Recomed Relaunch and Murphy's Law

recomed ruby stubbing ssl rapidssl

09|28|2009

From wikipedia:

Murphy's law is an adage that broadly states: "Anything that can go wrong will go wrong."

Today, we relaunched recomed. We planned to include SSL in the login page, contact importer, password reset, edit profile (anything with sensitive information basically).

Unfortunately, there seems to be a delay in our purchase of the SSL certificate (we purchased from rapidssl.com). So, we had to do without it.

Luckily, everything's refactored using filters in our controllers. Our controllers use the code:

class PasswordResetController < ApplicationController
  requir_ssl :new, :create, :edit, :update
 
  # ...
end

So I just temporarily added a module in recomed/security

module Recomed
  module Security
    def self.included( app )
      app.filter_parameter_logging :password, :password_confirmation
      app.protect_from_forgery
      app.send :include, SslRequirement
      app.extend StubberModule
    end
    
    module StubberModule
      if ['production', 'development'].include?( RAILS_ENV )
        def require_ssl(*args); end

        def ssl_allowed(*args); end
      end
    end
  end
end

The if condition makes sure that our integration tests won't fail (which of course test that those pages are in fact in SSL). Hopefully within this week RapidSSL delivers the certificate, then we'll just remove the Stubber module and the extend statement applying it.

blog comments powered by Disqus