Em 26-05-2011 09:50, Christian Johansen escreveu:
This is about code intention. What is the intention about the code
below?
def ssl_required?
return false if !GitoriousConfig["use_ssl"] # readable, easy
to understand the intention
return true if request.ssl? # very easy too
!request.session_options[:expire_after].nil? && logged_in? #
Completely unclear to me what is the intention for this
end
When I understand what is this code intention I can come with some
suggestion.
I like your approach :) Gitorious should enforce SSL if:
* use_ssl in gitorious.yml is true
* the user is already on SSL
Actually, although readable, this one doesn't make any sense to me too.
If the request is already secure why does it matter to check for
ssl_required?
As far as I understand, the ssl_requirement plugin will use this method
only for redirecting to HTTPS when ssl_required? is true.
As you don't want the cookies to be transferred with plain HTTP, you are
checking if user is logged in. It makes sense, but a comment in the code
would make this intention clearer.
But I would write ssl_required? as:
def ssl_required?
return false if !GitoriousConfig["use_ssl"]
logged_in? # we don't want cookies to be sent over HTTP
end
But then, I think that when you mark a cookie as secure, it will only be
sent over HTTPS connections, right? So this would lead to the simplest:
def ssl_required?
GitoriousConfig["use_ssl"]
end
What am I missing?
* user is logged in
* session is in use
So !request.session_options[:expire_after].nil? is our "session is in
use" flag. Suggestions?
--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com
