Added logout, meaning that the full authentication process now works …

…with OAuth.

app/controllers/sessions_controller.rb

@@ -42,4 +42,9 @@ def oauth_callback
         authentication_failed('There was a problem trying to authenticate you. Please try again.') and return
     end 
   end
+
+  def destroy
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
 end

config/routes.rb

@@ -1,5 +1,6 @@
 ActionController::Routing::Routes.draw do |map|
   map.login '/login', :controller => 'sessions', :action => 'new'
+  map.logout '/logout', :controller => 'sessions', :action => 'destroy'
   map.resource :session
   map.oauth_callback '/oauth_callback', :controller => 'sessions', :action => 'oauth_callback'
 end

lib/twitter_auth/controller_extensions.rb

@@ -48,6 +48,11 @@ def redirect_back_or_default(default)
     def logged_in?
       !!current_user
     end
+
+    def logout_keeping_session!
+      @current_user = nil
+      session[:user_id] = nil
+    end
   end
 end
 

spec/controllers/controller_extensions_spec.rb

@@ -30,10 +30,15 @@ def access_denied_action
   def redirect_back_action
     redirect_back_or_default(params[:to] || '/')
   end
+
+  def logout_keeping_session_action
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
 end
 
 describe TwitterAuthTestController do
-  %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default).each do |m|
+  %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default logout_keeping_session!).each do |m|
     it "should respond to the extension method '#{m}'" do
       controller.should respond_to(m)
     end
@@ -120,4 +125,22 @@ def redirect_back_action
       should redirect_to('/someurl')
     end
   end
+
+  describe 'logout_keeping_session!' do
+    before do
+      @user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = @user.id
+    end
+
+    it 'should unset session[:user_id]' do
+      get :logout_keeping_session_action
+      request.session[:user_id].should be_nil
+    end
+
+    it 'should unset current_user' do
+      controller.send(:current_user).should == @user
+      get :logout_keeping_session_action
+      controller.send(:current_user).should be_nil
+    end
+  end
 end

spec/controllers/sessions_controller_spec.rb

@@ -10,6 +10,14 @@
       params_from(:get, '/login').should == {:controller => 'sessions', :action => 'new'}
     end
 
+    it 'should route /logout to SessionsController#destroy' do
+      params_from(:get, '/logout').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route DELETE /session to SessionsController#destroy' do
+      params_from(:delete, '/session').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
     it 'should route /oauth_callback to SessionsController#oauth_callback' do
       params_from(:get, '/oauth_callback').should == {:controller => 'sessions', :action => 'oauth_callback'}
     end
@@ -129,4 +137,16 @@
       end
     end
   end
+
+  describe '#destroy' do
+    it 'should call logout_keeping_session!' do
+      controller.should_receive(:logout_keeping_session!).once
+      get :destroy
+    end
+
+    it 'should redirect to the root' do
+      get :destroy
+      response.should redirect_to('/')
+    end
+  end
 end