Skip to content

Commit

Permalink
Remove enforce_ssl (AlchemyCMS#1804)
Browse files Browse the repository at this point in the history
Removes the enforce_ssl configuration and the SSLProtection module.

Please use the Rails build in config.force_ssl or your Webserver
for that.
  • Loading branch information
tvdeyen authored May 4, 2020
1 parent 09f3041 commit 9301a06
Show file tree
Hide file tree
Showing 6 changed files with 7 additions and 62 deletions.
13 changes: 6 additions & 7 deletions app/controllers/alchemy/admin/base_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ class BaseController < Alchemy::BaseController
include Userstamp
include Locale

before_action { enforce_ssl if ssl_required? && !request.ssl? }
before_action :load_locked_pages

helper_method :clipboard_empty?, :trash_empty?, :get_clipboard, :is_admin?
Expand Down Expand Up @@ -113,7 +112,7 @@ def render_errors_or_redirect(object, redirect_url, flash_notice)
#
def do_redirect_to(url_or_path)
respond_to do |format|
format.js {
format.js {
@redirect_url = url_or_path
render :redirect
}
Expand Down Expand Up @@ -142,11 +141,11 @@ def load_locked_pages
#
def current_alchemy_site
@current_alchemy_site ||= begin
site_id = params[:site_id] || session[:alchemy_site_id]
site = Site.find_by(id: site_id) || super
session[:alchemy_site_id] = site&.id
site
end
site_id = params[:site_id] || session[:alchemy_site_id]
site = Site.find_by(id: site_id) || super
session[:alchemy_site_id] = site&.id
site
end
end
end
end
Expand Down
3 changes: 1 addition & 2 deletions app/controllers/alchemy/base_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ class BaseController < ApplicationController
include Alchemy::AbilityHelper
include Alchemy::ControllerActions
include Alchemy::Modules
include Alchemy::SSLProtection

protect_from_forgery

Expand Down Expand Up @@ -78,7 +77,7 @@ def redirect_or_render_notice
end
format.html do
render partial: "alchemy/admin/partials/flash",
locals: {message: flash[:warning], flash_type: "warning"}
locals: { message: flash[:warning], flash_type: "warning" }
end
end
else
Expand Down
6 changes: 0 additions & 6 deletions config/alchemy/config.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
# == This is the global Alchemy configuration file
#

# === Require SSL for login form and all admin modules
#
# NOTE: You have to create a SSL certificate on your server to make this work
#
require_ssl: false

# === Auto Log Out Time
#
# The amount of time of inactivity in minutes after which the user is kicked out of his current session.
Expand Down
32 changes: 0 additions & 32 deletions lib/alchemy/ssl_protection.rb

This file was deleted.

1 change: 0 additions & 1 deletion lib/alchemy_cms.rb
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ module Alchemy
require_relative "alchemy/page_layout"
require_relative "alchemy/paths"
require_relative "alchemy/permissions"
require_relative "alchemy/ssl_protection"
require_relative "alchemy/resource"
require_relative "alchemy/tinymce"
require_relative "alchemy/taggable"
Expand Down
14 changes: 0 additions & 14 deletions spec/features/security_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,4 @@
expect(current_path).to eq(Alchemy.login_path)
end
end

context "If ssl is enforced" do
before do
allow_any_instance_of(Alchemy::BaseController)
.to receive(:ssl_required?)
.and_return(true)
authorize_user(:as_admin)
end

it "redirects every request to https." do
visit "/admin/dashboard"
expect(current_url).to eq("https://127.0.0.1/admin/dashboard")
end
end
end

0 comments on commit 9301a06

Please sign in to comment.