summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-02-08 16:20:37 +0100
committerAzul <azul@leap.se>2014-02-10 14:26:30 +0100
commitc8fcd0d26c3ad5c1c3cfbaf6b57239f907925ed6 (patch)
tree664dfcfb95eb68babd51b67a6ef21a314c8ea77a
parentcbd757cf151cd61bfdd5637d09f43e4831fec3bb (diff)
require token when logging out via API
-rw-r--r--users/app/controllers/v1/sessions_controller.rb1
-rw-r--r--users/test/integration/api/login_test.rb6
-rw-r--r--users/test/integration/api/srp_test.rb5
3 files changed, 10 insertions, 2 deletions
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index eb6c322..eae3a1e 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -2,6 +2,7 @@ module V1
class SessionsController < ApplicationController
skip_before_filter :verify_authenticity_token
+ before_filter :require_token, only: :destroy
def new
@session = Session.new
diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb
index d56dfd1..92d153f 100644
--- a/users/test/integration/api/login_test.rb
+++ b/users/test/integration/api/login_test.rb
@@ -41,4 +41,10 @@ class LoginTest < SrpTest
logout
assert_equal 204, last_response.status
end
+
+ test "logout requires token" do
+ authenticate
+ logout(nil, {})
+ assert_equal 422, last_response.status
+ end
end
diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb
index fcda187..946450e 100644
--- a/users/test/integration/api/srp_test.rb
+++ b/users/test/integration/api/srp_test.rb
@@ -62,9 +62,10 @@ class SrpTest < RackTest
ActionController::HttpAuthentication::Token.encode_credentials(server_auth["token"])
end
- def logout
+ def logout(params=nil, headers=nil)
delete "http://api.lvh.me:3000/1/logout.json",
- format: :json
+ params || {format: :json},
+ headers || auth_headers
end
def cleanup_user(login = nil)