[Sessions] Remove GET logout route

No more accidentally logging out just because you clicked on a link https://e621.net/forum_topics/31292
2022-04-09 22:45:00 +02:00 · 2022-04-09 22:45:00 +02:00 · 5528f43b0d
commit 5528f43b0d
parent 5e249fd7c5
5 changed files with 4 additions and 18 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -24,13 +24,9 @@ class SessionsController < ApplicationController
    redirect_to(posts_path, :notice => "You are now logged out")
  end

-  def sign_out
-    destroy
-  end
-
  private

  def allowed_readonly_actions
-    super + %w[destroy sign_out]
+    super + %w[destroy]
  end
 end
--- a/app/views/users/_secondary_links.html.erb
+++ b/app/views/users/_secondary_links.html.erb
@ -31,7 +31,7 @@
      <% end %>

      <li>|</li>
-      <%= subnav_link_to "Sign out", sign_out_session_path %>
+      <%= subnav_link_to "Sign out", session_path, method: :delete %>
    <% end %>
  </menu>
 <% end %>
--- a/app/views/users/home.html.erb
+++ b/app/views/users/home.html.erb
@ -130,7 +130,7 @@

  <div class="section" style="width:450px;">
    <ul class="link-page">
-      <li>&raquo; <%= link_to "Logout", sign_out_session_path %></li>
+      <li>&raquo; <%= link_to "Sign out", session_path, method: :delete %></li>
      <li>&raquo; <%= link_to "Settings", edit_user_path(CurrentUser.user) %></li>
      <li>&raquo; <%= link_to "Change password", edit_user_password_path(CurrentUser.user) %></li>
      <li>&raquo; <%= link_to "Manage API Access", user_api_key_path(CurrentUser.user) %></li>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -254,9 +254,7 @@ Rails.application.routes.draw do
  end
  resource :related_tag, :only => [:show, :update]
  match "related_tag/bulk", to: "related_tags#bulk", via: [:get, :post]
-  resource :session, only: [:new, :create, :destroy] do
-    get :sign_out, on: :collection
-  end
+  resource :session, only: [:new, :create, :destroy]
  resources :stats, only: [:index]
  resources :tags do
    resource :correction, :only => [:new, :create, :show], :controller => "tag_corrections"
--- a/test/functional/sessions_controller_test.rb
+++ b/test/functional/sessions_controller_test.rb
@ -30,13 +30,5 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
        assert_nil(session[:user_id])
      end
    end
-
-    context "sign_out action" do
-      should "clear the session" do
-        get_auth sign_out_session_path, @user
-        assert_redirected_to posts_path
-        assert_nil(session[:user_id])
-      end
-    end
  end
 end