Ensure push subscription is immediately removed when application is revoked (#7548)

* Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe too
2018-05-19 21:05:08 +02:00
parent 5910eb9b61
commit 8378b72eba
8 changed files with 76 additions and 4 deletions
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@@ -39,4 +39,24 @@ describe Oauth::AuthorizedApplicationsController do
      include_examples 'stores location for user'
    end
  end
+
+  describe 'DELETE #destroy' do
+    let!(:user) { Fabricate(:user) }
+    let!(:application) { Fabricate(:application) }
+    let!(:access_token) { Fabricate(:accessible_access_token, application: application, resource_owner_id: user.id) }
+    let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
+
+    before do
+      sign_in user, scope: :user
+      post :destroy, params: { id: application.id }
+    end
+
+    it 'revokes access tokens for the application' do
+      expect(Doorkeeper::AccessToken.where(application: application).first.revoked_at).to_not be_nil
+    end
+
+    it 'removes subscriptions for the application\'s access tokens' do
+      expect(Web::PushSubscription.where(user: user).count).to eq 0
+    end
+  end
 end