make sure can login twice

3 files changed, 10 insertions, 0 deletions

diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index bc910b5..0345fbd 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -11,6 +11,7 @@ class SessionsController < ApplicationController
   end
 
   def create
+    logout if logged_in?
     authenticate!
   end
 
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 5b4a13b..27d10fb 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -12,6 +12,7 @@ module V1
     end
 
     def create
+      logout if logged_in?
       authenticate!
     end
 
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index e425c35..7636f2b 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -62,6 +62,14 @@ class AccountFlowTest < ActiveSupport::TestCase
     assert server_auth["M2"]
   end
 
+  test "duplicate login does not break things" do
+    server_auth = @srp.authenticate(self)
+    server_auth = @srp.authenticate(self)
+    assert last_response.successful?
+    assert_nil server_auth["errors"]
+    assert server_auth["M2"]
+  end
+
   test "signup and wrong password login attempt" do
     srp = SRP::Client.new(@login, "wrong password")
     server_auth = srp.authenticate(self)