sign_out_all_scopes is true by default.
This commit is contained in:
José Valim
parent
ab7f3bc175
commit
617b95fdcd
|
|
@ -1,3 +1,6 @@
|
|||
* deprecations
|
||||
* sign_out_all_scopes defaults to true as security measure
|
||||
|
||||
* enhancements
|
||||
* Added OAuth 2 support
|
||||
* sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ module Devise
|
|||
|
||||
# When set to true, signing out an user signs out all other scopes.
|
||||
mattr_accessor :sign_out_all_scopes
|
||||
@@sign_out_all_scopes = false
|
||||
@@sign_out_all_scopes = true
|
||||
|
||||
# The default method used while signing out
|
||||
mattr_accessor :sign_out_via
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ class ControllerAuthenticableTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
test 'proxy anybody_signed_in? to signed_in?' do
|
||||
Devise.mappings.keys.each { |scope| # :user, :admin, :manager
|
||||
Devise.mappings.keys.each do |scope| # :user, :admin, :manager
|
||||
@controller.expects(:signed_in?).with(scope)
|
||||
}
|
||||
end
|
||||
@controller.anybody_signed_in?
|
||||
end
|
||||
|
||||
|
|
@ -185,12 +185,26 @@ class ControllerAuthenticableTest < ActionController::TestCase
|
|||
@controller.sign_in_and_redirect(admin)
|
||||
end
|
||||
|
||||
test 'sign out and redirect uses the configured after sign out path' do
|
||||
@mock_warden.expects(:user).with(:admin).returns(true)
|
||||
@mock_warden.expects(:logout).with(:admin).returns(true)
|
||||
@controller.expects(:redirect_to).with(admin_root_path)
|
||||
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
|
||||
@controller.sign_out_and_redirect(:admin)
|
||||
test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
|
||||
swap Devise, :sign_out_all_scopes => false do
|
||||
@mock_warden.expects(:user).with(:admin).returns(true)
|
||||
@mock_warden.expects(:logout).with(:admin).returns(true)
|
||||
@controller.expects(:redirect_to).with(admin_root_path)
|
||||
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
|
||||
@controller.sign_out_and_redirect(:admin)
|
||||
end
|
||||
end
|
||||
|
||||
test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
|
||||
swap Devise, :sign_out_all_scopes => true do
|
||||
Devise.mappings.keys.each do |scope| # :user, :admin, :manager
|
||||
@mock_warden.expects(:user).with(scope)
|
||||
end
|
||||
@mock_warden.expects(:logout).returns(true)
|
||||
@controller.expects(:redirect_to).with(admin_root_path)
|
||||
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
|
||||
@controller.sign_out_and_redirect(:admin)
|
||||
end
|
||||
end
|
||||
|
||||
test 'is not a devise controller' do
|
||||
|
|
|
|||
Loading…
Reference in New Issue