Commit 8def7b07

mo khan <mo@mokhan.ca>
2014-11-23 04:52:30
revoke the user session when they log out.
master
1 parent 93d22d8
Changed files (2)
app
controllers
sessions_controller.rb
spec
controllers
sessions_controller_spec.rb
app/controllers/sessions_controller.rb
@@ -16,6 +16,7 @@ class SessionsController < ApplicationController
 
   def destroy
     cookies.delete(:raphael)
+    user_session.revoke!
     redirect_to root_path
   end
spec/controllers/sessions_controller_spec.rb
@@ -57,17 +57,18 @@ describe SessionsController do
   end
 
   describe "#destroy" do
+    let(:user_session) { create(:user_session) }
+
     before :each do
-      request.cookies[:raphael] = SecureRandom.uuid
+      request.cookies[:raphael] = user_session.key
+      controller.stub(:user_session).and_return(user_session)
       delete :destroy, id: "me"
     end
 
-    it "removes the cookie" do
-      expect(cookies[:raphael]).to be_nil
-    end
+    it { expect(cookies[:raphael]).to be_nil }
 
-    it "redirects to the homepage" do
-      expect(response).to redirect_to(root_path)
-    end
+    it { expect(user_session.reload.revoked_at).to_not be_nil }
+
+    it { expect(response).to redirect_to(root_path) }
   end
 end