The MessagesController requires SSL as well

2 files changed, 47 insertions, 0 deletions

diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index c77ebce..b99e2ad 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -75,4 +75,10 @@ class MessagesController < ApplicationController
       :limit => 10).reject{|u|u == current_user}
     render :layout => false
   end
+  
+  protected
+    def ssl_required?
+      # Always required.
+      true
+    end
 end
diff --git a/test/functional/messages_controller_test.rb b/test/functional/messages_controller_test.rb
index 4d18b85..605ff1d 100644
--- a/test/functional/messages_controller_test.rb
+++ b/test/functional/messages_controller_test.rb
@@ -19,6 +19,47 @@ require File.dirname(__FILE__) + '/../test_helper'
 
 class MessagesControllerTest < ActionController::TestCase
   
+  def setup
+    @request.env["HTTPS"] = "on"
+  end
+  
+  without_ssl_context do
+    context "SSL" do
+      setup do
+        login_as :moe
+      end
+      
+      context "GET :index" do
+        setup { get :index }
+        should_redirect_to_ssl
+      end
+      context "GET :sent" do
+        setup { get :sent }
+        should_redirect_to_ssl
+      end
+      context "GET :read" do
+        setup { get :read }
+        should_redirect_to_ssl
+      end
+      context "GET :show" do
+        setup { get :show }
+        should_redirect_to_ssl
+      end
+      context "POST :create" do
+        setup { post :create }
+        should_redirect_to_ssl
+      end
+      context "POST :reply" do
+        setup { get :reply }
+        should_redirect_to_ssl
+      end
+      context "POST auto_complete_for_message_recipients" do
+        setup { post :auto_complete_for_message_recipients }
+        should_redirect_to_ssl
+      end
+    end
+  end
+  
   should_render_in_global_context
   
   context 'On GET to index' do