]> cat aescling's git repositories - mastodon.git/commitdiff
Fix Devise destroy method being available to delete user record (#3266)
authorEugen Rochko <eugen@zeonfederated.com>
Tue, 23 May 2017 19:32:42 +0000 (21:32 +0200)
committerGitHub <noreply@github.com>
Tue, 23 May 2017 19:32:42 +0000 (21:32 +0200)
(You may think that we need account deletions, but this way would've just orphaned the db records)

app/controllers/auth/registrations_controller.rb
spec/controllers/auth/registrations_controller_spec.rb

index dd30be32a40e98afaffc2cf7e5f54dd63a7435e9..d385c08e1352eecd479f9b565bd30544611abf87 100644 (file)
@@ -6,6 +6,10 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   before_action :check_enabled_registrations, only: [:new, :create]
   before_action :configure_sign_up_params, only: [:create]
 
+  def destroy
+    not_found
+  end
+
   protected
 
   def build_resource(hash = nil)
index c2141766ebc192412b9a933e177835580547148a..df0a3bfa6b608e878e9fea8ebf3df5c923ea397c 100644 (file)
@@ -35,4 +35,22 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
       expect(user.locale).to eq(accept_language)
     end
   end
+
+  describe 'DELETE #destroy' do
+    let(:user) { Fabricate(:user) }
+
+    before do
+      request.env['devise.mapping'] = Devise.mappings[:user]
+      sign_in(user, scope: :user)
+      delete :destroy
+    end
+
+    it 'returns http not found' do
+      expect(response).to have_http_status(:not_found)
+    end
+
+    it 'does not delete user' do
+      expect(User.find(user.id)).to_not be_nil
+    end
+  end
 end