refactor: move session revocation route to write api

2025-12-24 09:20:32 +01:00 · 2020-11-10 14:27:31 -05:00
parent e250c3f1fb
commit f300c933a5
6 changed files with 61 additions and 56 deletions
--- a/test/controllers.js
+++ b/test/controllers.js
@@ -813,19 +813,19 @@ describe('Controllers', function () {
 		});

 		it('should fail if user doesn\'t exist', function (done) {
-			request.del(nconf.get('url') + '/api/user/doesnotexist/session/1112233', {
+			request.del(`${nconf.get('url')}/api/v3/users/doesnotexist/sessions/1112233`, {
 				jar: jar,
 				headers: {
 					'x-csrf-token': csrf_token,
 				},
 			}, function (err, res, body) {
 				assert.ifError(err);
-				assert.equal(res.statusCode, 403);
+				assert.equal(res.statusCode, 404);
 				assert.deepEqual(JSON.parse(body), {
 					response: {},
 					status: {
-						code: 'forbidden',
-						message: 'You are not authorised to make this call',
+						code: 'not-found',
+						message: '[[error:no-user]]',
 					},
 				});
 				done();
@@ -839,15 +839,21 @@ describe('Controllers', function () {

 				db.sessionStore.get(sid, function (err, sessionObj) {
 					assert.ifError(err);
-					request.del(nconf.get('url') + '/api/user/revokeme/session/' + sessionObj.meta.uuid, {
+					request.del(`${nconf.get('url')}/api/v3/users/${uid}/sessions/${sessionObj.meta.uuid}`, {
 						jar: jar,
 						headers: {
 							'x-csrf-token': csrf_token,
 						},
 					}, function (err, res, body) {
 						assert.ifError(err);
-						assert.equal(res.statusCode, 200);
-						assert.equal(body, 'OK');
+						assert.strictEqual(res.statusCode, 200);
+						assert.deepStrictEqual(JSON.parse(body), {
+							status: {
+								code: 'ok',
+								message: 'OK',
+							},
+							response: {},
+						});
 						done();
 					});
 				});