Auth sign out (#2511)

* Add a spec for signing out

* Add spec showing that suspended user gets a 403 forbidden on sign out

* Allow suspended account users to sign out
This commit is contained in:
Matt Jankowski 2017-05-02 17:37:58 -04:00 committed by Eugen Rochko
parent bea97ea766
commit 268dd32d76
2 changed files with 28 additions and 0 deletions

View file

@ -6,6 +6,7 @@ class Auth::SessionsController < Devise::SessionsController
layout 'auth' layout 'auth'
skip_before_action :require_no_authentication, only: [:create] skip_before_action :require_no_authentication, only: [:create]
skip_before_action :check_suspension, only: [:destroy]
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
def create def create

View file

@ -16,6 +16,33 @@ RSpec.describe Auth::SessionsController, type: :controller do
end end
end end
describe 'DELETE #destroy' do
let(:user) { Fabricate(:user) }
before do
request.env['devise.mapping'] = Devise.mappings[:user]
end
context 'with a regular user' do
it 'redirects to home after sign out' do
sign_in(user, scope: :user)
delete :destroy
expect(response).to redirect_to(root_path)
end
end
context 'with a suspended user' do
it 'redirects to home after sign out' do
Fabricate(:account, user: user, suspended: true)
sign_in(user, scope: :user)
delete :destroy
expect(response).to redirect_to(root_path)
end
end
end
describe 'POST #create' do describe 'POST #create' do
before do before do
request.env['devise.mapping'] = Devise.mappings[:user] request.env['devise.mapping'] = Devise.mappings[:user]