From 65f08ea175a2786bfca09da1e54dd203f136026e Mon Sep 17 00:00:00 2001
From: Rodrigo Flores <rodrigo.flores@plataformatec.com.br>
Date: Thu, 16 Feb 2012 14:40:34 -0200
Subject: [PATCH] Removing signed_out path workaround

---
 app/controllers/devise/sessions_controller.rb          |  5 ++---
 lib/devise/controllers/helpers.rb                      | 10 ++++++++--
 lib/devise/hooks/timeoutable.rb                        |  7 ++-----
 test/integration/timeoutable_test.rb                   |  2 ++
 .../app/controllers/application_controller.rb          |  2 +-
 5 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb
index 69579030..933de540 100644
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@@ -19,10 +19,9 @@ class Devise::SessionsController < DeviseController
 
   # DELETE /resource/sign_out
   def destroy
-    signed_in = signed_in?(resource_name)
     redirect_path = after_sign_out_path_for(resource_name)
-    Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
-    set_flash_message :notice, :signed_out if signed_in
+    signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
+    set_flash_message :notice, :signed_out if signed_out
 
     # We actually need to hardcode this as Rails default responder doesn't
     # support returning empty response on GET request
diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb
index 37a8ce11..b93f6d69 100644
--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@@ -136,19 +136,25 @@ module Devise
       def sign_out(resource_or_scope=nil)
         return sign_out_all_scopes unless resource_or_scope
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        warden.user(:scope => scope, :run_callbacks => false) # Without loading user here, before_logout hook is not called
+        return false unless warden.user(:scope => scope, :run_callbacks => false) # Without loading user here, before_logout hook is not called
+
         warden.raw_session.inspect # Without this inspect here. The session does not clear.
         warden.logout(scope)
         instance_variable_set(:"@current_#{scope}", nil)
+        true
       end
 
       # Sign out all active users or scopes. This helper is useful for signing out all roles
       # in one click. This signs out ALL scopes in warden.
       def sign_out_all_scopes
-        Devise.mappings.keys.each { |s| warden.user(:scope => s, :run_callbacks => false) }
+        users = Devise.mappings.keys.map { |s| warden.user(:scope => s, :run_callbacks => false) }
+
         warden.raw_session.inspect
         warden.logout
         expire_devise_cached_variables!
+
+        return false if users.compact.empty?
+        true
       end
 
       # Returns and delete the url stored in the session for the given scope. Useful
diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb
index 933e2c2f..92327174 100644
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@@ -10,11 +10,8 @@ Warden::Manager.after_set_user do |record, warden, options|
     last_request_at = warden.session(scope)['last_request_at']
 
     if record.timedout?(last_request_at)
-      path_checker = Devise::PathChecker.new(warden.env, scope)
-      unless path_checker.signing_out?
-        warden.logout(scope)
-        throw :warden, :scope => scope, :message => :timeout
-      end
+      warden.logout(scope)
+      throw :warden, :scope => scope, :message => :timeout
     end
 
     unless warden.request.env['devise.skip_trackable']
diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb
index 44cee0de..b81d4c42 100644
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@@ -50,10 +50,12 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     get expire_user_path(user)
 
     get destroy_user_session_path
+
     assert_response :redirect
     assert_redirected_to root_path
 
     follow_redirect!
+
     assert_contain 'Signed out successfully'
   end
 
diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb
index 4b470eaa..c1cfa499 100644
--- a/test/rails_app/app/controllers/application_controller.rb
+++ b/test/rails_app/app/controllers/application_controller.rb
@@ -3,6 +3,6 @@
 
 class ApplicationController < ActionController::Base
   protect_from_forgery
-  before_filter :current_user
+  before_filter :current_user, :unless => :devise_controller?
   before_filter :authenticate_user!, :if => :devise_controller?
 end