about summary refs log tree commit diff
path: root/spec/controllers/auth
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-05-23 21:32:42 +0200
committerGitHub <noreply@github.com>2017-05-23 21:32:42 +0200
commit2ca1f0737a42f2943e8cf063f16eac5f93df2ed3 (patch)
tree5a8c06f6e90066188e10c08fed66f78223cf41af /spec/controllers/auth
parent19ecde8fe77137afc1182132bf81579f933e518b (diff)
Fix Devise destroy method being available to delete user record (#3266)
(You may think that we need account deletions, but this way would've just orphaned the db records)
Diffstat (limited to 'spec/controllers/auth')
-rw-r--r--spec/controllers/auth/registrations_controller_spec.rb18
1 files changed, 18 insertions, 0 deletions
diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb
index c2141766e..df0a3bfa6 100644
--- a/spec/controllers/auth/registrations_controller_spec.rb
+++ b/spec/controllers/auth/registrations_controller_spec.rb
@@ -35,4 +35,22 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
       expect(user.locale).to eq(accept_language)
     end
   end
+
+  describe 'DELETE #destroy' do
+    let(:user) { Fabricate(:user) }
+
+    before do
+      request.env['devise.mapping'] = Devise.mappings[:user]
+      sign_in(user, scope: :user)
+      delete :destroy
+    end
+
+    it 'returns http not found' do
+      expect(response).to have_http_status(:not_found)
+    end
+
+    it 'does not delete user' do
+      expect(User.find(user.id)).to_not be_nil
+    end
+  end
 end