scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-11-11 17:00:41 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3233 from okriuchykhin/ok_SCI_5595

Browse source 
Remove simple_token_authentication [SCI-5595]
This commit is contained in:
Alex Kriuchykhin 2021-03-25 15:38:07 +01:00 committed by GitHub
commit 44e67bdecc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 0 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Gemfile
View file

@ -16,7 +16,6 @@ gem 'rails', '~> 6.1.1'
gem 'recaptcha', require: 'recaptcha/rails' gem 'recaptcha', require: 'recaptcha/rails'
gem 'sanitize', '~> 5.2' gem 'sanitize', '~> 5.2'
gem 'sassc-rails' gem 'sassc-rails'
gem 'simple_token_authentication', '~> 1.16.0' # Token authentication for Devise
gem 'webpacker', '~> 4.0.0' gem 'webpacker', '~> 4.0.0'
gem 'yomu', git: 'https://github.com/biosistemika/yomu', branch: 'master' gem 'yomu', git: 'https://github.com/biosistemika/yomu', branch: 'master'

5
Gemfile.lock
View file

@ -561,10 +561,6 @@ GEM
shoulda-matchers (4.5.1) shoulda-matchers (4.5.1)
activesupport (>= 4.2.0) activesupport (>= 4.2.0)
silencer (1.0.1) silencer (1.0.1)
simple_token_authentication (1.16.0)
actionmailer (>= 3.2.6, < 7)
actionpack (>= 3.2.6, < 7)
devise (>= 3.2, < 6)
simplecov (0.21.2) simplecov (0.21.2)
docile (~> 1.1) docile (~> 1.1)
simplecov-html (~> 0.11) simplecov-html (~> 0.11)
@ -716,7 +712,6 @@ DEPENDENCIES
selenium-webdriver selenium-webdriver
shoulda-matchers shoulda-matchers
silencer silencer
simple_token_authentication (~> 1.16.0)
simplecov simplecov
sneaky-save! sneaky-save!
spinjs-rails spinjs-rails

1
app/controllers/application_controller.rb
View file

@ -1,5 +1,4 @@
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
acts_as_token_authentication_handler_for User, unless: -> { current_user.present? }
# Prevent CSRF attacks by raising an exception. # Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead. # For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception, prepend: true protect_from_forgery with: :exception, prepend: true

25
app/controllers/users/sessions_controller.rb
View file

@ -39,31 +39,6 @@ class Users::SessionsController < Devise::SessionsController
# super # super
# end # end
# Singing in with authentication token (needed when signing in automatically
# from another website). NOTE: For some reason URL needs to end with '/'.
def auth_token_create
user = User.find_by_email(params[:user_email])
user_token = params[:user_token]
# Remove trailing slash if present
user_token.chop! if !user_token.nil? && user_token.end_with?('/')
if user && user.authentication_token == user_token
sign_in(:user, user)
# This will cause new token to be generated
user.update(authentication_token: nil)
redirect_url = root_path
else
flash[:error] = t('devise.sessions.auth_token_create.wrong_credentials')
redirect_url = new_user_session_path
end
respond_to do |format|
format.html do
redirect_to redirect_url
end
end
end
def after_sign_in def after_sign_in
flash[:system_notification_modal] = true flash[:system_notification_modal] = true
end end

75
config/initializers/simple_token_authentication.rb
View file

@ -1,75 +0,0 @@
SimpleTokenAuthentication.configure do |config|
# Configure the session persistence policy after a successful sign in,
# in other words, if the authentication token acts as a signin token.
# If true, user is stored in the session and the authentication token and
# email may be provided only once.
# If false, users must provide their authentication token and email at every
# request.
# config.sign_in_token = false
# Configure the name of the HTTP headers watched for authentication.
#
# Default header names for a given token authenticatable entity follow the
# pattern:
# { entity: { authentication_token: 'X-Entity-Token', email:
# 'X-Entity-Email'} }
#
# When several token authenticatable models are defined, custom header names
# can be specified for none, any, or all of them.
#
# Note: when using the identifiers options, this option behaviour is modified.
# Please see the example below.
#
# Examples
#
# Given User and SuperAdmin are token authenticatable,
# When the following configuration is used:
# `config.header_names = { super_admin: { authentication_token:
# 'X-Admin-Auth-Token' } }`
# Then the token authentification handler for User watches the following
# headers:
# `X-User-Token, X-User-Email`
# And the token authentification handler for SuperAdmin watches the
# following headers:
# `X-Admin-Auth-Token, X-SuperAdmin-Email`
#
# When the identifiers option is set:
# `config.identifiers = { super_admin: :phone_number }`
# Then both the header names identifier key and default value are modified
# accordingly:
# `config.header_names = { super_admin: { phone_number:
# 'X-SuperAdmin-PhoneNumber' } }`
#
# config.header_names = { user: { authentication_token: 'X-User-Token', email:
# 'X-User-Email' } }
# Configure the name of the attribute used to identify the user for
# authentication.
# That attribute must exist in your model.
#
# The default identifiers follow the pattern:
# { entity: 'email' }
#
# Note: the identifer must match your Devise configuration,
# see https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address#tell-devise-to-use-username-in-the-authentication_keys
#
# Note: setting this option does modify the header_names behaviour,
# see the header_names section above.
#
# Example:
#
# `config.identifiers = { super_admin: 'phone_number', user: 'uuid' }`
#
# config.identifiers = { user: 'email' }
# Configure the Devise trackable strategy integration.
#
# If true, tracking is disabled for token authentication: signing in through
# token authentication won't modify the Devise trackable statistics.
#
# If false, given Devise trackable is configured for the relevant model,
# then signing in through token authentication will be tracked as any other
# sign in.
#
# config.skip_devise_trackable = true
end

2
config/locales/en.yml
View file

@ -49,8 +49,6 @@ en:
not_correct_code: "Not correct recovery code" not_correct_code: "Not correct recovery code"
create: create:
team_name: "%{user}'s projects" team_name: "%{user}'s projects"
auth_token_create:
wrong_credentials: "Failed to automatically sign in (wrong credentials)."
unlocks: unlocks:
new: new:
head_title: "Resend unlock instructions" head_title: "Resend unlock instructions"

1
config/routes.rb
View file

@ -641,7 +641,6 @@ Rails.application.routes.draw do
devise_scope :user do devise_scope :user do
get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar' get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar'
get 'users/auth_token_sign_in' => 'users/sessions#auth_token_create'
get 'users/sign_up_provider' => 'users/registrations#new_with_provider' get 'users/sign_up_provider' => 'users/registrations#new_with_provider'
get 'users/two_factor_recovery' => 'users/sessions#two_factor_recovery' get 'users/two_factor_recovery' => 'users/sessions#two_factor_recovery'
post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor' post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor'