Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use a post link to logout #2496

Merged
merged 2 commits into from Jan 9, 2020
Merged

Use a post link to logout #2496

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8a774e7
Use a post link to logout
gravitystorm Jan 8, 2020
9643e33
Update tests to ensure referer is working
gravitystorm Jan 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/controllers/users_controller.rb
View file
Open in desktop
Expand Up @@ -269,7 +269,7 @@ def login
def logout
@title = t "users.logout.title"

if params[:session] == session.id
if request.post?
if session[:token]
token = UserToken.find_by(:token => session[:token])
token&.destroy
Expand Down
2 changes: 1 addition & 1 deletion app/views/layouts/_header.html.erb
View file
Open in desktop
Expand Up @@ -102,7 +102,7 @@
<%= yield :greeting %>
</li>
<li>
<%= link_to t("layouts.logout"), logout_path(:session => session.id, :referer => request.fullpath), :class => "geolink" %>
<%= link_to t("layouts.logout"), logout_path(:referer => request.fullpath), :method => "post", :class => "geolink" %>
</li>
</ul>
</div>
Expand Down
1 change: 0 additions & 1 deletion app/views/users/logout.html.erb
View file
Open in desktop
Expand Up @@ -4,6 +4,5 @@

<%= form_tag :action => "logout" do %>
<%= hidden_field_tag("referer", h(params[:referer])) %>
<%= hidden_field_tag("session", session.id) %>
<%= submit_tag t(".logout_button") %>
<% end %>
37 changes: 14 additions & 23 deletions test/controllers/users_controller_test.rb
View file
Open in desktop
Expand Up @@ -344,46 +344,37 @@ def test_save_referer_params
end

def test_logout_without_referer
post :logout
assert_response :redirect
assert_redirected_to root_path
end

def test_logout_with_referer
post :logout, :params => { :referer => "/test" }
assert_response :redirect
assert_redirected_to "/test"
end

def test_logout_fallback_without_referer
get :logout
assert_response :success
assert_template :logout
assert_select "input[name=referer][value=?]", ""

session_id = assert_select("input[name=session]").first["value"]

get :logout, :params => { :session => session_id }
gravitystorm marked this conversation as resolved.
Show resolved Hide resolved
assert_response :redirect
assert_redirected_to root_path
end

def test_logout_with_referer
def test_logout_fallback_with_referer
get :logout, :params => { :referer => "/test" }
assert_response :success
assert_template :logout
assert_select "input[name=referer][value=?]", "/test"

session_id = assert_select("input[name=session]").first["value"]

get :logout, :params => { :session => session_id, :referer => "/test" }
assert_response :redirect
assert_redirected_to "/test"
end

def test_logout_with_token
token = create(:user).tokens.create

session[:token] = token.token

get :logout
assert_response :success
assert_template :logout
assert_select "input[name=referer][value=?]", ""
assert_equal token.token, session[:token]
assert_not_nil UserToken.where(:id => token.id).first

session_id = assert_select("input[name=session]").first["value"]

get :logout, :params => { :session => session_id }
post :logout
assert_response :redirect
assert_redirected_to root_path
assert_nil session[:token]
Expand Down
48 changes: 48 additions & 0 deletions test/system/user_logout_test.rb
View file
Open in desktop
@@ -0,0 +1,48 @@
require "application_system_test_case"

class UserLogoutTest < ApplicationSystemTestCase
test "Sign out via link" do
user = create(:user)
sign_in_as(user)
assert_not page.has_content? "Log In"

click_on user.display_name
click_on "Log Out"
assert page.has_content? "Log In"
end

test "Sign out via link with referer" do
user = create(:user)
sign_in_as(user)
visit traces_path
assert_not page.has_content? "Log In"

click_on user.display_name
click_on "Log Out"
assert page.has_content? "Log In"
assert page.has_content? "Public GPS traces"
end

test "Sign out via fallback page" do
sign_in_as(create(:user))
assert_not page.has_content? "Log In"

visit logout_path
assert page.has_content? "Logout from OpenStreetMap"

click_button "Logout"
assert page.has_content? "Log In"
end

test "Sign out via fallback page with referer" do
sign_in_as(create(:user))
assert_not page.has_content? "Log In"

visit logout_path(:referer => "/traces")
assert page.has_content? "Logout from OpenStreetMap"

click_button "Logout"
assert page.has_content? "Log In"
assert page.has_content? "Public GPS traces"
end
end