Remove ability to authenticate with auth_token on the frontend (d421e42d) · Commits · Gigadoc 2 / diaspora

Gemfile

+0 −1

Original line number	Diff line number	Diff line
		@@ -25,7 +25,6 @@ gem "json-schema", "2.7.0"

		gem "devise", "4.2.0"
		gem "devise_lastseenable", "0.0.6"
		gem "devise-token_authenticatable", "0.5.2"

		# Captcha

+0 −3

Original line number	Diff line number	Diff line
		@@ -171,8 +171,6 @@ GEM
		railties (>= 4.1.0, < 5.1)
		responders
		warden (~> 1.2.3)
		devise-token_authenticatable (0.5.2)
		devise (>= 4.0.0, < 4.3.0)
		devise_lastseenable (0.0.6)
		devise
		rails (>= 3.0.4)
		@@ -931,7 +929,6 @@ DEPENDENCIES
		cucumber-rails (= 1.4.5)
		database_cleaner (= 1.5.3)
		devise (= 4.2.0)
		devise-token_authenticatable (= 0.5.2)
		devise_lastseenable (= 0.0.6)
		diaspora-prosody-config (= 0.0.7)
		diaspora_federation-rails (= 0.1.5)

+2 −1

Original line number	Diff line number	Diff line
		@@ -3,6 +3,7 @@
		# the COPYRIGHT file.

		class User < ActiveRecord::Base
		include AuthenticationToken
		include Connecting
		include Querying
		include SocialActions
		@@ -16,7 +17,7 @@ class User < ActiveRecord::Base
		scope :halfyear_actives, ->(time = Time.now) { logged_in_since(time - 6.month) }
		scope :active, -> { joins(:person).where(people: {closed_account: false}) }

		devise :token_authenticatable, :database_authenticatable, :registerable,
		devise :database_authenticatable, :registerable,
		:recoverable, :rememberable, :trackable, :validatable,
		:lockable, :lastseenable, :lock_strategy => :none, :unlock_strategy => :none

0 → 100644

+26 −0

Original line number	Diff line number	Diff line
		class User
		module AuthenticationToken
		extend ActiveSupport::Concern

		# Generate new authentication token and save the record.
		def reset_authentication_token!
		self.authentication_token = self.class.authentication_token
		save(validate: false)
		end

		# Generate authentication token unless already exists and save the record.
		def ensure_authentication_token!
		reset_authentication_token! if authentication_token.blank?
		end

		module ClassMethods
		# Generate a token checking if one does not already exist in the database.
		def authentication_token
		loop do
		token = Devise.friendly_token(30)
		break token unless User.exists?(authentication_token: token)
		end
		end
		end
		end
		end

0 → 100644

+42 −0

Original line number	Diff line number	Diff line
		require "spec_helper"

		describe User::AuthenticationToken, type: :model do
		describe "#reset_authentication_token!" do
		it "sets the authentication token" do
		expect(alice.authentication_token).to be_nil
		alice.reset_authentication_token!
		expect(alice.authentication_token).not_to be_nil
		end

		it "resets the authentication token" do
		alice.reset_authentication_token!
		expect { alice.reset_authentication_token! }.to change { alice.authentication_token }
		end
		end

		describe "#ensure_authentication_token!" do
		it "doesn't change the authentication token" do
		alice.reset_authentication_token!
		expect { alice.ensure_authentication_token! }.to_not change { alice.authentication_token }
		end

		it "sets the authentication token if not yet set" do
		expect(alice.authentication_token).to be_nil
		alice.ensure_authentication_token!
		expect(alice.authentication_token).not_to be_nil
		end
		end

		describe ".authentication_token" do
		it "generates an authentication token" do
		expect(User.authentication_token.length).to eq(30)
		end

		it "checks that the authentication token is not yet in use by another user" do
		alice.reset_authentication_token!
		expect(Devise).to receive(:friendly_token).with(30).and_return(alice.authentication_token, "some_unused_token")

		expect(User.authentication_token).to eq("some_unused_token")
		end
		end
		end