don't invalidate a non-authenticated session, closes #185

packages/ember-simple-auth/lib/ember-simple-auth/mixins/application_route_mixin.js

@@ -182,7 +182,9 @@ var ApplicationRouteMixin = Ember.Mixin.create({
       @method actions.authorizationFailed
     */
     authorizationFailed: function() {
-      this.get(Configuration.sessionPropertyName).invalidate();
+      if (this.get(Configuration.sessionPropertyName).get('isAuthenticated')) {
+        this.get(Configuration.sessionPropertyName).invalidate();
+      }
     }
   }
 });

packages/ember-simple-auth/tests/mixins/application_route_mixin_test.js

@@ -124,11 +124,26 @@ describe('ApplicationRouteMixin', function() {
   });
 
   describe('the "authorizationFailed" action', function() {
-    it('invalidates the session', function() {
-      sinon.stub(this.session, 'invalidate').returns(Ember.RSVP.resolve());
-      this.route._actions.authorizationFailed.apply(this.route);
+    describe('when the session is authenticated', function() {
+      beforeEach(function() {
+        this.session.set('isAuthenticated', true);
+      });
 
-      expect(this.session.invalidate).to.have.been.calledOnce;
+      it('invalidates the session', function() {
+        sinon.stub(this.session, 'invalidate').returns(Ember.RSVP.resolve());
+        this.route._actions.authorizationFailed.apply(this.route);
+
+        expect(this.session.invalidate).to.have.been.calledOnce;
+      });
+    });
+
+    describe('when the session is not authenticated', function() {
+      it('does not try to invalidate the session', function() {
+        sinon.stub(this.session, 'invalidate').returns(Ember.RSVP.resolve());
+        this.route._actions.authorizationFailed.apply(this.route);
+
+        expect(this.session.invalidate).to.not.have.been.calledOnce;
+      });
     });
   });
 });