Logout now automatically pulls the accessToken from the request
This commit is contained in:
parent
939df463fe
commit
98ed38302a
|
@ -356,7 +356,13 @@ User.setup = function () {
|
||||||
UserModel.logout,
|
UserModel.logout,
|
||||||
{
|
{
|
||||||
accepts: [
|
accepts: [
|
||||||
{arg: 'sid', type: 'string', required: true}
|
{arg: 'access_token', type: 'string', required: true, http: function(ctx) {
|
||||||
|
var req = ctx && ctx.req;
|
||||||
|
var accessToken = req && req.accessToken;
|
||||||
|
var tokenID = accessToken && accessToken.id;
|
||||||
|
|
||||||
|
return tokenID;
|
||||||
|
}}
|
||||||
],
|
],
|
||||||
http: {verb: 'all'}
|
http: {verb: 'all'}
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,9 +68,10 @@ describe('access control - integration', function () {
|
||||||
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER,'GET', urlForUser);
|
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER,'GET', urlForUser);
|
||||||
|
|
||||||
lt.it.shouldBeAllowedWhenCalledAnonymously('POST', '/api/users');
|
lt.it.shouldBeAllowedWhenCalledAnonymously('POST', '/api/users');
|
||||||
lt.it.shouldBeAllowedWhenCalledUnauthenticated('POST', '/api/users');
|
|
||||||
lt.it.shouldBeAllowedWhenCalledByUser(CURRENT_USER, 'POST', '/api/users');
|
lt.it.shouldBeAllowedWhenCalledByUser(CURRENT_USER, 'POST', '/api/users');
|
||||||
|
|
||||||
|
lt.it.shouldBeAllowedWhenCalledByUser(CURRENT_USER, 'POST', '/api/users/logout');
|
||||||
|
|
||||||
lt.describe.whenCalledRemotely('DELETE', '/api/users', function() {
|
lt.describe.whenCalledRemotely('DELETE', '/api/users', function() {
|
||||||
lt.it.shouldNotBeFound();
|
lt.it.shouldNotBeFound();
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue