Permalink
Browse files

Reset the remember_token on sign out instead of sign in

* Allows for the same user to sign in from two locations at once
* Added support for setting User#remember_token on creation
* Addresses this thread:
  http://groups.google.com/group/thoughtbot-clearance/browse_thread/thread/d071ae84573e40ff
  • Loading branch information...
1 parent 1448735 commit 51051538f085c951eb14ef527af5763a8636798b @rmm5t rmm5t committed Sep 29, 2009
@@ -62,7 +62,6 @@ def authenticate
# sign_in(@user)
def sign_in(user)
if user
- user.reset_remember_token!
cookies[:remember_token] = {
:value => user.remember_token,
:expires => 1.year.from_now.utc
@@ -77,6 +76,7 @@ def sign_in(user)
# sign_out
def sign_out
cookies.delete(:remember_token)
+ current_user.reset_remember_token! if current_user
current_user = nil
end
@@ -67,7 +67,8 @@ def self.included(model)
model.class_eval do
before_save :initialize_salt,
:encrypt_password
- before_create :generate_confirmation_token
+ before_create :generate_confirmation_token,
+ :generate_remember_token
after_create :send_confirmation_email, :unless => :email_confirmed?
end
end
@@ -35,6 +35,7 @@ class SessionsControllerTest < ActionController::TestCase
context "on POST to #create with good credentials" do
setup do
@user = Factory(:email_confirmed_user)
+ @user.update_attribute(:remember_token, "old-token")
post :create, :session => {
:email => @user.email,
:password => @user.password }
@@ -47,8 +48,8 @@ class SessionsControllerTest < ActionController::TestCase
assert ! cookies['remember_token'].empty?
end
- should 'set the token in users table' do
- assert_not_nil @user.reload.remember_token
+ should "not change the remember token" do
+ assert_equal "old-token", @user.reload.remember_token
end
end
@@ -121,6 +122,7 @@ class SessionsControllerTest < ActionController::TestCase
context "on DELETE to #destroy with a cookie" do
setup do
@user = Factory(:email_confirmed_user)
+ @user.update_attribute(:remember_token, "old-token")
cookies['remember_token'] = CGI::Cookie.new('token', 'value')
sign_in_as @user
delete :destroy
@@ -133,8 +135,8 @@ class SessionsControllerTest < ActionController::TestCase
assert_nil cookies['remember_token']
end
- should "delete the database token" do
- assert_nil @user.reload.remember_token
+ should "reset the remember token" do
+ assert_not_equal "old-token", @user.reload.remember_token
end
end
@@ -125,12 +125,12 @@ def @user.initialize_salt; end
context "When resetting authentication with reset_remember_token!" do
setup do
@user = Factory(:email_confirmed_user)
- assert_nil @user.remember_token
+ @user.remember_token = "old-token"
@user.reset_remember_token!
end
- should "set the remember token" do
- assert_not_nil @user.remember_token
+ should "change the remember token" do
+ assert_not_equal "old-token", @user.remember_token
end
end

0 comments on commit 5105153

Please sign in to comment.