Remove enforce_ssl (#1804)

Removes the enforce_ssl configuration and the SSLProtection module. Please use the Rails build in config.force_ssl or your Webserver for that.
AlchemyCMS · May 4, 2020 · 9301a06 · 9301a06
1 parent 09f3041
commit 9301a06
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 62 deletions.
diff --git a/app/controllers/alchemy/admin/base_controller.rb b/app/controllers/alchemy/admin/base_controller.rb
@@ -6,7 +6,6 @@ class BaseController < Alchemy::BaseController
       include Userstamp
       include Locale
 
-      before_action { enforce_ssl if ssl_required? && !request.ssl? }
       before_action :load_locked_pages
 
       helper_method :clipboard_empty?, :trash_empty?, :get_clipboard, :is_admin?
@@ -113,7 +112,7 @@ def render_errors_or_redirect(object, redirect_url, flash_notice)
       #
       def do_redirect_to(url_or_path)
         respond_to do |format|
-          format.js   {
+          format.js {
             @redirect_url = url_or_path
             render :redirect
           }
@@ -142,11 +141,11 @@ def load_locked_pages
       #
       def current_alchemy_site
         @current_alchemy_site ||= begin
-          site_id = params[:site_id] || session[:alchemy_site_id]
-          site = Site.find_by(id: site_id) || super
-          session[:alchemy_site_id] = site&.id
-          site
-        end
+            site_id = params[:site_id] || session[:alchemy_site_id]
+            site = Site.find_by(id: site_id) || super
+            session[:alchemy_site_id] = site&.id
+            site
+          end
       end
     end
   end

diff --git a/app/controllers/alchemy/base_controller.rb b/app/controllers/alchemy/base_controller.rb
@@ -8,7 +8,6 @@ class BaseController < ApplicationController
     include Alchemy::AbilityHelper
     include Alchemy::ControllerActions
     include Alchemy::Modules
-    include Alchemy::SSLProtection
 
     protect_from_forgery
 
@@ -78,7 +77,7 @@ def redirect_or_render_notice
           end
           format.html do
             render partial: "alchemy/admin/partials/flash",
-              locals: {message: flash[:warning], flash_type: "warning"}
+              locals: { message: flash[:warning], flash_type: "warning" }
           end
         end
       else

diff --git a/config/alchemy/config.yml b/config/alchemy/config.yml
@@ -1,12 +1,6 @@
 # == This is the global Alchemy configuration file
 #
 
-# === Require SSL for login form and all admin modules
-#
-# NOTE: You have to create a SSL certificate on your server to make this work
-#
-require_ssl: false
-
 # === Auto Log Out Time
 #
 # The amount of time of inactivity in minutes after which the user is kicked out of his current session.

diff --git a/lib/alchemy/ssl_protection.rb b/lib/alchemy/ssl_protection.rb
diff --git a/lib/alchemy_cms.rb b/lib/alchemy_cms.rb
@@ -52,7 +52,6 @@ module Alchemy
 require_relative "alchemy/page_layout"
 require_relative "alchemy/paths"
 require_relative "alchemy/permissions"
-require_relative "alchemy/ssl_protection"
 require_relative "alchemy/resource"
 require_relative "alchemy/tinymce"
 require_relative "alchemy/taggable"

diff --git a/spec/features/security_spec.rb b/spec/features/security_spec.rb
@@ -9,18 +9,4 @@
       expect(current_path).to eq(Alchemy.login_path)
     end
   end
-
-  context "If ssl is enforced" do
-    before do
-      allow_any_instance_of(Alchemy::BaseController)
-        .to receive(:ssl_required?)
-        .and_return(true)
-      authorize_user(:as_admin)
-    end
-
-    it "redirects every request to https." do
-      visit "/admin/dashboard"
-      expect(current_url).to eq("https://127.0.0.1/admin/dashboard")
-    end
-  end
 end