nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove /user/auth_token route, this was a leftover from the chat

Browse source 
Also remove authentication_token from database
This commit is contained in:
Benjamin Neff 2022-02-27 22:45:40 +01:00
parent 7e889f71eb
commit 36778dbeac
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
11 changed files with 9 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/sessions_controller.rb
View file

@ -7,8 +7,6 @@
class SessionsController < Devise::SessionsController class SessionsController < Devise::SessionsController
# rubocop:disable Rails/LexicallyScopedActionFilter # rubocop:disable Rails/LexicallyScopedActionFilter
before_action :authenticate_with_2fa, only: :create before_action :authenticate_with_2fa, only: :create
after_action :reset_authentication_token, only: :create
before_action :reset_authentication_token, only: :destroy
# rubocop:enable Rails/LexicallyScopedActionFilter # rubocop:enable Rails/LexicallyScopedActionFilter
def find_user def find_user
@ -51,8 +49,4 @@ class SessionsController < Devise::SessionsController
session[:otp_user_id] = user.id session[:otp_user_id] = user.id
render :two_factor render :two_factor
end end
def reset_authentication_token
current_user&.reset_authentication_token!
end
end end

5
app/controllers/users_controller.rb
View file

@ -130,11 +130,6 @@ class UsersController < ApplicationController
redirect_to edit_user_path redirect_to edit_user_path
end end
def auth_token
current_user.ensure_authentication_token!
render status: 200, json: {token: current_user.authentication_token}
end
private private
# rubocop:disable Metrics/MethodLength # rubocop:disable Metrics/MethodLength

1
app/models/user.rb
View file

@ -7,7 +7,6 @@
require "attr_encrypted" require "attr_encrypted"
class User < ApplicationRecord class User < ApplicationRecord
include AuthenticationToken
include Connecting include Connecting
include Querying include Querying
include SocialActions include SocialActions

28
app/models/user/authentication_token.rb
View file

@ -1,28 +0,0 @@
# frozen_string_literal: true
class User
module AuthenticationToken
extend ActiveSupport::Concern
# Generate new authentication token and save the record.
def reset_authentication_token!
self.authentication_token = self.class.authentication_token
save(validate: false)
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
reset_authentication_token! if authentication_token.blank?
end
module ClassMethods
# Generate a token checking if one does not already exist in the database.
def authentication_token
loop do
token = Devise.friendly_token(30)
break token unless User.exists?(authentication_token: token)
end
end
end
end
end

1
config/routes.rb
View file

@ -106,7 +106,6 @@ Rails.application.routes.draw do
get :download_profile get :download_profile
post :export_photos post :export_photos
get :download_photos get :download_photos
post :auth_token
end end
controller :users do controller :users do

8
db/migrate/20220227215443_remove_authentication_token_from_users.rb Normal file
View file

@ -0,0 +1,8 @@
# frozen_string_literal: true
class RemoveAuthenticationTokenFromUsers < ActiveRecord::Migration[5.2]
def change
remove_index :users, column: :authentication_token, name: :index_users_on_authentication_token, unique: true
remove_column :users, :authentication_token, :string, limit: 30
end
end

22
spec/controllers/sessions_controller_spec.rb
View file

@ -45,26 +45,4 @@ describe SessionsController, type: :controller do
expect(response).to redirect_to root_path expect(response).to redirect_to root_path
end end
end end
describe "#reset_authentication_token" do
context "for a logged in user" do
before do
sign_in @user, scope: :user
end
it "succeeds" do
expect { @controller.send(:reset_authentication_token) }.to_not raise_error
end
end
context "for a logged out user" do
before do
sign_out :user
end
it "succeeds" do
expect { @controller.send(:reset_authentication_token) }.to_not raise_error
end
end
end
end end

7
spec/controllers/users_controller_spec.rb
View file

@ -275,13 +275,6 @@ describe UsersController, :type => :controller do
get :edit, params: {id: @user.id} get :edit, params: {id: @user.id}
expect(assigns[:email_prefs]['mentioned']).to be false expect(assigns[:email_prefs]['mentioned']).to be false
end end
it "does not allow token auth" do
sign_out :user
bob.reset_authentication_token!
get :edit, params: {auth_token: bob.authentication_token}
expect(response).to redirect_to new_user_session_path
end
end end
describe '#destroy' do describe '#destroy' do

42
spec/models/user/authentication_token_spec.rb
View file

@ -1,42 +0,0 @@
# frozen_string_literal: true
describe User::AuthenticationToken, type: :model do
describe "#reset_authentication_token!" do
it "sets the authentication token" do
expect(alice.authentication_token).to be_nil
alice.reset_authentication_token!
expect(alice.authentication_token).not_to be_nil
end
it "resets the authentication token" do
alice.reset_authentication_token!
expect { alice.reset_authentication_token! }.to change { alice.authentication_token }
end
end
describe "#ensure_authentication_token!" do
it "doesn't change the authentication token" do
alice.reset_authentication_token!
expect { alice.ensure_authentication_token! }.to_not change { alice.authentication_token }
end
it "sets the authentication token if not yet set" do
expect(alice.authentication_token).to be_nil
alice.ensure_authentication_token!
expect(alice.authentication_token).not_to be_nil
end
end
describe ".authentication_token" do
it "generates an authentication token" do
expect(User.authentication_token.length).to eq(30)
end
it "checks that the authentication token is not yet in use by another user" do
alice.reset_authentication_token!
expect(Devise).to receive(:friendly_token).with(30).and_return(alice.authentication_token, "some_unused_token")
expect(User.authentication_token).to eq("some_unused_token")
end
end
end

1
spec/models/user_spec.rb
View file

@ -954,7 +954,6 @@ describe User, type: :model do
hidden_shareables hidden_shareables
last_sign_in_ip last_sign_in_ip
invited_by_id invited_by_id
authentication_token
auto_follow_back auto_follow_back
auto_follow_back_aspect_id auto_follow_back_aspect_id
unconfirmed_email unconfirmed_email

2
spec/support/account_matchers.rb
View file

@ -29,7 +29,7 @@ RSpec::Matchers.define :be_a_clear_account do
match do |user| match do |user|
attributes = %i[ attributes = %i[
language reset_password_token remember_created_at sign_in_count current_sign_in_at last_sign_in_at language reset_password_token remember_created_at sign_in_count current_sign_in_at last_sign_in_at
current_sign_in_ip last_sign_in_ip invited_by_id authentication_token unconfirmed_email confirm_email_token current_sign_in_ip last_sign_in_ip invited_by_id unconfirmed_email confirm_email_token
auto_follow_back auto_follow_back_aspect_id reset_password_sent_at last_seen color_theme auto_follow_back auto_follow_back_aspect_id reset_password_sent_at last_seen color_theme
].map {|attribute| user[attribute] } ].map {|attribute| user[attribute] }