Remove ability to authenticate with auth_token on the frontend

Remove devise-token_authenticatable gem and only generate a token to be
used by the chat.

Gemfile

@@ -25,7 +25,6 @@ gem "json-schema", "2.7.0"
 
 gem "devise", "4.2.0"
 gem "devise_lastseenable", "0.0.6"
-gem "devise-token_authenticatable", "0.5.2"
 
 # Captcha
 

Gemfile.lock

@@ -171,8 +171,6 @@ GEM
       railties (>= 4.1.0, < 5.1)
       responders
       warden (~> 1.2.3)
-    devise-token_authenticatable (0.5.2)
-      devise (>= 4.0.0, < 4.3.0)
     devise_lastseenable (0.0.6)
       devise
       rails (>= 3.0.4)
@@ -931,7 +929,6 @@ DEPENDENCIES
   cucumber-rails (= 1.4.5)
   database_cleaner (= 1.5.3)
   devise (= 4.2.0)
-  devise-token_authenticatable (= 0.5.2)
   devise_lastseenable (= 0.0.6)
   diaspora-prosody-config (= 0.0.7)
   diaspora_federation-rails (= 0.1.5)

app/models/user.rb

@@ -3,6 +3,7 @@
 #   the COPYRIGHT file.
 
 class User < ActiveRecord::Base
+  include AuthenticationToken
   include Connecting
   include Querying
   include SocialActions
@@ -16,7 +17,7 @@ class User < ActiveRecord::Base
   scope :halfyear_actives, ->(time = Time.now) { logged_in_since(time - 6.month) }
   scope :active, -> { joins(:person).where(people: {closed_account: false}) }
 
-  devise :token_authenticatable, :database_authenticatable, :registerable,
+  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :lockable, :lastseenable, :lock_strategy => :none, :unlock_strategy => :none
 

app/models/user/authentication_token.rb

@@ -0,0 +1,26 @@
+class User
+  module AuthenticationToken
+    extend ActiveSupport::Concern
+
+    # Generate new authentication token and save the record.
+    def reset_authentication_token!
+      self.authentication_token = self.class.authentication_token
+      save(validate: false)
+    end
+
+    # Generate authentication token unless already exists and save the record.
+    def ensure_authentication_token!
+      reset_authentication_token! if authentication_token.blank?
+    end
+
+    module ClassMethods
+      # Generate a token checking if one does not already exist in the database.
+      def authentication_token
+        loop do
+          token = Devise.friendly_token(30)
+          break token unless User.exists?(authentication_token: token)
+        end
+      end
+    end
+  end
+end

spec/models/user/authentication_token_spec.rb

@@ -0,0 +1,42 @@
+require "spec_helper"
+
+describe User::AuthenticationToken, type: :model do
+  describe "#reset_authentication_token!" do
+    it "sets the authentication token" do
+      expect(alice.authentication_token).to be_nil
+      alice.reset_authentication_token!
+      expect(alice.authentication_token).not_to be_nil
+    end
+
+    it "resets the authentication token" do
+      alice.reset_authentication_token!
+      expect { alice.reset_authentication_token! }.to change { alice.authentication_token }
+    end
+  end
+
+  describe "#ensure_authentication_token!" do
+    it "doesn't change the authentication token" do
+      alice.reset_authentication_token!
+      expect { alice.ensure_authentication_token! }.to_not change { alice.authentication_token }
+    end
+
+    it "sets the authentication token if not yet set" do
+      expect(alice.authentication_token).to be_nil
+      alice.ensure_authentication_token!
+      expect(alice.authentication_token).not_to be_nil
+    end
+  end
+
+  describe ".authentication_token" do
+    it "generates an authentication token" do
+      expect(User.authentication_token.length).to eq(30)
+    end
+
+    it "checks that the authentication token is not yet in use by another user" do
+      alice.reset_authentication_token!
+      expect(Devise).to receive(:friendly_token).with(30).and_return(alice.authentication_token, "some_unused_token")
+
+      expect(User.authentication_token).to eq("some_unused_token")
+    end
+  end
+end