Recomed Relaunch and Murphy's Law

recomed ruby stubbing ssl rapidssl


From wikipedia:

Murphy's law is an adage that broadly states: "Anything that can go wrong will go wrong."

Today, we relaunched recomed. We planned to include SSL in the login page, contact importer, password reset, edit profile (anything with sensitive information basically).

Unfortunately, there seems to be a delay in our purchase of the SSL certificate (we purchased from So, we had to do without it.

Luckily, everything's refactored using filters in our controllers. Our controllers use the code:

class PasswordResetController < ApplicationController
  requir_ssl :new, :create, :edit, :update
  # ...

So I just temporarily added a module in recomed/security

module Recomed
  module Security
    def self.included( app )
      app.filter_parameter_logging :password, :password_confirmation
      app.send :include, SslRequirement
      app.extend StubberModule
    module StubberModule
      if ['production', 'development'].include?( RAILS_ENV )
        def require_ssl(*args); end

        def ssl_allowed(*args); end

The if condition makes sure that our integration tests won't fail (which of course test that those pages are in fact in SSL). Hopefully within this week RapidSSL delivers the certificate, then we'll just remove the Stubber module and the extend statement applying it.

blog comments powered by Disqus