From 943c01cada74adec46458951af199ef3f8134771 Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Thu, 25 Mar 2021 14:55:22 +0100 Subject: [PATCH] Remove simple_token_authentication [SCI-5595] --- Gemfile | 1 - Gemfile.lock | 5 -- app/controllers/application_controller.rb | 1 - app/controllers/users/sessions_controller.rb | 25 ------- .../simple_token_authentication.rb | 75 ------------------- config/locales/en.yml | 2 - config/routes.rb | 1 - 7 files changed, 110 deletions(-) delete mode 100644 config/initializers/simple_token_authentication.rb diff --git a/Gemfile b/Gemfile index 5549a753d..94e51f529 100644 --- a/Gemfile +++ b/Gemfile @@ -16,7 +16,6 @@ gem 'rails', '~> 6.1.1' gem 'recaptcha', require: 'recaptcha/rails' gem 'sanitize', '~> 5.2' gem 'sassc-rails' -gem 'simple_token_authentication', '~> 1.16.0' # Token authentication for Devise gem 'webpacker', '~> 4.0.0' gem 'yomu', git: 'https://github.com/biosistemika/yomu', branch: 'master' diff --git a/Gemfile.lock b/Gemfile.lock index 12f2ba0e1..4f665e982 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -561,10 +561,6 @@ GEM shoulda-matchers (4.5.1) activesupport (>= 4.2.0) silencer (1.0.1) - simple_token_authentication (1.16.0) - actionmailer (>= 3.2.6, < 7) - actionpack (>= 3.2.6, < 7) - devise (>= 3.2, < 6) simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) @@ -716,7 +712,6 @@ DEPENDENCIES selenium-webdriver shoulda-matchers silencer - simple_token_authentication (~> 1.16.0) simplecov sneaky-save! spinjs-rails diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e09bc460d..2baf06124 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,4 @@ class ApplicationController < ActionController::Base - acts_as_token_authentication_handler_for User, unless: -> { current_user.present? } # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception, prepend: true diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index 9f9da0d8d..7bef0c169 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -39,31 +39,6 @@ class Users::SessionsController < Devise::SessionsController # super # end - # Singing in with authentication token (needed when signing in automatically - # from another website). NOTE: For some reason URL needs to end with '/'. - def auth_token_create - user = User.find_by_email(params[:user_email]) - user_token = params[:user_token] - # Remove trailing slash if present - user_token.chop! if !user_token.nil? && user_token.end_with?('/') - - if user && user.authentication_token == user_token - sign_in(:user, user) - # This will cause new token to be generated - user.update(authentication_token: nil) - redirect_url = root_path - else - flash[:error] = t('devise.sessions.auth_token_create.wrong_credentials') - redirect_url = new_user_session_path - end - - respond_to do |format| - format.html do - redirect_to redirect_url - end - end - end - def after_sign_in flash[:system_notification_modal] = true end diff --git a/config/initializers/simple_token_authentication.rb b/config/initializers/simple_token_authentication.rb deleted file mode 100644 index b66288f53..000000000 --- a/config/initializers/simple_token_authentication.rb +++ /dev/null @@ -1,75 +0,0 @@ -SimpleTokenAuthentication.configure do |config| - # Configure the session persistence policy after a successful sign in, - # in other words, if the authentication token acts as a signin token. - # If true, user is stored in the session and the authentication token and - # email may be provided only once. - # If false, users must provide their authentication token and email at every - # request. - # config.sign_in_token = false - - # Configure the name of the HTTP headers watched for authentication. - # - # Default header names for a given token authenticatable entity follow the - # pattern: - # { entity: { authentication_token: 'X-Entity-Token', email: - # 'X-Entity-Email'} } - # - # When several token authenticatable models are defined, custom header names - # can be specified for none, any, or all of them. - # - # Note: when using the identifiers options, this option behaviour is modified. - # Please see the example below. - # - # Examples - # - # Given User and SuperAdmin are token authenticatable, - # When the following configuration is used: - # `config.header_names = { super_admin: { authentication_token: - # 'X-Admin-Auth-Token' } }` - # Then the token authentification handler for User watches the following - # headers: - # `X-User-Token, X-User-Email` - # And the token authentification handler for SuperAdmin watches the - # following headers: - # `X-Admin-Auth-Token, X-SuperAdmin-Email` - # - # When the identifiers option is set: - # `config.identifiers = { super_admin: :phone_number }` - # Then both the header names identifier key and default value are modified - # accordingly: - # `config.header_names = { super_admin: { phone_number: - # 'X-SuperAdmin-PhoneNumber' } }` - # - # config.header_names = { user: { authentication_token: 'X-User-Token', email: - # 'X-User-Email' } } - - # Configure the name of the attribute used to identify the user for - # authentication. - # That attribute must exist in your model. - # - # The default identifiers follow the pattern: - # { entity: 'email' } - # - # Note: the identifer must match your Devise configuration, - # see https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address#tell-devise-to-use-username-in-the-authentication_keys - # - # Note: setting this option does modify the header_names behaviour, - # see the header_names section above. - # - # Example: - # - # `config.identifiers = { super_admin: 'phone_number', user: 'uuid' }` - # - # config.identifiers = { user: 'email' } - - # Configure the Devise trackable strategy integration. - # - # If true, tracking is disabled for token authentication: signing in through - # token authentication won't modify the Devise trackable statistics. - # - # If false, given Devise trackable is configured for the relevant model, - # then signing in through token authentication will be tracked as any other - # sign in. - # - # config.skip_devise_trackable = true -end diff --git a/config/locales/en.yml b/config/locales/en.yml index 27fb8c43a..a6903a6e6 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -49,8 +49,6 @@ en: not_correct_code: "Not correct recovery code" create: team_name: "%{user}'s projects" - auth_token_create: - wrong_credentials: "Failed to automatically sign in (wrong credentials)." unlocks: new: head_title: "Resend unlock instructions" diff --git a/config/routes.rb b/config/routes.rb index d37e14dfd..8bbaf4c93 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -641,7 +641,6 @@ Rails.application.routes.draw do devise_scope :user do get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar' - get 'users/auth_token_sign_in' => 'users/sessions#auth_token_create' get 'users/sign_up_provider' => 'users/registrations#new_with_provider' get 'users/two_factor_recovery' => 'users/sessions#two_factor_recovery' post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor'