Auth sign out (#2511)

* Add a spec for signing out

* Add spec showing that suspended user gets a 403 forbidden on sign out

* Allow suspended account users to sign out

2 files changed, 28 insertions, 0 deletions

diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index 4a5e0da6e..1aa84a354 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -6,6 +6,7 @@ class Auth::SessionsController < Devise::SessionsController
   layout 'auth'
 
   skip_before_action :require_no_authentication, only: [:create]
+  skip_before_action :check_suspension, only: [:destroy]
   prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
 
   def create
diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb
index 393908d97..a2298180a 100644
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@@ -16,6 +16,33 @@ RSpec.describe Auth::SessionsController, type: :controller do
     end
   end
 
+  describe 'DELETE #destroy' do
+    let(:user) { Fabricate(:user) }
+
+    before do
+      request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    context 'with a regular user' do
+      it 'redirects to home after sign out' do
+        sign_in(user, scope: :user)
+        delete :destroy
+
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
+    context 'with a suspended user' do
+      it 'redirects to home after sign out' do
+        Fabricate(:account, user: user, suspended: true)
+        sign_in(user, scope: :user)
+        delete :destroy
+
+        expect(response).to redirect_to(root_path)
+      end
+    end
+  end
+
   describe 'POST #create' do
     before do
       request.env['devise.mapping'] = Devise.mappings[:user]