人们如何测试rails 3.1 + force_ssl？

Question

The force_ssl function in rails 3.1 is hardcoded to ignore the development environment, but not test. This is giving me redirect errors in my (minitest) tests. Is the solution to set up my test server to support ssl (if so, how?). If not, should I monkey patch force_ssl to ignore requests in test?

 def force_ssl(options = {})
        host = options.delete(:host)
        before_filter(options) do
          if !request.ssl? && !Rails.env.development?
            redirect_options = {:protocol => 'https://', :status => :moved_permanently}
            redirect_options.merge!(:host => host) if host
            flash.keep
            redirect_to redirect_options
          end
        end
  end

EDIT Found this chain, which confirms other people think this an issue, but doesn't look like there's a committed fix yet: https://github.com/rails/rails/pull/2630

Answer 1

Another option instead of monkey patching the entire application is to just override force_ssl in your test suite alone. For example, in test/test_helper.rb you can add this:

# We don't want SSL redirects in our test suite
module ActionController::ForceSSL::ClassMethods
  def force_ssl(options = {})
    # noop
  end
end

Answer 2

Here's another approach, if you don't want to mess with monkey-patching... you can use a before filter. This is rspec, not minitest syntax, but you get the idea:

before(:each) do
  request.env["rack.url_scheme"] = "https"
end

This convinces your controller that it got an SSL request.

A benefit of taking this approach is that you can actually write a test to ensure your controller requires SSL. :)

Answer 3

If you are interested in testing with varying SSL, I did this on the setup of the functional test.

def setup
  @request.env['HTTPS'] = 'on'
end

Answer 4

That's what I ended up doing after recently upgrading to Rails 3.1 and switching to the force_ssl filter. Monkey patch to the rescue!

In a new file at config/initializers/ignore_force_ssl_in_test.rb

module ActionController
  module ForceSSL
    module ClassMethods
      def force_ssl(options = {})
        before_filter(options) do
          if !request.ssl? && !Rails.env.development? && !Rails.env.test?
            redirect_to :protocol => 'https://', :status => :moved_permanently
          end
        end
      end
    end
  end
end

Answer 5

What worked for me is similar to Kelly Sutton's . I monkey patches force_ssl to ignore ssl requests in test environment, otherwise use the original rails implementation:

module ActionController
  module ForceSSL
    module ClassMethods
      alias_method :original_force_ssl, :force_ssl

      def force_ssl(options = {})
        unless Rails.env.test?
          original_force_ssl(options)
        end
      end
    end
  end
end

Answer 6

This approach of Simon Carletti's works nicely: http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/

# config/application.rb
module MyApp
  class Application < Rails::Application
    config.force_ssl = true
  end
end

# config/environments/test.rb
MyApp::Application.configure do
  config.force_ssl = false
end

Answer 7

If you are looking for an answer in 2013. You can simply do:

force_ssl if: :ssl_configured?

  def ssl_configured?
    !Rails.env.test?
  end

Source: http://edgeapi.rubyonrails.org/classes/ActionController/ForceSSL/ClassMethods.html

Answer 8

force_ssl unless Rails.env.test?

Answer 9

You can make test calls to app using ssl!

• use full uri with protocol https://eample.org/my/route/here in get 'https://eample.org/my/route/here'

• or use https!(true) and https!(false) to dynamically change behavior in INTEGRATION TEST

   https!(true) get "/users" https!(false) 

For CONTROLLER you do not have to use SSL, because (I think) they directly call action as method, without routing and other transfer stuff.

Answer 10

Rails docs recommend using if: ssl_configured? with the force_ssl call. You can then do:

   def ssl_configured?
    !Rails.env.development? && !Rails.env.test?
   end

Without having to monkey patch as official answer indicates.