Merge branch '7.x-1.x' of git.drupal.org:project/restful into 7.x-1.x

Author: Mateu Aguiló Bosch

modules/restful_token_auth/restful_token_auth.module

@@ -131,3 +131,24 @@ function restful_token_auth_cron() {
   $ids = array_keys($result['restful_token_auth']);
   entity_delete_multiple('restful_token_auth', $ids);
 }
+
+/**
+ * Implements hook_user_update().
+ */
+function restful_token_auth_user_update(&$edit, $account, $category) {
+  if ($edit['status']) {
+    return;
+  }
+
+  $query = new EntityFieldQuery();
+  $result = $query
+    ->entityCondition('entity_type', 'restful_token_auth')
+    ->propertyCondition('uid', $account->uid)
+    ->execute();
+
+  if (empty($result['restful_token_auth'])) {
+    return;
+  }
+
+  entity_delete_multiple('restful_token_auth', array_keys($result['restful_token_auth']));
+}

modules/restful_token_auth/tests/RestfulTokenAuthenticationTestCase.test

@@ -17,25 +17,50 @@ class RestfulTokenAuthenticationTestCase extends DrupalWebTestCase {
 
   function setUp() {
     parent::setUp('restful_example', 'restful_token_auth', 'entityreference');
+
+    $this->user = $this->drupalCreateUser();
+  }
+
+  /**
+   * Testing the user's access token will be invalidate one the user is blocked.
+   */
+  function testTokenInvalidating() {
+    $this->drupalLogin($this->user);
+    $handler = restful_get_restful_handler('access_token');
+
+    // Generating token.
+    $handler->get();
+
+    // Blocking the user.
+    user_save($this->user, array('status' => FALSE));
+
+    // Verify the token removed.
+    $query = new EntityFieldQuery();
+    $result = $query
+      ->entityCondition('entity_type', 'restful_token_auth')
+      ->propertyCondition('uid', $this->user->uid)
+      ->execute();
+
+    $this->assertTrue(empty($result), 'The access tokens invalidated when blocking the user.');
   }
 
   /**
    * Test authenticating a user.
    */
   function testAuthentication() {
     // Create user.
-    $user1 = $this->drupalCreateUser();
-    $this->drupalLogin($user1);
+    $this->user = $this->drupalCreateUser();
+    $this->drupalLogin($this->user);
 
     // Create "Article" node.
     $title1 = $this->randomName();
     $settings = array(
       'type' => 'article',
       'title' => $title1,
-      'uid' => $user1->uid,
+      'uid' => $this->user->uid,
     );
     $node1 = $this->drupalCreateNode($settings);
-    $id= $node1->nid;
+    $id = $node1->nid;
 
     // Get a token for the user, using the handler.
     $handler = restful_get_restful_handler('access_token');

plugins/authentication/RestfulAuthenticationManager.php

@@ -87,13 +87,13 @@ public function getAccount(array $request = array(), $method = \RestfulInterface
     // Resolve the user based on the providers in the manager.
     $account = NULL;
     foreach ($this as $provider) {
-      if ($provider->applies($request, $method) && $account = $provider->authenticate($request, $method)) {
+      if ($provider->applies($request) && ($account = $provider->authenticate($request)) && $account->uid && $account->status) {
         // The account has been loaded, we can stop looking.
         break;
       }
     }
 
-    if (!$account) {
+    if (empty($account->uid) || !$account->status) {
 
       if ($this->count() && !$this->getIsOptional()) {
         // Allow caching pages for anonymous users.