removed deprecated calls to force_ssl; rely on config.force_ssl

.rubocop_manual_todo.yml

@@ -484,7 +484,6 @@ Metrics/AbcSize:
   - lib/spree/core/calculated_adjustments.rb
   - lib/spree/core/controller_helpers/order.rb
   - lib/spree/core/controller_helpers/respond_with.rb
-  - lib/spree/core/controller_helpers/ssl.rb
   - lib/spree/core/delegate_belongs_to.rb
   - lib/spree/core/permalinks.rb
   - lib/spree/core/s3_support.rb
@@ -528,7 +527,6 @@ Metrics/BlockLength:
   - app/models/spree/payment/processing.rb
   - app/models/spree/shipment.rb
   - lib/spree/core/controller_helpers/common.rb
-  - lib/spree/core/controller_helpers/ssl.rb
   - lib/tasks/data.rake
   - spec/controllers/spree/admin/invoices_controller_spec.rb
   - spec/factories/address_factory.rb
@@ -607,7 +605,6 @@ Metrics/CyclomaticComplexity:
   - lib/spree/core/calculated_adjustments.rb
   - lib/spree/core/controller_helpers/order.rb
   - lib/spree/core/controller_helpers/respond_with.rb
-  - lib/spree/core/controller_helpers/ssl.rb
   - lib/spree/localized_number.rb
   - spec/models/product_importer_spec.rb
 
@@ -651,7 +648,6 @@ Metrics/PerceivedComplexity:
   - lib/spree/core/calculated_adjustments.rb
   - lib/spree/core/controller_helpers/order.rb
   - lib/spree/core/controller_helpers/respond_with.rb
-  - lib/spree/core/controller_helpers/ssl.rb
   - lib/spree/localized_number.rb
   - spec/models/product_importer_spec.rb
 

.rubocop_todo.yml

@@ -540,7 +540,6 @@ Rails/UnknownEnv:
   Exclude:
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
     - 'app/models/spree/app_configuration.rb'
-    - 'lib/spree/core/controller_helpers/ssl.rb'
 
 # Offense count: 1
 # Cop supports --auto-correct.

app/controllers/api/v0/base_controller.rb

@@ -2,7 +2,6 @@
 
 # Base controller for OFN's API
 require "spree/api/controller_setup"
-require "spree/core/controller_helpers/ssl"
 
 module Api
   module V0
@@ -11,7 +10,6 @@ module Api
       include ActionController::StrongParameters
       include ActionController::RespondWith
       include Spree::Api::ControllerSetup
-      include Spree::Core::ControllerHelpers::SSL
       include ::ActionController::Head
       include ::ActionController::ConditionalGet
       include ActionView::Layouts

app/controllers/application_controller.rb

@@ -5,7 +5,6 @@ require "application_responder"
 require 'cancan'
 require 'spree/core/controller_helpers/auth'
 require 'spree/core/controller_helpers/respond_with'
-require 'spree/core/controller_helpers/ssl'
 require 'spree/core/controller_helpers/common'
 require 'open_food_network/referer_parser'
 
@@ -32,7 +31,6 @@ class ApplicationController < ActionController::Base
 
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::RespondWith
-  include Spree::Core::ControllerHelpers::SSL
   include Spree::Core::ControllerHelpers::Common
 
   prepend_before_action :restrict_iframes

app/controllers/base_controller.rb

@@ -1,14 +1,12 @@
 # frozen_string_literal: true
 
 require 'spree/core/controller_helpers/order'
-require 'spree/core/controller_helpers/ssl'
 require 'open_food_network/tag_rule_applicator'
 
 class BaseController < ApplicationController
   layout 'darkswarm'
 
   include Spree::Core::ControllerHelpers::Order
-  include Spree::Core::ControllerHelpers::SSL
 
   include I18nHelper
   include OrderCyclesHelper

app/controllers/checkout_controller.rb

@@ -10,8 +10,6 @@ class CheckoutController < ::BaseController
   helper 'terms_and_conditions'
   helper 'checkout'
 
-  ssl_required
-
   # We need pessimistic locking to avoid race conditions.
   # Otherwise we fail on duplicate indexes or end up with negative stock.
   prepend_around_action CurrentOrderLocker, only: [:edit, :update]

app/controllers/payments_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class PaymentsController < BaseController
-  ssl_required :redirect_to_authorize
-
   respond_to :html
 
   prepend_before_action :require_logged_in, only: :redirect_to_authorize

app/controllers/spree/admin/base_controller.rb

@@ -3,8 +3,6 @@
 module Spree
   module Admin
     class BaseController < ApplicationController
-      ssl_required
-
       helper 'shared'
       helper 'spree/admin/navigation'
       helper 'spree/admin/orders'

app/controllers/spree/orders_controller.rb

@@ -7,8 +7,6 @@ module Spree
 
     layout 'darkswarm'
 
-    ssl_required :show
-
     before_action :check_authorization
     rescue_from ActiveRecord::RecordNotFound, with: :render_404
     helper 'spree/products', 'spree/orders'

app/controllers/spree/user_passwords_controller.rb

@@ -3,7 +3,6 @@
 require "spree/core/controller_helpers/auth"
 require "spree/core/controller_helpers/common"
 require "spree/core/controller_helpers/order"
-require "spree/core/controller_helpers/ssl"
 
 module Spree
   class UserPasswordsController < Devise::PasswordsController
@@ -13,9 +12,6 @@ module Spree
     include Spree::Core::ControllerHelpers::Auth
     include Spree::Core::ControllerHelpers::Common
     include Spree::Core::ControllerHelpers::Order
-    include Spree::Core::ControllerHelpers::SSL
-
-    ssl_required
 
     # Overridden due to bug in Devise.
     #   respond_with resource, :location => new_session_path(resource_name)

app/controllers/spree/user_registrations_controller.rb

@@ -3,7 +3,6 @@
 require "spree/core/controller_helpers/auth"
 require "spree/core/controller_helpers/common"
 require "spree/core/controller_helpers/order"
-require "spree/core/controller_helpers/ssl"
 
 module Spree
   class UserRegistrationsController < Devise::RegistrationsController
@@ -12,9 +11,7 @@ module Spree
     include Spree::Core::ControllerHelpers::Auth
     include Spree::Core::ControllerHelpers::Common
     include Spree::Core::ControllerHelpers::Order
-    include Spree::Core::ControllerHelpers::SSL
 
-    ssl_required
     before_action :check_permissions, only: [:edit, :update]
     skip_before_action :require_no_authentication
 

app/controllers/spree/user_sessions_controller.rb

@@ -3,7 +3,6 @@
 require "spree/core/controller_helpers/auth"
 require "spree/core/controller_helpers/common"
 require "spree/core/controller_helpers/order"
-require "spree/core/controller_helpers/ssl"
 
 module Spree
   class UserSessionsController < Devise::SessionsController
@@ -12,9 +11,7 @@ module Spree
     include Spree::Core::ControllerHelpers::Auth
     include Spree::Core::ControllerHelpers::Common
     include Spree::Core::ControllerHelpers::Order
-    include Spree::Core::ControllerHelpers::SSL
 
-    ssl_required :new, :create, :destroy, :update
     ssl_allowed :login_bar
 
     before_action :set_checkout_redirect, only: :create

app/controllers/spree/users_controller.rb

@@ -3,7 +3,7 @@
 module Spree
   class UsersController < ::BaseController
     layout 'darkswarm'
-    ssl_required
+
     skip_before_action :set_current_order, only: :show
     prepend_before_action :load_object, only: [:show, :edit, :update]
     prepend_before_action :authorize_actions, only: :new

lib/spree/core/controller_helpers/ssl.rb

@@ -1,60 +0,0 @@
-# frozen_string_literal: true
-
-module Spree
-  module Core
-    module ControllerHelpers
-      module SSL
-        extend ActiveSupport::Concern
-
-        included do
-          before_action :force_non_ssl_redirect, if: proc { Spree::Config[:redirect_https_to_http] }
-
-          def self.ssl_allowed(*actions)
-            class_attribute :ssl_allowed_actions
-            self.ssl_allowed_actions = actions
-          end
-
-          def self.ssl_required(*actions)
-            class_attribute :ssl_required_actions
-            self.ssl_required_actions = actions
-            return unless ssl_supported?
-
-            if ssl_required_actions.empty? || Rails.application.config.force_ssl
-              force_ssl
-            else
-              force_ssl only: ssl_required_actions
-            end
-          end
-
-          def self.ssl_supported?
-            return Spree::Config[:allow_ssl_in_production] if Rails.env.production?
-            return Spree::Config[:allow_ssl_in_staging] if Rails.env.staging?
-
-            false
-          end
-
-          private
-
-          # Redirect the existing request to use the HTTP protocol.
-          #
-          # ==== Parameters
-          # * <tt>host</tt> - Redirect to a different host name
-          def force_non_ssl_redirect(host = nil)
-            return true if defined?(ssl_allowed_actions) &&
-                           ssl_allowed_actions.include?(action_name.to_sym)
-
-            return unless request.ssl? &&
-                          (!defined?(ssl_required_actions) ||
-                           !ssl_required_actions.include?(action_name.to_sym))
-
-            redirect_options = { protocol: 'http://', status: :moved_permanently }
-            redirect_options.merge!(host: host) if host
-            redirect_options.merge!(params: request.query_parameters)
-            flash.keep if respond_to?(:flash)
-            redirect_to redirect_options
-          end
-        end
-      end
-    end
-  end
-end