From 626a02083291d3ab135b9dee78fd15b2aaa6e3e4 Mon Sep 17 00:00:00 2001 From: Franze Jr Date: Wed, 4 May 2016 22:14:42 -0300 Subject: [PATCH] Keep some conventions on the code --- Rakefile | 2 +- lib/rack/ssl.rb | 85 +++++++++++++-------------- rack-ssl.gemspec | 10 ++-- test/test_ssl.rb | 150 +++++++++++++++++++++++------------------------ 4 files changed, 123 insertions(+), 124 deletions(-) diff --git a/Rakefile b/Rakefile index 073b989..dec50fe 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,6 @@ require 'rake/testtask' -task :default => :test +task default: :test Rake::TestTask.new do |t| t.warning = true diff --git a/lib/rack/ssl.rb b/lib/rack/ssl.rb index 7606ba5..1cbf34f 100644 --- a/lib/rack/ssl.rb +++ b/lib/rack/ssl.rb @@ -3,10 +3,10 @@ module Rack class SSL - YEAR = 31536000 + YEAR = 31_536_000 def self.default_hsts_options - { :expires => YEAR, :subdomains => false } + { expires: YEAR, subdomains: false } end def initialize(app, options = {}) @@ -34,56 +34,55 @@ def call(env) end private - # Fixed in rack >= 1.3 - def scheme(env) - if env['HTTPS'] == 'on' - 'https' - elsif env['HTTP_X_FORWARDED_PROTO'] - env['HTTP_X_FORWARDED_PROTO'].split(',')[0] - else - env['rack.url_scheme'] - end + + # Fixed in rack >= 1.3 + def scheme(env) + if env['HTTPS'] == 'on' + 'https' + elsif env['HTTP_X_FORWARDED_PROTO'] + env['HTTP_X_FORWARDED_PROTO'].split(',')[0] + else + env['rack.url_scheme'] end + end - def redirect_to_https(env) - req = Request.new(env) + def redirect_to_https(env) + req = Request.new(env) - host = @host || req.host - location = "https://#{host}#{req.fullpath}" + host = @host || req.host + location = "https://#{host}#{req.fullpath}" - status = %w[GET HEAD].include?(req.request_method) ? 301 : 307 - headers = { 'Content-Type' => 'text/html', 'Location' => location } + status = %w(GET HEAD).include?(req.request_method) ? 301 : 307 + headers = { 'Content-Type' => 'text/html', 'Location' => location } - [status, headers, []] - end + [status, headers, []] + end - # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 - def hsts_headers - if @hsts - value = "max-age=#{@hsts[:expires]}" - value += "; includeSubDomains" if @hsts[:subdomains] - { 'Strict-Transport-Security' => value } - else - {} - end + # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 + def hsts_headers + if @hsts + value = "max-age=#{@hsts[:expires]}" + value += '; includeSubDomains' if @hsts[:subdomains] + { 'Strict-Transport-Security' => value } + else + {} end + end - def flag_cookies_as_secure!(headers) - if cookies = headers['Set-Cookie'] - # Rack 1.1's set_cookie_header! will sometimes wrap - # Set-Cookie in an array - unless cookies.respond_to?(:to_ary) - cookies = cookies.split("\n") - end + def flag_cookies_as_secure!(headers) + if cookies = headers['Set-Cookie'] + # Rack 1.1's set_cookie_header! will sometimes wrap + # Set-Cookie in an array + cookies = cookies.split("\n") unless cookies.respond_to?(:to_ary) - headers['Set-Cookie'] = cookies.map { |cookie| - if cookie !~ /; secure(;|$)/ - "#{cookie}; secure" - else - cookie - end - }.join("\n") - end + headers['Set-Cookie'] = cookies.map do |cookie| + if cookie !~ /; secure(;|$)/ + "#{cookie}; secure" + else + cookie + end + end.join("\n") end + end end end diff --git a/rack-ssl.gemspec b/rack-ssl.gemspec index 8c33225..5156b2a 100644 --- a/rack-ssl.gemspec +++ b/rack-ssl.gemspec @@ -3,9 +3,9 @@ Gem::Specification.new do |s| s.version = '1.4.1' s.date = '2014-03-23' - s.homepage = "https://github.com/josh/rack-ssl" - s.summary = "Force SSL/TLS in your app." - s.license = "MIT" + s.homepage = 'https://github.com/josh/rack-ssl' + s.summary = 'Force SSL/TLS in your app.' + s.license = 'MIT' s.description = <<-EOS Rack middleware to force SSL/TLS. EOS @@ -18,7 +18,7 @@ Gem::Specification.new do |s| s.add_dependency 'rack' - s.authors = ["Joshua Peek"] - s.email = "josh@joshpeek.com" + s.authors = ['Joshua Peek'] + s.email = 'josh@joshpeek.com' s.rubyforge_project = 'rack-ssl' end diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 5842907..7cf4487 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -7,11 +7,11 @@ class TestSSL < Test::Unit::TestCase include Rack::Test::Methods def default_app - lambda { |env| - headers = {'Content-Type' => "text/html"} + lambda do |_env| + headers = { 'Content-Type' => 'text/html' } headers['Set-Cookie'] = "id=1; path=/\ntoken=abc; path=/; secure; HttpOnly" - [200, headers, ["OK"]] - } + [200, headers, ['OK']] + end end def app @@ -20,168 +20,168 @@ def app attr_writer :app def test_allows_https_url - get "https://example.org/path?key=value" + get 'https://example.org/path?key=value' assert last_response.ok? end def test_allows_https_proxy_header_url - get "http://example.org/", {}, 'HTTP_X_FORWARDED_PROTO' => "https" + get 'http://example.org/', {}, 'HTTP_X_FORWARDED_PROTO' => 'https' assert last_response.ok? end def test_redirects_http_to_https - get "http://example.org/path?key=value" + get 'http://example.org/path?key=value' assert last_response.redirect? - assert_equal "https://example.org/path?key=value", - last_response.headers['Location'] + assert_equal 'https://example.org/path?key=value', + last_response.headers['Location'] end def test_exclude_from_redirect - self.app = Rack::SSL.new(default_app, :exclude => lambda { |env| true }) - get "http://example.org/" + self.app = Rack::SSL.new(default_app, exclude: ->(_env) { true }) + get 'http://example.org/' assert last_response.ok? end def test_hsts_header_by_default - get "https://example.org/" - assert_equal "max-age=31536000", - last_response.headers['Strict-Transport-Security'] + get 'https://example.org/' + assert_equal 'max-age=31536000', + last_response.headers['Strict-Transport-Security'] end def test_no_hsts_with_insecure_connection - get "http://example.org/" + get 'http://example.org/' assert !last_response.headers['Strict-Transport-Security'] end def test_hsts_header - self.app = Rack::SSL.new(default_app, :hsts => true) - get "https://example.org/" - assert_equal "max-age=31536000", - last_response.headers['Strict-Transport-Security'] + self.app = Rack::SSL.new(default_app, hsts: true) + get 'https://example.org/' + assert_equal 'max-age=31536000', + last_response.headers['Strict-Transport-Security'] end def test_disable_hsts_header - self.app = Rack::SSL.new(default_app, :hsts => false) - get "https://example.org/" + self.app = Rack::SSL.new(default_app, hsts: false) + get 'https://example.org/' assert !last_response.headers['Strict-Transport-Security'] end def test_hsts_expires - self.app = Rack::SSL.new(default_app, :hsts => { :expires => 500 }) - get "https://example.org/" - assert_equal "max-age=500", - last_response.headers['Strict-Transport-Security'] + self.app = Rack::SSL.new(default_app, hsts: { expires: 500 }) + get 'https://example.org/' + assert_equal 'max-age=500', + last_response.headers['Strict-Transport-Security'] end def test_hsts_include_subdomains - self.app = Rack::SSL.new(default_app, :hsts => { :subdomains => true }) - get "https://example.org/" - assert_equal "max-age=31536000; includeSubDomains", - last_response.headers['Strict-Transport-Security'] + self.app = Rack::SSL.new(default_app, hsts: { subdomains: true }) + get 'https://example.org/' + assert_equal 'max-age=31536000; includeSubDomains', + last_response.headers['Strict-Transport-Security'] end def test_flag_cookies_as_secure - get "https://example.org/" - assert_equal ["id=1; path=/; secure", "token=abc; path=/; secure; HttpOnly" ], - last_response.headers['Set-Cookie'].split("\n") + get 'https://example.org/' + assert_equal ['id=1; path=/; secure', 'token=abc; path=/; secure; HttpOnly'], + last_response.headers['Set-Cookie'].split("\n") end def test_flag_cookies_as_secure_at_end_of_line - self.app = Rack::SSL.new(lambda { |env| + self.app = Rack::SSL.new(lambda do |_env| headers = { - 'Content-Type' => "text/html", - 'Set-Cookie' => "problem=def; path=/; HttpOnly; secure" + 'Content-Type' => 'text/html', + 'Set-Cookie' => 'problem=def; path=/; HttpOnly; secure' } - [200, headers, ["OK"]] - }) + [200, headers, ['OK']] + end) - get "https://example.org/" - assert_equal ["problem=def; path=/; HttpOnly; secure"], - last_response.headers['Set-Cookie'].split("\n") + get 'https://example.org/' + assert_equal ['problem=def; path=/; HttpOnly; secure'], + last_response.headers['Set-Cookie'].split("\n") end def test_legacy_array_headers - self.app = Rack::SSL.new(lambda { |env| + self.app = Rack::SSL.new(lambda do |_env| headers = { - 'Content-Type' => "text/html", - 'Set-Cookie' => ["id=1; path=/", "token=abc; path=/; HttpOnly"] + 'Content-Type' => 'text/html', + 'Set-Cookie' => ['id=1; path=/', 'token=abc; path=/; HttpOnly'] } - [200, headers, ["OK"]] - }) + [200, headers, ['OK']] + end) - get "https://example.org/" - assert_equal ["id=1; path=/; secure", "token=abc; path=/; HttpOnly; secure"], - last_response.headers['Set-Cookie'].split("\n") + get 'https://example.org/' + assert_equal ['id=1; path=/; secure', 'token=abc; path=/; HttpOnly; secure'], + last_response.headers['Set-Cookie'].split("\n") end def test_no_cookies - self.app = Rack::SSL.new(lambda { |env| - [200, {'Content-Type' => "text/html"}, ["OK"]] - }) - get "https://example.org/" + self.app = Rack::SSL.new(lambda do |_env| + [200, { 'Content-Type' => 'text/html' }, ['OK']] + end) + get 'https://example.org/' assert !last_response.headers['Set-Cookie'] end def test_redirect_to_host - self.app = Rack::SSL.new(default_app, :host => "ssl.example.org") - get "http://example.org/path?key=value" - assert_equal "https://ssl.example.org/path?key=value", - last_response.headers['Location'] + self.app = Rack::SSL.new(default_app, host: 'ssl.example.org') + get 'http://example.org/path?key=value' + assert_equal 'https://ssl.example.org/path?key=value', + last_response.headers['Location'] end def test_redirect_to_host_port - self.app = Rack::SSL.new(default_app, :host => "ssl.example.org:443") - get "http://example.org/path?key=value" - assert_equal "https://ssl.example.org:443/path?key=value", - last_response.headers['Location'] + self.app = Rack::SSL.new(default_app, host: 'ssl.example.org:443') + get 'http://example.org/path?key=value' + assert_equal 'https://ssl.example.org:443/path?key=value', + last_response.headers['Location'] end def test_redirect_to_secure_host_when_on_subdomain - self.app = Rack::SSL.new(default_app, :host => "ssl.example.org") - get "http://ssl.example.org/path?key=value" - assert_equal "https://ssl.example.org/path?key=value", - last_response.headers['Location'] + self.app = Rack::SSL.new(default_app, host: 'ssl.example.org') + get 'http://ssl.example.org/path?key=value' + assert_equal 'https://ssl.example.org/path?key=value', + last_response.headers['Location'] end def test_redirect_to_secure_subdomain_when_on_deep_subdomain - self.app = Rack::SSL.new(default_app, :host => "example.co.uk") - get "http://double.rainbow.what.does.it.mean.example.co.uk/path?key=value" - assert_equal "https://example.co.uk/path?key=value", - last_response.headers['Location'] + self.app = Rack::SSL.new(default_app, host: 'example.co.uk') + get 'http://double.rainbow.what.does.it.mean.example.co.uk/path?key=value' + assert_equal 'https://example.co.uk/path?key=value', + last_response.headers['Location'] end def test_status_get - get "http://example.org/" + get 'http://example.org/' assert_equal 301, last_response.status end def test_status_head - head "http://example.org/" + head 'http://example.org/' assert_equal 301, last_response.status end def test_status_options - options "http://example.org/" + options 'http://example.org/' assert_equal 307, last_response.status end def test_status_post - post "http://example.org/" + post 'http://example.org/' assert_equal 307, last_response.status end def test_status_put - put "http://example.org/" + put 'http://example.org/' assert_equal 307, last_response.status end def test_status_delete - delete "http://example.org/" + delete 'http://example.org/' assert_equal 307, last_response.status end def test_status_patch - patch "http://example.org/" + patch 'http://example.org/' assert_equal 307, last_response.status end end