This avoids needing to access the session id, which is currently
only working with the memcache store.
The fallback page is preserved for anyone who wants to logout without
using javascript.
Refs #2488
def logout
@title = t "users.logout.title"
def logout
@title = t "users.logout.title"
- if params[:session] == session.id
if session[:token]
token = UserToken.find_by(:token => session[:token])
token&.destroy
if session[:token]
token = UserToken.find_by(:token => session[:token])
token&.destroy
<%= yield :greeting %>
</li>
<li>
<%= yield :greeting %>
</li>
<li>
- <%= link_to t("layouts.logout"), logout_path(:session => session.id, :referer => request.fullpath), :class => "geolink" %>
+ <%= link_to t("layouts.logout"), logout_path(:referer => request.fullpath), :method => "post", :class => "geolink" %>
<%= form_tag :action => "logout" do %>
<%= hidden_field_tag("referer", h(params[:referer])) %>
<%= form_tag :action => "logout" do %>
<%= hidden_field_tag("referer", h(params[:referer])) %>
- <%= hidden_field_tag("session", session.id) %>
<%= submit_tag t(".logout_button") %>
<% end %>
<%= submit_tag t(".logout_button") %>
<% end %>
end
def test_logout_without_referer
end
def test_logout_without_referer
- get :logout
- assert_response :success
- assert_template :logout
- assert_select "input[name=referer][value=?]", ""
-
- session_id = assert_select("input[name=session]").first["value"]
-
- get :logout, :params => { :session => session_id }
assert_response :redirect
assert_redirected_to root_path
end
def test_logout_with_referer
assert_response :redirect
assert_redirected_to root_path
end
def test_logout_with_referer
- get :logout, :params => { :referer => "/test" }
- assert_response :success
- assert_template :logout
- assert_select "input[name=referer][value=?]", "/test"
-
- session_id = assert_select("input[name=session]").first["value"]
-
- get :logout, :params => { :session => session_id, :referer => "/test" }
+ post :logout, :params => { :referer => "/test" }
assert_response :redirect
assert_redirected_to "/test"
end
assert_response :redirect
assert_redirected_to "/test"
end
session[:token] = token.token
session[:token] = token.token
- get :logout
- assert_response :success
- assert_template :logout
- assert_select "input[name=referer][value=?]", ""
- assert_equal token.token, session[:token]
- assert_not_nil UserToken.where(:id => token.id).first
-
- session_id = assert_select("input[name=session]").first["value"]
-
- get :logout, :params => { :session => session_id }
assert_response :redirect
assert_redirected_to root_path
assert_nil session[:token]
assert_response :redirect
assert_redirected_to root_path
assert_nil session[:token]
--- /dev/null
+require "application_system_test_case"
+
+class UserLogoutTest < ApplicationSystemTestCase
+ test "Sign out via link" do
+ user = create(:user)
+ sign_in_as(user)
+
+ click_on user.display_name
+ click_on "Log Out"
+ assert page.has_content? "Log In"
+ end
+
+ test "Sign out via fallback page" do
+ sign_in_as(create(:user))
+
+ visit logout_path
+ assert page.has_content? "Logout from OpenStreetMap"
+
+ click_button "Logout"
+ assert page.has_content? "Log In"
+ end
+end
projects / rails.git / commitdiff