✨ [#1473] Space: redirect Visitors to https if Space Enforces SSL (…

…#1504) redirect http URIs to https Co-authored-by: Zee Spencer <zspencer@users.noreply.github.com> Co-authored-by: Ana <anaulin@users.noreply.github.com> Co-authored-by: Dalton Pruitt <daltonrpruitt@users.noreply.github.com>
zinc-collective · May 25, 2023 · 8509a46 · 8509a46
1 parent 66b9fbf
commit 8509a46
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -3,6 +3,7 @@
 # Default controller for new resources; ensures requests fulfill authentication
 # and authorization requirements, as well as exposes common helper methods.
 class ApplicationController < ActionController::Base
+  before_action :enforce_ssl
   before_action :ensure_on_byo_domain
 
   include Pundit::Authorization
@@ -83,6 +84,17 @@ def ensure_on_byo_domain
     end
   end
 
+  def enforce_ssl
+    return if current_space.blank?
+    if request.get? && !request.ssl? && current_space.enforce_ssl.present?
+      Rails.logger.debug { "Request Host: #{request.host}" }
+      redirect_url = URI.parse(request.url)
+      redirect_url.scheme = "https"
+      Rails.logger.debug { "Redirecting from #{request.url}" }
+      redirect_to redirect_url.to_s
+    end
+  end
+
   private
 
   OPERATOR_TOKEN = ENV["OPERATOR_API_KEY"]

diff --git a/spec/requests/spaces_controller_request_spec.rb b/spec/requests/spaces_controller_request_spec.rb
@@ -87,6 +87,14 @@
         specify { perform_request && assert_select("##{dom_id(space)}") }
       end
     end
+
+    context "when a request is http" do
+      let(:space) { create(:space, enforce_ssl: true) }
+
+      it "redirect to https" do
+        expect(perform_request).to redirect_to polymorphic_url(space, protocol: "https")
+      end
+    end
   end
 
   describe "#destroy" do