]> git.openstreetmap.org Git - rails.git/commitdiff
Add tests to ensure tokens are revoked
authorAndy Allan <git@gravitystorm.co.uk>
Wed, 28 Dec 2022 15:14:31 +0000 (15:14 +0000)
committerAndy Allan <git@gravitystorm.co.uk>
Wed, 28 Dec 2022 15:25:57 +0000 (15:25 +0000)
This ensures that tokens are revoked or invalidated when a user
is soft destroyed.

test/models/user_test.rb

index 72e1ca5d9817e74b3d163eb4fb38d8cd6c3e5c3d..50615233f971098bb67f892569d099a0e0f45c17 100644 (file)
@@ -258,4 +258,28 @@ class UserTest < ActiveSupport::TestCase
     assert_not user.visible?
     assert_not user.active?
   end
+
+  def test_soft_destroy_revokes_access_tokens
+    user = create(:user)
+    access_token = create(:access_token, :user => user)
+    assert_equal 1, user.oauth_tokens.authorized.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.oauth_tokens.authorized.count
+    access_token.reload
+    assert_predicate access_token, :invalidated?
+  end
+
+  def test_soft_destroy_revokes_oauth_access_tokens
+    user = create(:user)
+    oauth_access_token = create(:oauth_access_token, :resource_owner_id => user.id)
+    assert_equal 1, user.access_tokens.not_expired.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.access_tokens.not_expired.count
+    oauth_access_token.reload
+    assert_predicate oauth_access_token, :revoked?
+  end
 end