Merge pull request #1433 from artemk/master

current_user still returning user after sign_out

lib/devise/controllers/helpers.rb

@@ -139,6 +139,7 @@ module Devise
         warden.user(scope) # Without loading user here, before_logout hook is not called
         warden.raw_session.inspect # Without this inspect here. The session does not clear.
         warden.logout(scope)
+        @current_user = nil
       end
 
       # Sign out all active users or scopes. This helper is useful for signing out all roles
@@ -147,6 +148,7 @@ module Devise
         Devise.mappings.keys.each { |s| warden.user(s) }
         warden.raw_session.inspect
         warden.logout
+        @current_user = nil
       end
 
       # Returns and delete the url stored in the session for the given scope. Useful

test/controllers/helpers_test.rb

@@ -137,6 +137,24 @@ class ControllerAuthenticatableTest < ActionController::TestCase
     @controller.sign_in(user, :bypass => true)
   end
 
+  test 'sign out clears up any signed in user from all scopes' do
+    user = User.new
+    @mock_warden.expects(:user).times(Devise.mappings.size)
+    @mock_warden.expects(:logout).with().returns(true)
+    @controller.instance_variable_set(:@current_user, user)
+    @controller.sign_out
+    assert_equal nil, @controller.instance_variable_get(:@current_user)
+  end
+
+  test 'sign out clears up any signed in user by scope' do
+    user = User.new
+    @mock_warden.expects(:user).with(:user).returns(user)
+    @mock_warden.expects(:logout).with(:user).returns(true)
+    @controller.instance_variable_set(:@current_user, user)
+    @controller.sign_out(:user)
+    assert_equal nil, @controller.instance_variable_get(:@current_user)
+  end
+  
   test 'sign out proxy to logout on warden' do
     @mock_warden.expects(:user).with(:user).returns(true)
     @mock_warden.expects(:logout).with(:user).returns(true)