Remove /user/auth_token route, this was a leftover from the chat

Also remove authentication_token from database
2022-02-27 22:45:40 +01:00 · 2022-02-27 22:45:40 +01:00 · 36778dbeac
commit 36778dbeac
parent 7e889f71eb
11 changed files with 9 additions and 114 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -7,8 +7,6 @@
 class SessionsController < Devise::SessionsController
  # rubocop:disable Rails/LexicallyScopedActionFilter
  before_action :authenticate_with_2fa, only: :create
-  after_action :reset_authentication_token, only: :create
-  before_action :reset_authentication_token, only: :destroy
  # rubocop:enable Rails/LexicallyScopedActionFilter

  def find_user
@ -51,8 +49,4 @@ class SessionsController < Devise::SessionsController
    session[:otp_user_id] = user.id
    render :two_factor
  end
-
-  def reset_authentication_token
-    current_user&.reset_authentication_token!
-  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -130,11 +130,6 @@ class UsersController < ApplicationController
    redirect_to edit_user_path
  end

-  def auth_token
-    current_user.ensure_authentication_token!
-    render status: 200, json: {token: current_user.authentication_token}
-  end
-
  private

  # rubocop:disable Metrics/MethodLength
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -7,7 +7,6 @@
 require "attr_encrypted"

 class User < ApplicationRecord
-  include AuthenticationToken
  include Connecting
  include Querying
  include SocialActions
--- a/app/models/user/authentication_token.rb
+++ b/app/models/user/authentication_token.rb
@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-class User
-  module AuthenticationToken
-    extend ActiveSupport::Concern
-
-    # Generate new authentication token and save the record.
-    def reset_authentication_token!
-      self.authentication_token = self.class.authentication_token
-      save(validate: false)
-    end
-
-    # Generate authentication token unless already exists and save the record.
-    def ensure_authentication_token!
-      reset_authentication_token! if authentication_token.blank?
-    end
-
-    module ClassMethods
-      # Generate a token checking if one does not already exist in the database.
-      def authentication_token
-        loop do
-          token = Devise.friendly_token(30)
-          break token unless User.exists?(authentication_token: token)
-        end
-      end
-    end
-  end
-end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -106,7 +106,6 @@ Rails.application.routes.draw do
    get :download_profile
    post :export_photos
    get :download_photos
-    post :auth_token
  end

  controller :users do
--- a/db/migrate/20220227215443_remove_authentication_token_from_users.rb
+++ b/db/migrate/20220227215443_remove_authentication_token_from_users.rb
@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class RemoveAuthenticationTokenFromUsers < ActiveRecord::Migration[5.2]
+  def change
+    remove_index :users, column: :authentication_token, name: :index_users_on_authentication_token, unique: true
+    remove_column :users, :authentication_token, :string, limit: 30
+  end
+end
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -45,26 +45,4 @@ describe SessionsController, type: :controller do
      expect(response).to redirect_to root_path
    end
  end
-
-  describe "#reset_authentication_token" do
-    context "for a logged in user" do
-      before do
-        sign_in @user, scope: :user
-      end
-
-      it "succeeds" do
-        expect { @controller.send(:reset_authentication_token) }.to_not raise_error
-      end
-    end
-
-    context "for a logged out user" do
-      before do
-        sign_out :user
-      end
-
-      it "succeeds" do
-        expect { @controller.send(:reset_authentication_token) }.to_not raise_error
-      end
-    end
-  end
 end
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -275,13 +275,6 @@ describe UsersController, :type => :controller do
      get :edit, params: {id: @user.id}
      expect(assigns[:email_prefs]['mentioned']).to be false
    end
-
-    it "does not allow token auth" do
-      sign_out :user
-      bob.reset_authentication_token!
-      get :edit, params: {auth_token: bob.authentication_token}
-      expect(response).to redirect_to new_user_session_path
-    end
  end

  describe '#destroy' do
--- a/spec/models/user/authentication_token_spec.rb
+++ b/spec/models/user/authentication_token_spec.rb
@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-describe User::AuthenticationToken, type: :model do
-  describe "#reset_authentication_token!" do
-    it "sets the authentication token" do
-      expect(alice.authentication_token).to be_nil
-      alice.reset_authentication_token!
-      expect(alice.authentication_token).not_to be_nil
-    end
-
-    it "resets the authentication token" do
-      alice.reset_authentication_token!
-      expect { alice.reset_authentication_token! }.to change { alice.authentication_token }
-    end
-  end
-
-  describe "#ensure_authentication_token!" do
-    it "doesn't change the authentication token" do
-      alice.reset_authentication_token!
-      expect { alice.ensure_authentication_token! }.to_not change { alice.authentication_token }
-    end
-
-    it "sets the authentication token if not yet set" do
-      expect(alice.authentication_token).to be_nil
-      alice.ensure_authentication_token!
-      expect(alice.authentication_token).not_to be_nil
-    end
-  end
-
-  describe ".authentication_token" do
-    it "generates an authentication token" do
-      expect(User.authentication_token.length).to eq(30)
-    end
-
-    it "checks that the authentication token is not yet in use by another user" do
-      alice.reset_authentication_token!
-      expect(Devise).to receive(:friendly_token).with(30).and_return(alice.authentication_token, "some_unused_token")
-
-      expect(User.authentication_token).to eq("some_unused_token")
-    end
-  end
-end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -954,7 +954,6 @@ describe User, type: :model do
            hidden_shareables
            last_sign_in_ip
            invited_by_id
-            authentication_token
            auto_follow_back
            auto_follow_back_aspect_id
            unconfirmed_email
--- a/spec/support/account_matchers.rb
+++ b/spec/support/account_matchers.rb
@ -29,7 +29,7 @@ RSpec::Matchers.define :be_a_clear_account do
  match do |user|
    attributes = %i[
      language reset_password_token remember_created_at sign_in_count current_sign_in_at last_sign_in_at
-      current_sign_in_ip last_sign_in_ip invited_by_id authentication_token unconfirmed_email confirm_email_token
+      current_sign_in_ip last_sign_in_ip invited_by_id unconfirmed_email confirm_email_token
      auto_follow_back auto_follow_back_aspect_id reset_password_sent_at last_seen color_theme
    ].map {|attribute| user[attribute] }