+ test "when authenticated with request token, revokes it and clears it from session" do
+ oauth_token = insert(:oauth_token)
+
+ conn =
+ build_conn()
+ |> Plug.Session.call(Plug.Session.init(@session_opts))
+ |> fetch_session()
+ |> AuthHelper.put_session_token(oauth_token.token)
+ |> post("/oauth/revoke", %{"token" => oauth_token.token})
+
+ assert json_response(conn, 200)
+
+ refute AuthHelper.get_session_token(conn)
+ assert Token.get_by_token(oauth_token.token) == {:error, :not_found}
+ end
+
+ test "if request is authenticated with a different token, " <>
+ "revokes requested token but keeps session token" do
+ user = insert(:user)
+ oauth_token = insert(:oauth_token, user: user)
+ other_app_oauth_token = insert(:oauth_token, user: user)
+
+ conn =
+ build_conn()
+ |> Plug.Session.call(Plug.Session.init(@session_opts))
+ |> fetch_session()
+ |> AuthHelper.put_session_token(oauth_token.token)
+ |> post("/oauth/revoke", %{"token" => other_app_oauth_token.token})
+
+ assert json_response(conn, 200)
+
+ assert AuthHelper.get_session_token(conn) == oauth_token.token
+ assert Token.get_by_token(other_app_oauth_token.token) == {:error, :not_found}
+ end
+