From a10130a929ae1b1cb34ede280a2797475b0b51d3 Mon Sep 17 00:00:00 2001
From: Mike Foley <mike@polleverywhere.com>
Date: Thu, 6 Mar 2014 17:45:14 -0800
Subject: [PATCH] Add :all option to ssl_required

---
 README.md                    |  4 +--
 lib/ssl_requirement.rb       |  2 +-
 test/ssl_requirement_test.rb | 63 ++++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index f0b781b..e72fad5 100644
--- a/README.md
+++ b/README.md
@@ -46,11 +46,11 @@ If a majority (or all) of your actions require SSL, then use `ssl_exceptions` in
 You can list out the actions that you do NOT want to be SSL protected. Calling `ssl_exceptions` without
 any actions listed will make ALL actions SSL protected.
 
-To allow SSL for any action `use ssl_allowed` and pass in `:all`
+To allow or require SSL for all actions, pass `:all` to their respective methods.
 
 Example:
 
-   # This will enable SSL for any action in your application.
+   # This will enable SSL for all actions in your application.
    class ApplicationController < ActionController::Base
       include ::SslRequirement
 
diff --git a/lib/ssl_requirement.rb b/lib/ssl_requirement.rb
index aaa08e8..c35b034 100644
--- a/lib/ssl_requirement.rb
+++ b/lib/ssl_requirement.rb
@@ -101,7 +101,7 @@ def ssl_required?
     except  = self.class.ssl_required_except_actions
 
     unless except
-      required.include?(action_name.to_sym)
+      required == [:all] || required.include?(action_name.to_sym)
     else
       !except.include?(action_name.to_sym)
     end
diff --git a/test/ssl_requirement_test.rb b/test/ssl_requirement_test.rb
index 9a3c6be..bc5e0ce 100644
--- a/test/ssl_requirement_test.rb
+++ b/test/ssl_requirement_test.rb
@@ -120,6 +120,29 @@ class SslAllowAllAndRequireController < SslAllowAllActionsController
   ssl_required :a, :b
 end
 
+class SslRequireAllActionsController < ActionController::Base
+  include SslRequirement
+  include ROUTES.url_helpers
+
+  ssl_required :all
+
+  def a
+    render :nothing => true
+  end
+
+  def b
+    render :nothing => true
+  end
+
+  def self._routes
+    ROUTES
+  end
+end
+
+class SslRequireAllActionsWithExceptionController < SslRequireAllActionsController
+  ssl_exceptions :b
+end
+
 # NOTE: The only way I could get the flash tests to work under Rails 2.3.2
 #       (without resorting to IntegrationTest with some artificial session
 #       store) was to use TestCase. In TestCases, it appears that flash
@@ -438,4 +461,44 @@ def test_required_without_ssl_and_allowed_all
     assert_match %r{^https://}, @response.headers['Location']
   end
 
+  # test requiring ssl on any action by the :all symbol
+  def test_require_all
+    @controller = SslRequireAllActionsController.new
+
+    assert_not_equal "on", @request.env["HTTPS"]
+
+    get :a
+    assert_response :redirect
+
+    get :b
+    assert_response :redirect
+
+    @request.env["HTTPS"] = "on"
+
+    get :a
+    assert_response :success
+
+    get :b
+    assert_response :success
+  end
+
+  def test_require_all_with_exceptions
+    @controller = SslRequireAllActionsWithExceptionController.new
+
+    assert_not_equal "on", @request.env["HTTPS"]
+
+    get :a
+    assert_response :redirect
+
+    get :b
+    assert_response :success
+
+    @request.env["HTTPS"] = "on"
+
+    get :a
+    assert_response :success
+
+    get :b
+    assert_response :redirect
+  end
 end