From 02c1a71f60409cb8290fae32f0d6d30f3eb1e7ea Mon Sep 17 00:00:00 2001
From: Jonathan Porta <jonathan@jonathanporta.com>
Date: Mon, 12 Jan 2015 21:02:18 -0800
Subject: [PATCH] Regenerate API Token on logout

---
 app/controllers/sessions_controller.rb | 2 ++
 app/models/user.rb                     | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 52da689..3120de5 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -18,6 +18,8 @@ def login
 
   # GET /logout
   def destroy
+    # TODO: Probably not how we want to handle this, but it will work for now.
+    current_user.regenerate_api_token
     current_session nil
     redirect_to root_url
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index 1796ade..0f11ec9 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -86,10 +86,15 @@ def friendship_requests_received
     inverse_friendships.where approved: nil
   end
 
+  def regenerate_api_token
+    generate_api_token
+    save
+  end
+
   private
 
   def generate_api_token
-    self.api_token ||= loop do
+    self.api_token = loop do
       random_token = SecureRandom.urlsafe_base64(64).tr('lIO0', 'sxyz')
       break random_token unless self.class.exists?(api_token: random_token)
     end