Merge pull request doorkeeper-gem#313 from bryanrite/revoke_do_not_de…

…lete

Update Revoke all to revoke tokens, not delete them.

CHANGELOG.md

@@ -7,6 +7,7 @@
     request time
 - enhancements
   - [#293] ActionController::Instrumentation in TokensController
+  - [#313] `AccessToken.revoke_all_for` actually revokes all non-revoked tokens for an application/owner instead of deleting them. [@bryanrite](https://github.com/bryanrite)
 - internals
   - Removes jQuery dependency
 

lib/doorkeeper/models/access_token.rb

@@ -29,7 +29,10 @@ def self.by_refresh_token(refresh_token)
     end
 
     def self.revoke_all_for(application_id, resource_owner)
-      delete_all_for(application_id, resource_owner)
+      where(:application_id => application_id,
+            :resource_owner_id => resource_owner.id,
+            :revoked_at => nil)
+      .map(&:revoke)
     end
 
     def self.matching_token_for(application, resource_owner_or_id, scopes)

spec/models/doorkeeper/access_token_spec.rb

@@ -58,7 +58,9 @@ module Doorkeeper
       it 'revokes all tokens for given application and resource owner' do
         FactoryGirl.create :access_token, default_attributes
         AccessToken.revoke_all_for application.id, resource_owner
-        AccessToken.all.should be_empty
+        AccessToken.all.each do |token|
+          token.should be_revoked
+        end
       end
 
       it 'matches application' do