FIX: revoke any api keys when suspending an user

2015-08-23 22:33:03 +02:00 · 2015-08-23 22:33:03 +02:00 · 73624e63c5
parent 91519fdfe7
commit 73624e63c5
2 changed files with 12 additions and 1 deletions
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@ -53,6 +53,7 @@ class Admin::UsersController < Admin::AdminController
    @user.suspended_till = params[:duration].to_i.days.from_now
    @user.suspended_at = DateTime.now
    @user.save!
+    @user.revoke_api_key
    StaffActionLogger.new(current_user).log_user_suspend(@user, params[:reason])
    MessageBus.publish "/logout", @user.id, user_ids: [@user.id]
    render nothing: true
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@ -121,6 +121,17 @@ describe Admin::UsersController do

    end

+    context '.suspend' do
+
+      let(:evil_trout) { Fabricate(:evil_trout) }
+
+      it "also revoke any api keys" do
+        User.any_instance.expects(:revoke_api_key)
+        xhr :put, :suspend, user_id: evil_trout.id
+      end
+
+    end
+
    context '.revoke_admin' do
      before do
        @another_admin = Fabricate(:admin)
@ -501,7 +512,6 @@ describe Admin::UsersController do
    user = DiscourseSingleSignOn.parse(sso.payload)
                                .lookup_or_create_user

-
    sso.name = "Bill"
    sso.username = "Hokli$$!!"
    sso.email = "bob2@bob.com"