sign_out_all_scopes is true by default.
This commit is contained in:
José Valim
parent
ab7f3bc175
commit
617b95fdcd
|
|
@ -1,3 +1,6 @@
|
||||||
|
* deprecations
|
||||||
|
* sign_out_all_scopes defaults to true as security measure
|
||||||
|
|
||||||
* enhancements
|
* enhancements
|
||||||
* Added OAuth 2 support
|
* Added OAuth 2 support
|
||||||
* sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
|
* sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
|
||||||
|
|
|
||||||
|
|
@ -162,7 +162,7 @@ module Devise
|
||||||
|
|
||||||
# When set to true, signing out an user signs out all other scopes.
|
# When set to true, signing out an user signs out all other scopes.
|
||||||
mattr_accessor :sign_out_all_scopes
|
mattr_accessor :sign_out_all_scopes
|
||||||
@@sign_out_all_scopes = false
|
@@sign_out_all_scopes = true
|
||||||
|
|
||||||
# The default method used while signing out
|
# The default method used while signing out
|
||||||
mattr_accessor :sign_out_via
|
mattr_accessor :sign_out_via
|
||||||
|
|
|
||||||
|
|
@ -19,9 +19,9 @@ class ControllerAuthenticableTest < ActionController::TestCase
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'proxy anybody_signed_in? to signed_in?' do
|
test 'proxy anybody_signed_in? to signed_in?' do
|
||||||
Devise.mappings.keys.each { |scope| # :user, :admin, :manager
|
Devise.mappings.keys.each do |scope| # :user, :admin, :manager
|
||||||
@controller.expects(:signed_in?).with(scope)
|
@controller.expects(:signed_in?).with(scope)
|
||||||
}
|
end
|
||||||
@controller.anybody_signed_in?
|
@controller.anybody_signed_in?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -185,12 +185,26 @@ class ControllerAuthenticableTest < ActionController::TestCase
|
||||||
@controller.sign_in_and_redirect(admin)
|
@controller.sign_in_and_redirect(admin)
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'sign out and redirect uses the configured after sign out path' do
|
test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
|
||||||
@mock_warden.expects(:user).with(:admin).returns(true)
|
swap Devise, :sign_out_all_scopes => false do
|
||||||
@mock_warden.expects(:logout).with(:admin).returns(true)
|
@mock_warden.expects(:user).with(:admin).returns(true)
|
||||||
@controller.expects(:redirect_to).with(admin_root_path)
|
@mock_warden.expects(:logout).with(:admin).returns(true)
|
||||||
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
|
@controller.expects(:redirect_to).with(admin_root_path)
|
||||||
@controller.sign_out_and_redirect(:admin)
|
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
|
||||||
|
@controller.sign_out_and_redirect(:admin)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
|
||||||
|
swap Devise, :sign_out_all_scopes => true do
|
||||||
|
Devise.mappings.keys.each do |scope| # :user, :admin, :manager
|
||||||
|
@mock_warden.expects(:user).with(scope)
|
||||||
|
end
|
||||||
|
@mock_warden.expects(:logout).returns(true)
|
||||||
|
@controller.expects(:redirect_to).with(admin_root_path)
|
||||||
|
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
|
||||||
|
@controller.sign_out_and_redirect(:admin)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'is not a devise controller' do
|
test 'is not a devise controller' do
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue