From wikipedia:
Murphy's law is an adage that broadly states: "Anything that can go wrong will go wrong."
Today, we relaunched recomed. We planned to include SSL in the login page, contact importer, password reset, edit profile (anything with sensitive information basically).
Unfortunately, there seems to be a delay in our purchase of the SSL certificate (we purchased from rapidssl.com). So, we had to do without it.
Luckily, everything's refactored using filters in our controllers. Our controllers use the code:
class PasswordResetController < ApplicationController
requir_ssl :new, :create, :edit, :update
# ...
end
So I just temporarily added a module in recomed/security
module Recomed
module Security
def self.included( app )
app.filter_parameter_logging :password, :password_confirmation
app.protect_from_forgery
app.send :include, SslRequirement
app.extend StubberModule
end
module StubberModule
if ['production', 'development'].include?( RAILS_ENV )
def require_ssl(*args); end
def ssl_allowed(*args); end
end
end
end
end
The if condition makes sure that our integration tests won't fail (which of course test that those pages are in fact in SSL). Hopefully within this week RapidSSL delivers the certificate, then we'll just remove the Stubber module and the extend statement applying it.