has_auth_cookie was not implemented correctly, causing logged in requests to be handled as though they are anon

SamSaffron · SamSaffron · commit 0b253ba6a926 · 2013-10-17T10:35:31.000+11:00
diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
@@ -73,7 +73,7 @@ def is_api?
 
   def has_auth_cookie?
     request = Rack::Request.new(@env)
-    cookie = request.cookies[CURRENT_USER_KEY]
+    cookie = request.cookies[TOKEN_COOKIE]
     !cookie.nil? && cookie.length == 32
   end
 end
diff --git a/spec/components/middleware/anonymous_cache_spec.rb b/spec/components/middleware/anonymous_cache_spec.rb
@@ -19,6 +19,10 @@ def new_helper(env={})
     it "is false for non GET" do
       new_helper("ANON_CACHE_DURATION" => 10, "REQUEST_METHOD" => "POST").cacheable?.should be_false
     end
+
+    it "is false if it has an auth cookie" do
+      new_helper("HTTP_COOKIE" => "jack=1; _t=#{"1"*32}; jill=2").cacheable?.should be_false
+    end
   end
 
   context "cached" do
