From 0a161e88143d28349c49805ea7cc83c5106e075a Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Fri, 28 Jul 2017 11:35:14 +0200
Subject: prevent token conflicts

---
 test/unit/token_test.rb | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'test')

diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb
index 51c8d8e..ce7edaa 100644
--- a/test/unit/token_test.rb
+++ b/test/unit/token_test.rb
@@ -59,7 +59,6 @@ class TokenTest < ActiveSupport::TestCase
     sample = Token.new(user_id: @user.id)
     sample.last_seen_at = 2.hours.ago
     with_config auth: {token_expires_after: 60} do
-      sample.expects(:destroy)
       assert_nil sample.authenticate
     end
   end
@@ -83,7 +82,6 @@ class TokenTest < ActiveSupport::TestCase
     fresh.destroy
   end
 
-
   test "Token.destroy_all_expired does not interfere with expired.authenticate" do
     expired = FactoryGirl.create :token, last_seen_at: 2.hours.ago
     with_config auth: {token_expires_after: 60} do
@@ -92,4 +90,29 @@ class TokenTest < ActiveSupport::TestCase
     assert_nil expired.authenticate
   end
 
+  test "active logout (destroy) prevents reuse" do
+    token = FactoryGirl.create :token
+    same = Token.find(token.id)
+    token.destroy
+    assert_raises CouchRest::NotFound do
+      same.touch
+    end
+  end
+
+  test "logout works on prolonged token" do
+    token = FactoryGirl.create :token
+    same = Token.find(token.id)
+    token.touch
+    same.destroy
+    assert_nil Token.find(same.id)
+  end
+
+  test 'second destroy carries on' do
+    token = FactoryGirl.create :token
+    same = Token.find(token.id)
+    token.destroy
+    same.destroy
+    assert_nil Token.find(same.id)
+  end
+
 end
-- 
cgit v1.2.3