Use a post link to logout

This avoids needing to access the session id, which is currently only working with the memcache store. The fallback page is preserved for anyone who wants to logout without using javascript. Refs #2488
2020-01-08 14:01:17 +01:00 · 2020-01-08 14:01:17 +01:00 · 8a774e7519
commit 8a774e7519
parent 17ecde019d
5 changed files with 27 additions and 29 deletions
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@ -344,27 +344,13 @@ class UsersControllerTest < ActionController::TestCase
  end

  def test_logout_without_referer
-    get :logout
-    assert_response :success
-    assert_template :logout
-    assert_select "input[name=referer][value=?]", ""
-
-    session_id = assert_select("input[name=session]").first["value"]
-
-    get :logout, :params => { :session => session_id }
+    post :logout
    assert_response :redirect
    assert_redirected_to root_path
  end

  def test_logout_with_referer
-    get :logout, :params => { :referer => "/test" }
-    assert_response :success
-    assert_template :logout
-    assert_select "input[name=referer][value=?]", "/test"
-
-    session_id = assert_select("input[name=session]").first["value"]
-
-    get :logout, :params => { :session => session_id, :referer => "/test" }
+    post :logout, :params => { :referer => "/test" }
    assert_response :redirect
    assert_redirected_to "/test"
  end
@ -374,16 +360,7 @@ class UsersControllerTest < ActionController::TestCase

    session[:token] = token.token

-    get :logout
-    assert_response :success
-    assert_template :logout
-    assert_select "input[name=referer][value=?]", ""
-    assert_equal token.token, session[:token]
-    assert_not_nil UserToken.where(:id => token.id).first
-
-    session_id = assert_select("input[name=session]").first["value"]
-
-    get :logout, :params => { :session => session_id }
+    post :logout
    assert_response :redirect
    assert_redirected_to root_path
    assert_nil session[:token]
--- a/test/system/user_logout_test.rb
+++ b/test/system/user_logout_test.rb
@ -0,0 +1,22 @@
+require "application_system_test_case"
+
+class UserLogoutTest < ApplicationSystemTestCase
+  test "Sign out via link" do
+    user = create(:user)
+    sign_in_as(user)
+
+    click_on user.display_name
+    click_on "Log Out"
+    assert page.has_content? "Log In"
+  end
+
+  test "Sign out via fallback page" do
+    sign_in_as(create(:user))
+
+    visit logout_path
+    assert page.has_content? "Logout from OpenStreetMap"
+
+    click_button "Logout"
+    assert page.has_content? "Log In"
+  end
+end