You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the problem is if an invalid request it's still hit this and cause the user to log out although the request should not sign out the user
to be extra clear here are my specs
describe'DELETE sessions#destroy'dolet(:user){Fabricate(:confirmed_user)}describe'with request headers'docontext'valid credentials'doit'Returns 204'dodelete'/users/sign_out',{},{HTTP_CONTENT_TYPE: 'application/json',HTTP_ACCEPT: "application/vnd.app+json; version=1","X-User-Email"=>user.email,"X-User-Token"=>user.authentication_token}user.reloadexpect(response.status).toeq204expect(user.authentication_token).not_toeq@auth_token#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ this is ok cause it's the valid userendendcontext'invalid credentials'doit'Returns 204'dodelete'/users/sign_out',{},{HTTP_CONTENT_TYPE: 'application/json',HTTP_ACCEPT: "application/vnd.app+json; version=1","X-User-Email"=>user.email,"X-User-Token"=>'Invalid'}user.reloadexpect(response.status).toeq204expect(user.authentication_token).toeq@auth_token#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ this is weird # why did the user get new auth token when didn't sign out ????endendend
The text was updated successfully, but these errors were encountered:
this is also reported on http://stackoverflow.com/questions/27804349/simple-token-authentication-signout-for-rails-json-api
here is my session controller
the problem is if an invalid request it's still hit this and cause the user to log out although the request should not sign out the user
to be extra clear here are my specs
The text was updated successfully, but these errors were encountered: