From c8fcd0d26c3ad5c1c3cfbaf6b57239f907925ed6 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 16:20:37 +0100
Subject: require token when logging out via API

---
 users/test/integration/api/login_test.rb | 6 ++++++
 users/test/integration/api/srp_test.rb   | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb
index d56dfd1..92d153f 100644
--- a/users/test/integration/api/login_test.rb
+++ b/users/test/integration/api/login_test.rb
@@ -41,4 +41,10 @@ class LoginTest < SrpTest
     logout
     assert_equal 204, last_response.status
   end
+
+  test "logout requires token" do
+    authenticate
+    logout(nil, {})
+    assert_equal 422, last_response.status
+  end
 end
diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb
index fcda187..946450e 100644
--- a/users/test/integration/api/srp_test.rb
+++ b/users/test/integration/api/srp_test.rb
@@ -62,9 +62,10 @@ class SrpTest < RackTest
     ActionController::HttpAuthentication::Token.encode_credentials(server_auth["token"])
   end
 
-  def logout
+  def logout(params=nil, headers=nil)
     delete "http://api.lvh.me:3000/1/logout.json",
-      format: :json
+      params || {format: :json},
+      headers || auth_headers
   end
 
   def cleanup_user(login = nil)
-- 
cgit v1.2.3