Unverified Commit d421e42d authored by Benjamin Neff's avatar Benjamin Neff Committed by Dennis Schubert

Remove ability to authenticate with auth_token on the frontend

Remove devise-token_authenticatable gem and only generate a token to be
used by the chat.
parent 16cd4752
......@@ -25,7 +25,6 @@ gem "json-schema", "2.7.0"
gem "devise", "4.2.0"
gem "devise_lastseenable", "0.0.6"
gem "devise-token_authenticatable", "0.5.2"
# Captcha
......
......@@ -171,8 +171,6 @@ GEM
railties (>= 4.1.0, < 5.1)
responders
warden (~> 1.2.3)
devise-token_authenticatable (0.5.2)
devise (>= 4.0.0, < 4.3.0)
devise_lastseenable (0.0.6)
devise
rails (>= 3.0.4)
......@@ -931,7 +929,6 @@ DEPENDENCIES
cucumber-rails (= 1.4.5)
database_cleaner (= 1.5.3)
devise (= 4.2.0)
devise-token_authenticatable (= 0.5.2)
devise_lastseenable (= 0.0.6)
diaspora-prosody-config (= 0.0.7)
diaspora_federation-rails (= 0.1.5)
......
......@@ -3,6 +3,7 @@
# the COPYRIGHT file.
class User < ActiveRecord::Base
include AuthenticationToken
include Connecting
include Querying
include SocialActions
......@@ -16,7 +17,7 @@ class User < ActiveRecord::Base
scope :halfyear_actives, ->(time = Time.now) { logged_in_since(time - 6.month) }
scope :active, -> { joins(:person).where(people: {closed_account: false}) }
devise :token_authenticatable, :database_authenticatable, :registerable,
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:lockable, :lastseenable, :lock_strategy => :none, :unlock_strategy => :none
......
class User
module AuthenticationToken
extend ActiveSupport::Concern
# Generate new authentication token and save the record.
def reset_authentication_token!
self.authentication_token = self.class.authentication_token
save(validate: false)
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
reset_authentication_token! if authentication_token.blank?
end
module ClassMethods
# Generate a token checking if one does not already exist in the database.
def authentication_token
loop do
token = Devise.friendly_token(30)
break token unless User.exists?(authentication_token: token)
end
end
end
end
end
require "spec_helper"
describe User::AuthenticationToken, type: :model do
describe "#reset_authentication_token!" do
it "sets the authentication token" do
expect(alice.authentication_token).to be_nil
alice.reset_authentication_token!
expect(alice.authentication_token).not_to be_nil
end
it "resets the authentication token" do
alice.reset_authentication_token!
expect { alice.reset_authentication_token! }.to change { alice.authentication_token }
end
end
describe "#ensure_authentication_token!" do
it "doesn't change the authentication token" do
alice.reset_authentication_token!
expect { alice.ensure_authentication_token! }.to_not change { alice.authentication_token }
end
it "sets the authentication token if not yet set" do
expect(alice.authentication_token).to be_nil
alice.ensure_authentication_token!
expect(alice.authentication_token).not_to be_nil
end
end
describe ".authentication_token" do
it "generates an authentication token" do
expect(User.authentication_token.length).to eq(30)
end
it "checks that the authentication token is not yet in use by another user" do
alice.reset_authentication_token!
expect(Devise).to receive(:friendly_token).with(30).and_return(alice.authentication_token, "some_unused_token")
expect(User.authentication_token).to eq("some_unused_token")
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment