Strip out ssl options from settings / codebase

ssl_required and ssl_allowed are historical relics of yore. In 2014 any ecommerce site should enforce SSL on all connections. This can either be set in rails, or handled at a web server/load balancer layer, and the logic does not need to leak into the spree engine. To handle in rails see: http:https://api.rubyonrails.org/classes/ActionController/ForceSSL/ClassMethods.html Conflicts: backend/app/controllers/spree/admin/general_settings_controller.rb
solidusio · Jun 1, 2015 · deadb8d · deadb8d
1 parent 3c52126
commit deadb8d
Show file tree

Hide file tree

Showing 15 changed files with 7 additions and 279 deletions.
diff --git a/api/app/controllers/spree/api/base_controller.rb b/api/app/controllers/spree/api/base_controller.rb
@@ -10,7 +10,6 @@ class BaseController < ActionController::Base
  respond_to :json
 
  include CanCan::ControllerAdditions
- include Spree::Core::ControllerHelpers::SSL
  include Spree::Core::ControllerHelpers::Store
  include Spree::Core::ControllerHelpers::StrongParameters
 
@@ -34,8 +33,6 @@ class BaseController < ActionController::Base
 
  helper Spree::Api::ApiHelpers
 
- ssl_allowed
-
  def map_nested_attributes_keys(klass, attributes)
  nested_keys = klass.nested_attributes_options.keys
  attributes.inject({}) do |h, (k,v)|

diff --git a/backend/app/controllers/spree/admin/base_controller.rb b/backend/app/controllers/spree/admin/base_controller.rb
@@ -1,8 +1,6 @@
 module Spree
  module Admin
  class BaseController < Spree::BaseController
- ssl_required
-
  helper 'spree/admin/navigation'
  helper 'spree/admin/tables'
  layout '/spree/layouts/admin'

diff --git a/backend/app/controllers/spree/admin/general_settings_controller.rb b/backend/app/controllers/spree/admin/general_settings_controller.rb
@@ -6,8 +6,6 @@ class GeneralSettingsController < Spree::Admin::BaseController
  before_action :set_store
 
  def edit
- @preferences_security = [:allow_ssl_in_production,
- :allow_ssl_in_staging, :allow_ssl_in_development_and_test]
  end
 
  def update

diff --git a/backend/app/views/spree/admin/general_settings/edit.html.erb b/backend/app/views/spree/admin/general_settings/edit.html.erb
@@ -49,17 +49,6 @@
 
  <div class="row">
  <div class="alpha six columns">
- <fieldset class="security no-border-bottom">
- <legend align="center"><%= Spree.t(:security_settings)%></legend>
- <% @preferences_security.each do |key|
- type = Spree::Config.preference_type(key) %>
- <div class="field">
- <%= label_tag(key, Spree.t(key)) + tag(:br) if type != :boolean %>
- <%= preference_field_tag(key, Spree::Config[key], :type => type) %>
- <%= label_tag(key, Spree.t(key)) + tag(:br) if type == :boolean %>
- </div>
- <% end %>
- </fieldset>
  <fieldset class="no-border-bottom">
  <legend align="center"><%= Spree.t(:clear_cache)%></legend>
  <div>

diff --git a/core/app/controllers/spree/base_controller.rb b/core/app/controllers/spree/base_controller.rb
@@ -4,7 +4,6 @@
 class Spree::BaseController < ApplicationController
  include Spree::Core::ControllerHelpers::Auth
  include Spree::Core::ControllerHelpers::RespondWith
- include Spree::Core::ControllerHelpers::SSL
  include Spree::Core::ControllerHelpers::Common
  include Spree::Core::ControllerHelpers::Search
  include Spree::Core::ControllerHelpers::Store
@@ -13,4 +12,4 @@ class Spree::BaseController < ApplicationController
  respond_to :html
 end
 
-require 'spree/i18n/initializer'
+require 'spree/i18n/initializer'
diff --git a/core/app/models/spree/app_configuration.rb b/core/app/models/spree/app_configuration.rb
@@ -28,9 +28,6 @@ class AppConfiguration < Preferences::Configuration
  preference :allow_checkout_on_gateway_error, :boolean, default: false
  preference :allow_guest_checkout, :boolean, default: true
  preference :allow_return_item_amount_editing, :boolean, default: false # Determines whether an admin is allowed to change a return item's pre-calculated amount
- preference :allow_ssl_in_development_and_test, :boolean, default: false
- preference :allow_ssl_in_production, :boolean, default: true
- preference :allow_ssl_in_staging, :boolean, default: true
  preference :alternative_billing_phone, :boolean, default: false # Request extra phone for bill addr
  preference :alternative_shipping_phone, :boolean, default: false # Request extra phone for ship addr
  preference :always_put_site_name_in_title, :boolean, default: true
@@ -52,7 +49,6 @@ class AppConfiguration < Preferences::Configuration
  preference :products_per_page, :integer, default: 12
  preference :promotions_per_page, :integer, default: 15
  preference :customer_returns_per_page, :integer, default: 15
- preference :redirect_https_to_http, :boolean, :default => false
  preference :require_master_price, :boolean, default: true
  preference :return_eligibility_number_of_days, :integer, default: 365
  preference :shipping_instructions, :boolean, default: false # Request instructions/info for shipping

diff --git a/core/config/locales/en.yml b/core/config/locales/en.yml
@@ -458,9 +458,6 @@ en:
  all_adjustments_opened: All adjustments successfully opened!
  all_departments: All departments
  all_items_have_been_returned: All items have been returned
- allow_ssl_in_development_and_test: Allow SSL to be used when in development and test modes
- allow_ssl_in_production: Allow SSL to be used in production mode
- allow_ssl_in_staging: Allow SSL to be used in staging mode
  already_signed_up_for_analytics: You have already signed up for Spree Analytics
  alt_text: Alternative Text
  alternative_phone: Alternative Phone

diff --git a/core/lib/spree/core.rb b/core/lib/spree/core.rb
@@ -89,7 +89,6 @@ class DestroyWithOrdersError < StandardError; end
 require 'spree/core/controller_helpers/order'
 require 'spree/core/controller_helpers/respond_with'
 require 'spree/core/controller_helpers/search'
-require 'spree/core/controller_helpers/ssl'
 require 'spree/core/controller_helpers/store'
 require 'spree/core/controller_helpers/strong_parameters'
 require 'spree/core/unreturned_item_charger'

diff --git a/core/lib/spree/core/controller_helpers/ssl.rb b/core/lib/spree/core/controller_helpers/ssl.rb
diff --git a/core/spec/lib/spree/core/controller_helpers/ssl_spec.rb b/core/spec/lib/spree/core/controller_helpers/ssl_spec.rb
diff --git a/frontend/app/controllers/spree/checkout_controller.rb b/frontend/app/controllers/spree/checkout_controller.rb
@@ -4,8 +4,6 @@ module Spree
  # checkout which has nothing to do with updating an order that this approach
  # is waranted.
  class CheckoutController < Spree::StoreController
- ssl_required
-
  before_filter :load_order
  around_filter :lock_order
  before_filter :ensure_valid_state_lock_version, only: [:update]

diff --git a/frontend/app/controllers/spree/orders_controller.rb b/frontend/app/controllers/spree/orders_controller.rb
@@ -1,7 +1,5 @@
 module Spree
  class OrdersController < Spree::StoreController
- ssl_required :show
-
  before_action :check_authorization
  rescue_from ActiveRecord::RecordNotFound, :with => :render_404
  helper 'spree/products', 'spree/orders'

diff --git a/frontend/spec/controllers/spree/products_controller_spec.rb b/frontend/spec/controllers/spree/products_controller_spec.rb
@@ -33,48 +33,4 @@
  expect { spree_get :show, :id => product.to_param }.not_to raise_error
  end
 
- # Regression tests for #2308 & Spree::Core::ControllerHelpers::SSL
- context "force_ssl enabled" do
- context "receive a SSL request" do
- before do
- request.env['HTTPS'] = 'on'
- end
-
- it "should not redirect to http" do
- expect(controller).not_to receive(:redirect_to)
- spree_get :index
- expect(request.protocol).to eql('https://')
- end
- end
- end
-
- context "redirect_https_to_http enabled" do
- before do
- reset_spree_preferences do |config|
- config.allow_ssl_in_development_and_test = true
- config.redirect_https_to_http = true
- end
- end
-
- context "receives a non SSL request" do
- it "should not redirect" do
- expect(controller).not_to receive(:redirect_to)
- spree_get :index
- expect(request.protocol).to eql('http:https://')
- end
- end
-
- context "receives a SSL request" do
- before do
- request.env['HTTPS'] = 'on'
- request.path = "/products?foo=bar"
- end
-
- it "should redirect to http" do
- spree_get :index
- expect(response).to redirect_to("http:https://#{request.host}/products?foo=bar")
- expect(response.status).to eq(301)
- end
- end
- end
 end
diff --git a/guides/content/developer/core/preferences.md b/guides/content/developer/core/preferences.md
@@ -335,18 +335,6 @@ Determines if an `InventoryUnit` can ship or not. Defaults to `false`.
 
 Continues the checkout process even if the payment gateway error failed. Defaults to `false`.
 
-`allow_ssl_in_development_and_test`
-
-Enables SSL support in development and test environments. Defaults to `false`.
-
-`allow_ssl_in_production`
-
-Enables SSL support in production environment. Defaults to `true`.
-
-`allow_ssl_in_staging`
-
-Enables SSL support in production environment. Defaults to `true`.
-
 `alternative_billing_phone`
 
 Determines if an alternative phone number should be present for the billing address on the checkout page. Defaults to `false`.