/user_sessions_controller_spec.rb
@@ -1,4 +1,6 @@
-require 'rails_helper'
+# frozen_string_literal: true
+
+require "rails_helper"
 
 describe Alchemy::Admin::UserSessionsController do
   routes { Alchemy::Engine.routes }
@@ -7,56 +9,58 @@
     @request.env["devise.mapping"] = Devise.mappings[:user]
   end
 
-  context 'without users present' do
-    describe '#new' do
+  context "without users present" do
+    describe "#new" do
       it "redirects to signup form" do
         get :new
         is_expected.to redirect_to(admin_signup_path)
       end
 
-      context 'with ssl enforced' do
-        before do
-          allow(controller).to receive(:ssl_required?).and_return(true)
-        end
+      if Alchemy.gem_version <= Gem::Version.new("4.9")
+        context "with ssl enforced" do
+          before do
+            allow(controller).to receive(:ssl_required?).and_return(true)
+          end
 
-        it 'redirects to https' do
-          get :new
-          is_expected.to redirect_to(
-            admin_login_url(protocol: 'https', host: "test.host")
-          )
+          it "redirects to https" do
+            get :new
+            is_expected.to redirect_to(
+              admin_login_url(protocol: "https", host: "test.host"),
+            )
+          end
         end
       end
     end
   end
 
-  context 'with users present' do
+  context "with users present" do
     let(:user) { create(:alchemy_admin_user) }
 
-    describe '#create' do
-      context 'with valid user' do
-        let(:screen_size) {'1200x800'}
-        let(:user_params) { {login: user.login, password: 's3cr3t'} }
+    describe "#create" do
+      context "with valid user" do
+        let(:screen_size) { "1200x800" }
+        let(:user_params) { { login: user.login, password: "s3cr3t" } }
 
         before { user }
 
-        context 'without redirect path in session' do
+        context "without redirect path in session" do
           it "redirects to dashboard" do
-            post :create, params: {user: user_params}
+            post :create, params: { user: user_params }
             expect(response).to redirect_to(admin_dashboard_path)
           end
         end
 
-        context 'with redirect path in session' do
+        context "with redirect path in session" do
           it "redirects to these params" do
             session[:redirect_path] = admin_users_path
-            post :create, params: {user: user_params}
+            post :create, params: { user: user_params }
             expect(response).to redirect_to(admin_users_path)
           end
         end
 
-        context 'without valid params' do
+        context "without valid params" do
           it "renders login form" do
-            post :create, params: {user: {login: ''}}
+            post :create, params: { user: { login: "" } }
             is_expected.to render_template(:new)
           end
         end
@@ -66,9 +70,8 @@
     describe "#destroy" do
       before do
         allow(controller).to receive(:store_user_request_time)
-        allow(controller)
-          .to receive(:all_signed_out?)
-          .and_return(false)
+        allow(controller).to receive(:all_signed_out?)
+                               .and_return(false)
         authorize_user(user)
       end
 
@@ -77,10 +80,10 @@
         delete :destroy
       end
 
-      context 'comming from admin area' do
+      context "comming from admin area" do
         before do
           allow_any_instance_of(ActionController::TestRequest).to receive(:referer) do
-            '/admin_users'
+            "/admin_users"
           end
         end
 
@@ -90,7 +93,7 @@
         end
       end
 
-      context 'no referer present' do
+      context "no referer present" do
         before do
           allow_any_instance_of(ActionController::TestRequest).to receive(:referer) do
             nil
@@ -103,16 +106,16 @@
         end
       end
 
-      context 'referer not from admin area' do
+      context "referer not from admin area" do
         before do
           allow_any_instance_of(ActionController::TestRequest).to receive(:referer) do
-            '/imprint'
+            "/imprint"
           end
         end
 
         it "redirects to root" do
           delete :destroy
-          is_expected.to redirect_to('/imprint')
+          is_expected.to redirect_to("/imprint")
         end
       end
     end