Em 26-05-2011 09:06, Christian Johansen escreveu:
I don't know yet why the SSL enforcing tests are failing yet. I
was focused on getting the basic database authentication working.
Now, I'm going to add support for OpenID and Basic HTTP Auth and
then I'll take a look back at the SSL tests.
Ok, here's why: The ssl_required? filter in application_controller.rb
checks if the session is active. It does that by looking at
request.session_options[:expire_after]. I suspect that Device does not
use these options at all, so whatever Device uses for sessions needs
to be plugged into that method. Any ideas for a good replacement?
This is about code intention. What is the intention about the code below?
def ssl_required?
return false if !GitoriousConfig["use_ssl"] # readable, easy to
understand the intention
return true if request.ssl? # very easy too
!request.session_options[:expire_after].nil? && logged_in? #
Completely unclear to me what is the intention for this
end
When I understand what is this code intention I can come with some
suggestion.
--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com