From 6860b30906d9691eb90c3854232f51999c0ea9b5 Mon Sep 17 00:00:00 2001
From: Michael Bleigh <michael@intridea.com>
Date: Wed, 18 Mar 2009 19:27:34 -0400
Subject: [PATCH] Added logout, meaning that the full authentication process
 now works with OAuth.

---
 app/controllers/sessions_controller.rb        |  5 ++++
 config/routes.rb                              |  1 +
 lib/twitter_auth/controller_extensions.rb     |  5 ++++
 .../controllers/controller_extensions_spec.rb | 25 ++++++++++++++++++-
 spec/controllers/sessions_controller_spec.rb  | 20 +++++++++++++++
 5 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 991eff7..c2f4af9 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -42,4 +42,9 @@ def oauth_callback
         authentication_failed('There was a problem trying to authenticate you. Please try again.') and return
     end 
   end
+  
+  def destroy
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index f9e0e79..97387f0 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,6 @@
 ActionController::Routing::Routes.draw do |map|
   map.login '/login', :controller => 'sessions', :action => 'new'
+  map.logout '/logout', :controller => 'sessions', :action => 'destroy'
   map.resource :session
   map.oauth_callback '/oauth_callback', :controller => 'sessions', :action => 'oauth_callback'
 end
diff --git a/lib/twitter_auth/controller_extensions.rb b/lib/twitter_auth/controller_extensions.rb
index 9414fd7..3854a7e 100644
--- a/lib/twitter_auth/controller_extensions.rb
+++ b/lib/twitter_auth/controller_extensions.rb
@@ -48,6 +48,11 @@ def redirect_back_or_default(default)
     def logged_in?
       !!current_user
     end
+
+    def logout_keeping_session!
+      @current_user = nil
+      session[:user_id] = nil
+    end
   end
 end
 
diff --git a/spec/controllers/controller_extensions_spec.rb b/spec/controllers/controller_extensions_spec.rb
index 245fd8f..ac04b3a 100644
--- a/spec/controllers/controller_extensions_spec.rb
+++ b/spec/controllers/controller_extensions_spec.rb
@@ -30,10 +30,15 @@ def access_denied_action
   def redirect_back_action
     redirect_back_or_default(params[:to] || '/')
   end
+
+  def logout_keeping_session_action
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
 end
 
 describe TwitterAuthTestController do
-  %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default).each do |m|
+  %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default logout_keeping_session!).each do |m|
     it "should respond to the extension method '#{m}'" do
       controller.should respond_to(m)
     end
@@ -120,4 +125,22 @@ def redirect_back_action
       should redirect_to('/someurl')
     end
   end
+
+  describe 'logout_keeping_session!' do
+    before do
+      @user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = @user.id
+    end
+
+    it 'should unset session[:user_id]' do
+      get :logout_keeping_session_action
+      request.session[:user_id].should be_nil
+    end
+
+    it 'should unset current_user' do
+      controller.send(:current_user).should == @user
+      get :logout_keeping_session_action
+      controller.send(:current_user).should be_nil
+    end
+  end
 end
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index c68223d..03c5c57 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -10,6 +10,14 @@
       params_from(:get, '/login').should == {:controller => 'sessions', :action => 'new'}
     end
 
+    it 'should route /logout to SessionsController#destroy' do
+      params_from(:get, '/logout').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route DELETE /session to SessionsController#destroy' do
+      params_from(:delete, '/session').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
     it 'should route /oauth_callback to SessionsController#oauth_callback' do
       params_from(:get, '/oauth_callback').should == {:controller => 'sessions', :action => 'oauth_callback'}
     end
@@ -129,4 +137,16 @@
       end
     end
   end
+
+  describe '#destroy' do
+    it 'should call logout_keeping_session!' do
+      controller.should_receive(:logout_keeping_session!).once
+      get :destroy
+    end
+
+    it 'should redirect to the root' do
+      get :destroy
+      response.should redirect_to('/')
+    end
+  end
 end