Regenerate API Token on logout

JonathanPorta · Jan 13, 2015 · 02c1a71 · 02c1a71
1 parent 76d00ec
commit 02c1a71
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -18,6 +18,8 @@ def login
 
   # GET /logout
   def destroy
+    # TODO: Probably not how we want to handle this, but it will work for now.
+    current_user.regenerate_api_token
     current_session nil
     redirect_to root_url
   end

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -86,10 +86,15 @@ def friendship_requests_received
     inverse_friendships.where approved: nil
   end
 
+  def regenerate_api_token
+    generate_api_token
+    save
+  end
+
   private
 
   def generate_api_token
-    self.api_token ||= loop do
+    self.api_token = loop do
       random_token = SecureRandom.urlsafe_base64(64).tr('lIO0', 'sxyz')
       break random_token unless self.class.exists?(api_token: random_token)
     end