Age | Commit message (Collapse) | Author |
|
Authentication still remaining piece.
|
|
|
|
|
|
messages within the webapp.
|
|
Currently it expects both the session and the token to be cleared. This might change. But we'll always have a definition of what it means to logout we can test this way.
|
|
We have a lot of things that act upon a user record and one or more of it's identities at the same time:
* Sing up: Create a user and it's initial identity
* Rename: Change the username and create a new identity, turn old into an alias
* Cancel Account: Remove user and all their identities.
In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things.
We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
|
|
|
|
|
|
|
|
tests to reflect this.
|
|
|
|
|
|
|
|
|
|
* now we return the user id on login
* allow a destroy request for logging out
* added test for api sessions controller
|