Fixed that Token.destroy_expired destroys API tokens.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9420 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 24 insertions, 1 deletions

diff --git a/app/models/token.rb b/app/models/token.rb
index c6425f0fa..e97960251 100644
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -34,7 +34,7 @@ class Token < ActiveRecord::Base
 
   # Delete all expired tokens
   def self.destroy_expired
-    Token.delete_all ["action <> 'feeds' AND created_on < ?", Time.now - @@validity_time]
+    Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time]
   end
 
 private
diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb
index 54c1cc9c8..fca97f630 100644
--- a/test/unit/token_test.rb
+++ b/test/unit/token_test.rb
@@ -35,4 +35,27 @@ class TokenTest < ActiveSupport::TestCase
     assert !Token.exists?(t1.id)
     assert  Token.exists?(t2.id)
   end
+
+  def test_destroy_expired_should_not_destroy_feeds_and_api_tokens
+    Token.delete_all
+
+    Token.create!(:user_id => 1, :action => 'api', :created_on => 7.days.ago)
+    Token.create!(:user_id => 1, :action => 'feeds', :created_on => 7.days.ago)
+
+    assert_no_difference 'Token.count' do
+      assert_equal 0, Token.destroy_expired
+    end
+  end
+
+  def test_destroy_expired_should_destroy_expired_tokens
+    Token.delete_all
+
+    Token.create!(:user_id => 1, :action => 'autologin', :created_on => 7.days.ago)
+    Token.create!(:user_id => 2, :action => 'autologin', :created_on => 3.days.ago)
+    Token.create!(:user_id => 3, :action => 'autologin', :created_on => 1.hour.ago)
+
+    assert_difference 'Token.count', -2 do
+      assert_equal 2, Token.destroy_expired
+    end
+  end
 end