diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2017-05-23 21:32:42 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-05-23 21:32:42 +0200 |
commit | 2ca1f0737a42f2943e8cf063f16eac5f93df2ed3 (patch) | |
tree | 5a8c06f6e90066188e10c08fed66f78223cf41af | |
parent | 19ecde8fe77137afc1182132bf81579f933e518b (diff) |
Fix Devise destroy method being available to delete user record (#3266)
(You may think that we need account deletions, but this way would've just orphaned the db records)
-rw-r--r-- | app/controllers/auth/registrations_controller.rb | 4 | ||||
-rw-r--r-- | spec/controllers/auth/registrations_controller_spec.rb | 18 |
2 files changed, 22 insertions, 0 deletions
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index dd30be32a..d385c08e1 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -6,6 +6,10 @@ class Auth::RegistrationsController < Devise::RegistrationsController before_action :check_enabled_registrations, only: [:new, :create] before_action :configure_sign_up_params, only: [:create] + def destroy + not_found + end + protected def build_resource(hash = nil) diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb index c2141766e..df0a3bfa6 100644 --- a/spec/controllers/auth/registrations_controller_spec.rb +++ b/spec/controllers/auth/registrations_controller_spec.rb @@ -35,4 +35,22 @@ RSpec.describe Auth::RegistrationsController, type: :controller do expect(user.locale).to eq(accept_language) end end + + describe 'DELETE #destroy' do + let(:user) { Fabricate(:user) } + + before do + request.env['devise.mapping'] = Devise.mappings[:user] + sign_in(user, scope: :user) + delete :destroy + end + + it 'returns http not found' do + expect(response).to have_http_status(:not_found) + end + + it 'does not delete user' do + expect(User.find(user.id)).to_not be_nil + end + end end |