Fix Devise destroy method being available to delete user record (#3266)
(You may think that we need account deletions, but this way would've just orphaned the db records)main
parent
19ecde8fe7
commit
2ca1f0737a
|
@ -6,6 +6,10 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
||||||
before_action :check_enabled_registrations, only: [:new, :create]
|
before_action :check_enabled_registrations, only: [:new, :create]
|
||||||
before_action :configure_sign_up_params, only: [:create]
|
before_action :configure_sign_up_params, only: [:create]
|
||||||
|
|
||||||
|
def destroy
|
||||||
|
not_found
|
||||||
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def build_resource(hash = nil)
|
def build_resource(hash = nil)
|
||||||
|
|
|
@ -35,4 +35,22 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
|
||||||
expect(user.locale).to eq(accept_language)
|
expect(user.locale).to eq(accept_language)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'DELETE #destroy' do
|
||||||
|
let(:user) { Fabricate(:user) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
||||||
|
sign_in(user, scope: :user)
|
||||||
|
delete :destroy
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns http not found' do
|
||||||
|
expect(response).to have_http_status(:not_found)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not delete user' do
|
||||||
|
expect(User.find(user.id)).to_not be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue