diff options
| author | mo khan <mo@mokhan.ca> | 2014-11-15 10:07:04 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2014-11-15 10:07:04 -0700 |
| commit | 3692e15425add01de0a99457b4679ba33146a070 (patch) | |
| tree | 0a3134f44b64a028dce52558d9480eb5183f6b5d | |
| parent | f46d8c890b2e93cfbe8536c0b4d8f362336a8910 (diff) | |
revoke a session when a user logs out.
| -rw-r--r-- | app/models/session.rb | 4 | ||||
| -rw-r--r-- | db/migrate/20141115170606_add_revoked_at_to_sessions.rb | 5 | ||||
| -rw-r--r-- | db/schema.rb | 3 | ||||
| -rw-r--r-- | spec/controllers/sessions_controller_spec.rb | 10 | ||||
| -rw-r--r-- | spec/factories.rb | 2 | ||||
| -rw-r--r-- | spec/models/session_spec.rb | 9 |
6 files changed, 30 insertions, 3 deletions
diff --git a/app/models/session.rb b/app/models/session.rb index 90ff36c..7d39c9c 100644 --- a/app/models/session.rb +++ b/app/models/session.rb @@ -14,6 +14,10 @@ class Session < ActiveRecord::Base end end + def revoke! + update_attribute(:revoked_at, Time.now.utc) + end + class << self def authenticate!(session_key) Session.find(session_key) diff --git a/db/migrate/20141115170606_add_revoked_at_to_sessions.rb b/db/migrate/20141115170606_add_revoked_at_to_sessions.rb new file mode 100644 index 0000000..9c4146b --- /dev/null +++ b/db/migrate/20141115170606_add_revoked_at_to_sessions.rb @@ -0,0 +1,5 @@ +class AddRevokedAtToSessions < ActiveRecord::Migration + def change + add_column :sessions, :revoked_at, :datetime, default: nil + end +end diff --git a/db/schema.rb b/db/schema.rb index f7a37ea..aabcd6c 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20141111043011) do +ActiveRecord::Schema.define(version: 20141115170606) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -49,6 +49,7 @@ ActiveRecord::Schema.define(version: 20141111043011) do t.string "ip_address" t.datetime "created_at" t.datetime "updated_at" + t.datetime "revoked_at" end create_table "users", force: true do |t| diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index 088633c..9a5144c 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -43,11 +43,19 @@ describe SessionsController do context "#destroy" do let(:user_session) { create(:session) } - it "removes the current session" do + before :each do cookies.signed[:raphael] = user_session.id delete :destroy, { id: 'mine' } + end + + it "removes the current session" do expect(request.cookies[:raphael]).to be_nil expect(response).to redirect_to(new_session_path) end + + it 'revokes the current session' do + user_session.reload + expect(user_session.revoked_at).to_not be_nil + end end end diff --git a/spec/factories.rb b/spec/factories.rb index 3af30fc..df9fef9 100644 --- a/spec/factories.rb +++ b/spec/factories.rb @@ -12,7 +12,7 @@ FactoryGirl.define do password_confirmation "password" end - factory :session do + factory :session, aliases: [:user_session] do user end diff --git a/spec/models/session_spec.rb b/spec/models/session_spec.rb index 081a278..acd6cad 100644 --- a/spec/models/session_spec.rb +++ b/spec/models/session_spec.rb @@ -25,4 +25,13 @@ describe Session do end end end + + context "#revoke!" do + subject { create(:user_session) } + + it 'marks the time the session was revoked' do + subject.revoke! + expect(subject.revoked_at).to_not be_nil + end + end end |