From c8fcd0d26c3ad5c1c3cfbaf6b57239f907925ed6 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 8 Feb 2014 16:20:37 +0100 Subject: require token when logging out via API --- users/app/controllers/v1/sessions_controller.rb | 1 + users/test/integration/api/login_test.rb | 6 ++++++ users/test/integration/api/srp_test.rb | 5 +++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb index eb6c322..eae3a1e 100644 --- a/users/app/controllers/v1/sessions_controller.rb +++ b/users/app/controllers/v1/sessions_controller.rb @@ -2,6 +2,7 @@ module V1 class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token + before_filter :require_token, only: :destroy def new @session = Session.new diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb index d56dfd1..92d153f 100644 --- a/users/test/integration/api/login_test.rb +++ b/users/test/integration/api/login_test.rb @@ -41,4 +41,10 @@ class LoginTest < SrpTest logout assert_equal 204, last_response.status end + + test "logout requires token" do + authenticate + logout(nil, {}) + assert_equal 422, last_response.status + end end diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb index fcda187..946450e 100644 --- a/users/test/integration/api/srp_test.rb +++ b/users/test/integration/api/srp_test.rb @@ -62,9 +62,10 @@ class SrpTest < RackTest ActionController::HttpAuthentication::Token.encode_credentials(server_auth["token"]) end - def logout + def logout(params=nil, headers=nil) delete "http://api.lvh.me:3000/1/logout.json", - format: :json + params || {format: :json}, + headers || auth_headers end def cleanup_user(login = nil) -- cgit v1.2.3