From: Andy Allan Date: Wed, 28 Dec 2022 15:14:31 +0000 (+0000) Subject: Add tests to ensure tokens are revoked X-Git-Tag: live~1485^2 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/0925035a3e85da99ea65f892f208851eb123385d?hp=e69716ca05716ca3c01116c4b21c41b1bfd40e74 Add tests to ensure tokens are revoked This ensures that tokens are revoked or invalidated when a user is soft destroyed. --- diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 72e1ca5d9..50615233f 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -258,4 +258,28 @@ class UserTest < ActiveSupport::TestCase assert_not user.visible? assert_not user.active? end + + def test_soft_destroy_revokes_access_tokens + user = create(:user) + access_token = create(:access_token, :user => user) + assert_equal 1, user.oauth_tokens.authorized.count + + user.soft_destroy + + assert_equal 0, user.oauth_tokens.authorized.count + access_token.reload + assert_predicate access_token, :invalidated? + end + + def test_soft_destroy_revokes_oauth_access_tokens + user = create(:user) + oauth_access_token = create(:oauth_access_token, :resource_owner_id => user.id) + assert_equal 1, user.access_tokens.not_expired.count + + user.soft_destroy + + assert_equal 0, user.access_tokens.not_expired.count + oauth_access_token.reload + assert_predicate oauth_access_token, :revoked? + end end