verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Logout now automatically pulls the accessToken from the request

This commit is contained in:
Ritchie Martori 2013-12-17 21:22:05 -08:00
parent 939df463fe
commit 98ed38302a
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/models/user.js
View File

@ -356,7 +356,13 @@ User.setup = function () {
UserModel.logout,
{
accepts: [
{arg: 'sid', type: 'string', required: true}
{arg: 'access_token', type: 'string', required: true, http: function(ctx) {
var req = ctx && ctx.req;
var accessToken = req && req.accessToken;
var tokenID = accessToken && accessToken.id;
return tokenID;
}}
],
http: {verb: 'all'}
}

3
test/access-control.integration.js
View File

@ -68,9 +68,10 @@ describe('access control - integration', function () {
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER,'GET', urlForUser);
lt.it.shouldBeAllowedWhenCalledAnonymously('POST', '/api/users');
lt.it.shouldBeAllowedWhenCalledUnauthenticated('POST', '/api/users');
lt.it.shouldBeAllowedWhenCalledByUser(CURRENT_USER, 'POST', '/api/users');
lt.it.shouldBeAllowedWhenCalledByUser(CURRENT_USER, 'POST', '/api/users/logout');
lt.describe.whenCalledRemotely('DELETE', '/api/users', function() {
lt.it.shouldNotBeFound();
});