Implemented detach_on_redirect config option.

[catagits/Catalyst-Plugin-RequireSSL.git] / lib / Catalyst / Plugin / RequireSSL.pm

diff --git a/lib/Catalyst/Plugin/RequireSSL.pm b/lib/Catalyst/Plugin/RequireSSL.pm
index 8bed9ab..edf613f 100644 (file)
--- a/lib/Catalyst/Plugin/RequireSSL.pm
+++ b/lib/Catalyst/Plugin/RequireSSL.pm
@@ -4,9 +4,9 @@ use strict;
 use base qw/Class::Accessor::Fast/;
 use NEXT;
 
-our $VERSION = '0.06';
+our $VERSION = '0.07';
 
-__PACKAGE__->mk_accessors( qw/_require_ssl _ssl_strip_output/ );
+__PACKAGE__->mk_accessors( qw/_require_ssl _allow_ssl _ssl_strip_output/ );
 
 sub require_ssl {
     my $c = shift;
@@ -21,10 +21,17 @@ sub require_ssl {
         else {
             $c->_ssl_strip_output(1);
             $c->res->redirect( $redir );
+            $c->detach if $c->config->{require_ssl}->{detach_on_redirect};
         }
     }
 }
 
+sub allow_ssl {
+    my $c = shift;
+
+    $c->_allow_ssl(1);
+}
+
 sub finalize {
     my $c = shift;
     
@@ -44,7 +51,7 @@ sub finalize {
         # we're already required to be in SSL for this request
         last REDIRECT if $c->_require_ssl;
         # or the user doesn't want us to redirect
-        last REDIRECT if $c->config->{require_ssl}->{remain_in_ssl};
+        last REDIRECT if $c->config->{require_ssl}->{remain_in_ssl} || $c->_allow_ssl;
         
         $c->res->redirect( $c->_redirect_uri('http') );
     }
@@ -103,10 +110,10 @@ sub _redirect_uri {
         $redir .= '?' . join( '&', @params );
     }  
           
-       if ( $c->config->{require_ssl}->{no_cache} ) {          
-           delete $c->config->{require_ssl}->{$type};
-       }
-       
+    if ( $c->config->{require_ssl}->{no_cache} ) {        
+        delete $c->config->{require_ssl}->{$type};
+    }
+    
     return $redir;
 }
 
@@ -127,7 +134,8 @@ Catalyst::Plugin::RequireSSL - Force SSL mode on select pages
         https => 'secure.mydomain.com',
         http => 'www.mydomain.com',
         remain_in_ssl => 0,
-               no_cache => 0,
+        no_cache => 0,
+        detach_on_redirect => 1,
     };
 
     # in any controller methods that should be secured
@@ -171,11 +179,18 @@ If you'd like your users to remain in SSL mode after visiting an SSL-required
 page, you can set this option to 1.  By default, this option is disabled and
 users will be redirected back to non-SSL mode as soon as possible.
 
-       no_cache 
+    no_cache 
 
 If you have a wildcard certificate you will need to set this option if you are
 using multiple domains on one instance of Catalyst.
 
+    detach_on_redirect 
+
+By default C<< $c->require_ssl >> only calls C<< $c->response->redirect >> but
+does not stop request processing (so it returns and subsequent statements are
+run). This is probably not what you want. If you set this option to a true
+value C<< $c->require_ssl >> will call C<< $c->detach >> when it redirects.
+
 =head1 METHODS
 
 =head2 require_ssl
@@ -187,6 +202,24 @@ Call require_ssl in any controller method you wish to be secured.
 The browser will be redirected to the same path on your SSL server.  POST
 requests are never redirected.
 
+=head2 allow_ssl
+
+Call allow_ssl in any controller method you wish to access both in SSL and
+non-SSL mode.
+
+    $c->allow_ssl;
+
+The browser will not be redirected, independently of whether the request was
+made to the SSL or non-SSL server.
+
+=head2 setup
+
+Disables this plugin if running under an engine which does not support SSL.
+
+=head2 finalize
+
+Performs the redirect to SSL url if required.
+
 =head1 KNOWN ISSUES
 
 When viewing an SSL-required page that uses static files served from the