diff --git a/src/routes/simpleauth.js b/src/routes/simpleauth.js index 8f2b67974..82d5b50cf 100644 --- a/src/routes/simpleauth.js +++ b/src/routes/simpleauth.js @@ -42,7 +42,9 @@ function login(req, res, next) { } function logout(req, res, next) { - simpleauth.logout(function (error) { + assert.strictEqual(typeof req.user, 'object'); + + simpleauth.logout(req.accessToken, function (error) { if (error) return next(new HttpError(500, error)); next(new HttpSuccess(200, {})); diff --git a/src/routes/test/simpleauth-test.js b/src/routes/test/simpleauth-test.js index e549dfe8b..4b5a58ab5 100644 --- a/src/routes/test/simpleauth-test.js +++ b/src/routes/test/simpleauth-test.js @@ -26,7 +26,6 @@ var CLIENT = { redirectURI: '', scope: 'user,profile' }; -var token = null; var server; function setup(done) { @@ -49,9 +48,6 @@ function setup(done) { expect(scope1.isDone()).to.be.ok(); expect(scope2.isDone()).to.be.ok(); - // stash token for further use - token = result.body.token; - callback(); }); }, @@ -198,8 +194,77 @@ describe('SimpleAuth API', function () { expect(result.body.user.username).to.be.a('string'); expect(result.body.user.email).to.be.a('string'); expect(result.body.user.admin).to.be.a('boolean'); + + request.get(SERVER_URL + '/api/v1/profile') + .query({ access_token: result.body.accessToken }) + .end(function (error, result) { + expect(error).to.be(null); + expect(result.body).to.be.an('object'); + expect(result.body.username).to.eql(USERNAME); + + done(); + }); + }); + }); + }); + + describe('logout', function () { + var accessToken; + + before(function (done) { + var body = { + clientId: CLIENT.id, + username: USERNAME, + password: PASSWORD + }; + + request.post(SERVER_URL + '/api/v1/simpleauth/login') + .send(body) + .end(function (error, result) { + expect(error).to.be(null); + expect(result.statusCode).to.equal(201); + + accessToken = result.body.accessToken; + done(); }); }); + + it('fails without access_token', function (done) { + request.get(SERVER_URL + '/api/v1/simpleauth/logout') + .end(function (error, result) { + expect(error).to.be(null); + expect(result.statusCode).to.equal(401); + done(); + }); + }); + + it('fails with unkonwn access_token', function (done) { + request.get(SERVER_URL + '/api/v1/simpleauth/logout') + .query({ access_token: accessToken+accessToken }) + .end(function (error, result) { + expect(error).to.be(null); + expect(result.statusCode).to.equal(401); + done(); + }); + }); + + it('succeeds', function (done) { + request.get(SERVER_URL + '/api/v1/simpleauth/logout') + .query({ access_token: accessToken }) + .end(function (error, result) { + expect(error).to.be(null); + expect(result.statusCode).to.equal(200); + + request.get(SERVER_URL + '/api/v1/profile') + .query({ access_token: accessToken }) + .end(function (error, result) { + expect(error).to.be(null); + expect(result.statusCode).to.equal(401); + + done(); + }); + }); + }); }); }); diff --git a/src/server.js b/src/server.js index c47cd30fe..3ae5a8bf3 100644 --- a/src/server.js +++ b/src/server.js @@ -143,7 +143,7 @@ function initializeExpressSync() { // basic auth router.post('/api/v1/simpleauth/login', routes.simpleauth.login); - router.get ('/api/v1/simpleauth/logout', routes.simpleauth.logout); + router.get ('/api/v1/simpleauth/logout', profileScope, routes.simpleauth.logout); // app routes router.get ('/api/v1/apps', appsScope, routes.apps.getApps);