From 268dd32d76b42dc1f2a044cedeee5446cb9185c2 Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Tue, 2 May 2017 17:37:58 -0400 Subject: [PATCH] Auth sign out (#2511) * Add a spec for signing out * Add spec showing that suspended user gets a 403 forbidden on sign out * Allow suspended account users to sign out --- app/controllers/auth/sessions_controller.rb | 1 + .../auth/sessions_controller_spec.rb | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 4a5e0da6e..1aa84a354 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -6,6 +6,7 @@ class Auth::SessionsController < Devise::SessionsController layout 'auth' skip_before_action :require_no_authentication, only: [:create] + skip_before_action :check_suspension, only: [:destroy] prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] def create diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index 393908d97..a2298180a 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -16,6 +16,33 @@ RSpec.describe Auth::SessionsController, type: :controller do end end + describe 'DELETE #destroy' do + let(:user) { Fabricate(:user) } + + before do + request.env['devise.mapping'] = Devise.mappings[:user] + end + + context 'with a regular user' do + it 'redirects to home after sign out' do + sign_in(user, scope: :user) + delete :destroy + + expect(response).to redirect_to(root_path) + end + end + + context 'with a suspended user' do + it 'redirects to home after sign out' do + Fabricate(:account, user: user, suspended: true) + sign_in(user, scope: :user) + delete :destroy + + expect(response).to redirect_to(root_path) + end + end + end + describe 'POST #create' do before do request.env['devise.mapping'] = Devise.mappings[:user]