Merge pull request #108 from azul/feature/proper-user-deletion

notify user their account was successfully deleted (refs #4216)

8 files changed, 42 insertions, 29 deletions

diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml
index 728b5b8..5a54354 100644
--- a/app/views/home/index.html.haml
+++ b/app/views/home/index.html.haml
@@ -6,6 +6,10 @@
       %p
         We provide secure communication services, including encrypted internet, email (coming soon), and chat (coming later).
 
+    .row-fluid
+      .span6.offset3
+        = render 'layouts/messages'
+    .row-fluid
       = home_page_buttons
 
       - if Rails.env == 'development'
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index f66277d..de21983 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -48,7 +48,15 @@ class UsersController < UsersBaseController
 
   def destroy
     @user.destroy
-    redirect_to admin? ? users_url : root_url
+    flash[:notice] = I18n.t(:account_destroyed)
+    # admins can destroy other users
+    if @user != current_user
+      redirect_to users_url
+    else
+      # let's remove the invalid session
+      logout
+      redirect_to root_url
+    end
   end
 
 end
diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml
index b69f7f4..1b5dd5e 100644
--- a/users/config/locales/en.yml
+++ b/users/config/locales/en.yml
@@ -17,6 +17,7 @@ en:
   destroy_my_account: "Destroy my account"
   destroy_account_info: "This will permanently destroy your account and all the data associated with it. Proceed with caution!"
   admin_destroy_account: "Destroy the account %{username}"
+  account_destroyed: "The account has been destroyed successfully."
   set_email_address: "Set email address"
   forward_email: "Forward Email"
   email_aliases: "Email Aliases"
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index a630e6e..28143da 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -41,20 +41,12 @@ class SessionsControllerTest < ActionController::TestCase
     assert_json_error :login => I18n.t(:all_strategies_failed)
   end
 
-  test "logout should reset warden user" do
-    expect_warden_logout
+  test "destory should logout" do
+    login
+    expect_logout
     delete :destroy
     assert_response :redirect
     assert_redirected_to root_url
   end
 
-  def expect_warden_logout
-    raw = mock('raw session') do
-      expects(:inspect)
-    end
-    request.env['warden'].expects(:raw_session).returns(raw)
-    request.env['warden'].expects(:logout)
-  end
-
-
 end
diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index 052de04..75d900f 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -91,6 +91,7 @@ class UsersControllerTest < ActionController::TestCase
     user.expects(:destroy)
 
     login user
+    expect_logout
     delete :destroy, :id => @current_user.id
 
     assert_response :redirect
diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
index ff9fca1..4200e8f 100644
--- a/users/test/functional/v1/sessions_controller_test.rb
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -52,26 +52,11 @@ class V1::SessionsControllerTest < ActionController::TestCase
     assert_equal @user.id, token.user_id
   end
 
-  test "logout should reset session" do
-    expect_warden_logout
-    delete :destroy
-    assert_response 204
-  end
-
-  test "logout should destroy token" do
+  test "destroy should logout" do
     login
-    expect_warden_logout
-    @token.expects(:destroy)
+    expect_logout
     delete :destroy
     assert_response 204
   end
 
-  def expect_warden_logout
-    raw = mock('raw session') do
-      expects(:inspect)
-    end
-    request.env['warden'].expects(:raw_session).returns(raw)
-    request.env['warden'].expects(:logout)
-  end
-
 end
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index 8e03856..b712c95 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -38,6 +38,14 @@ class AccountTest < BrowserIntegrationTest
     assert page.has_no_selector? 'input.btn-primary.disabled'
   end
 
+  test "account destruction" do
+    username, password = submit_signup
+    click_on I18n.t('account_settings')
+    click_on I18n.t('destroy_my_account')
+    page.save_screenshot('/tmp/destroy.png')
+    assert page.has_content?(I18n.t('account_destroyed'))
+  end
+
   test "change password" do
     username, password = submit_signup
     click_on "Account Settings"
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index 609f115..50e9453 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -38,12 +38,26 @@ module AuthTestHelper
     end
   end
 
+  def expect_logout
+    expect_warden_logout
+    @token.expects(:destroy) if @token
+  end
+
   protected
 
   def header_for_token_auth
     @token = find_record(:token, :authenticate => @current_user)
     ActionController::HttpAuthentication::Token.encode_credentials @token.id
   end
+
+  def expect_warden_logout
+    raw = mock('raw session') do
+      expects(:inspect)
+    end
+    request.env['warden'].expects(:raw_session).returns(raw)
+    request.env['warden'].expects(:logout)
+  end
+
 end
 
 class ActionController::TestCase