Add tests to ensure tokens are revoked

This ensures that tokens are revoked or invalidated when a user
is soft destroyed.

diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index 72e1ca5d9817e74b3d163eb4fb38d8cd6c3e5c3d..50615233f971098bb67f892569d099a0e0f45c17 100644 (file)
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -258,4 +258,28 @@ class UserTest < ActiveSupport::TestCase
     assert_not user.visible?
     assert_not user.active?
   end
+
+  def test_soft_destroy_revokes_access_tokens
+    user = create(:user)
+    access_token = create(:access_token, :user => user)
+    assert_equal 1, user.oauth_tokens.authorized.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.oauth_tokens.authorized.count
+    access_token.reload
+    assert_predicate access_token, :invalidated?
+  end
+
+  def test_soft_destroy_revokes_oauth_access_tokens
+    user = create(:user)
+    oauth_access_token = create(:oauth_access_token, :resource_owner_id => user.id)
+    assert_equal 1, user.access_tokens.not_expired.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.access_tokens.not_expired.count
+    oauth_access_token.reload
+    assert_predicate oauth_access_token, :revoked?
+  end
 end