Minimal sinatra app exposing suspected bug in warden. The callback is not called when logging out.

app.rb

require 'sinatra'
require 'warden'

class User

  def initialize(id = nil)
    @id = id
  end

  def self.find_by_username(username)
    User.new
  end

  def authenticate?(password)
    password == 'password'
  end

  def id
    @id ||= SecureRandom.random_number(100)
  end

end

enable :sessions

use Warden::Manager do |config|
  config.default_strategies :password
  config.failure_app = Sinatra::Application
  config.serialize_into_session {|user| user.id }
  config.serialize_from_session {|id| User.new(id) }
end

Warden::Manager.before_failure do |env, opts|
  env['REQUEST_METHOD'] = 'POST'
end

Warden::Manager.before_logout do |user,auth,opts|
  auth.env['rack.logger'].info "Logging out user with id #{user.id}"
end

Warden::Strategies.add(:password) do
  def valid?
    params['username'] && params['password']
  end

  def authenticate!
    user = User.find_by_username(params['username'])
    if user.authenticate?(params['password'])
      success!(user)
    else
      fail!
    end
  end
end

get '/' do
  if env['warden'].authenticated?
    "Logged in as user with id #{env['warden'].user.id}. <a href=\"/logout\">Logout</a>"
  else
    'Unknown user. <a href="/session">Login</a>'
  end
end

get '/session' do
  erb :login
end

post '/session' do
  env['warden'].authenticate!
  redirect '/'
end

get '/logout' do
  env['warden'].logout
  redirect '/'
end

post '/unauthenticated/?' do
  redirect '/'
end

__END__

@@ login
<html>
<head><title>Login</title></head>
<body>
<form method="post" action="/session">
<p>
  <label for="username">Username</label> <input type="text" name="username"/>
</p>
<p>
  <label for="password">Password</label> <input type="password" name="password" required/>
</p>
<p>
  <button type="submit">Login</button>
</p>
</form>
</body>
</html>