Enabling SSL in tests
You can turn SSL on in functional tests like this:
@request.env['HTTPS'] = 'on'
I have this turned on in my setup method and then override it for tests that don’t use SSL. To turn SSL off, use this:
@request.env['HTTPS'] = nil
Testing for SSL redirect
To test and see if you users will get redirected to SSL for particular actions, you can write a test like this. First, it turns off SSL. Then it makes a request to a method that should require SSL, and asserts that the request is redirected to the same URL, but using the https protocol.
1 2 3 4 5 6
def test_get_new_with_http_should_redirect_to_ssl @request.env['HTTPS'] = nil get :new assert_redirected_to "https://" + @request.host + @request.request_uri end
Implementing the code
Having done this, you probably have a bunch of failing tests. To make them pass, get the SslRequirement plugin (I’m actually using Doug Johnson’s fork that adds support for different SSL domains, like secure.example.com).
application.rb, and then in your secure controllers, add a line like this:
ssl_required :new, :create
Then run your tests.
Now the thing about this is that it is also going to try to send you to an HTTPS URL in development mode. Since most people don’t actually have SSL set up on their development environment, it makes sense to disable this in development.
ssl_required :new, :create if RAILS_ENV 'production' || RAILS_ENV ‘test’
Or for you fancy-pants Rails 2.1 types:
ssl_required :new, :create if Rails.env.production? || Rails.env.test?
(Yeah, you could also use
unless Rails.env.development?, but I actually have a couple other environments configured that I do not want to enable SSL for.)
Photo by Darwin Bell.