Rails API not able to destroy session
I am using Rails API and devise for authentication but when sending a request to destroy the session, it doesn't return any response other then status 200.It returns the same response no matter if the user exists, is logged in or the password is incorrect.
url http://localhost:3000/users/sign_in
I'm sending a DELETE request through Postman and it just returns a 200 response. It should be returning the data which is stored in the @message
{
"user":{
"email":"abc@abc.com",
"password":"abc@abc.com"
}
}
I even tried to destory the session using the session id:
curl -X DELETE -d "3" http://localhost:3000/users/sign_out
sessions_controller.rb
class API::V1::SessionsController < Devise::SessionsController
def create
@user = User.find_by_email(user_params[:email])
if @user && @user.valid_password?(user_params[:password])
session[:user_id]=@user.id
sign_in :user, @user
render json: @user
elsif @user && not(@user.valid_password?(user_params[:password]))
invalid_attempt
else
no_user
end
end
def destroy
@message = "signed out"
session.delete(:user_id)
sign_out(@user)
render json: @message
end
private
def no_user
render json: {error: "An account with this email doesn't exist. Please create a new one"}, status: :unprocessable_entity
end
def invalid_attempt
render json: { error: "Your password isn't correct" }, status: :unprocessable_entity
end
def user_params
params.require(:user).permit(:email, :password)
end
end