From: Tom Hughes <tom@compton.nu>
Date: Wed, 28 Feb 2024 20:59:34 +0000 (+0000)
Subject: Drop user tokens table
X-Git-Tag: live~680^2
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/29cc21c5990d7aec15e3cbed6e7410373904b5ac

Drop user tokens table
---

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 75db7f73b..686e81630 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -112,8 +112,6 @@ class ApiController < ApplicationController
       # authenticate per-scheme
       self.current_user = if username.nil?
                             nil # no authentication provided - perhaps first connect (client should retry after 401)
-                          elsif username == "token"
-                            User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
                           else
                             User.authenticate(:username => username, :password => passwd) # basic auth
                           end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0a7df0994..488e6a818 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -44,8 +44,6 @@ class ApplicationController < ActionController::Base
           redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
         end
       end
-    elsif session[:token]
-      session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
     end
 
     session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb
index 48b8dabf2..7bbb3a093 100644
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -15,10 +15,7 @@ class ConfirmationsController < ApplicationController
 
   def confirm
     if request.post?
-      token = params[:confirm_string]
-
-      user = User.find_by_token_for(:new_user, token) ||
-             UserToken.unexpired.find_by(:token => token)&.user
+      user = User.find_by_token_for(:new_user, params[:confirm_string])
 
       if !user
         flash[:error] = t(".unknown token")
@@ -34,7 +31,6 @@ class ConfirmationsController < ApplicationController
         flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
         user.save!
         referer = safe_referer(params[:referer]) if params[:referer]
-        UserToken.delete_by(:token => token)
 
         pending_user = session.delete(:pending_user)
 
@@ -70,10 +66,7 @@ class ConfirmationsController < ApplicationController
 
   def confirm_email
     if request.post?
-      token = params[:confirm_string]
-
-      self.current_user = User.find_by_token_for(:new_email, token) ||
-                          UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
+      self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])
 
       if current_user&.new_email?
         current_user.email = current_user.new_email
@@ -89,7 +82,6 @@ class ConfirmationsController < ApplicationController
         else
           flash[:errors] = current_user.errors
         end
-        current_user.tokens.delete_all
         session[:user] = current_user.id
         session[:fingerprint] = current_user.fingerprint
       elsif current_user
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 8025fd700..a70883eda 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -19,8 +19,7 @@ class PasswordsController < ApplicationController
     @title = t ".title"
 
     if params[:token]
-      self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                          UserToken.unexpired.find_by(:token => params[:token])&.user
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])
 
       if current_user.nil?
         flash[:error] = t ".flash token bad"
@@ -53,8 +52,7 @@ class PasswordsController < ApplicationController
 
   def update
     if params[:token]
-      self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                          UserToken.unexpired.find_by(:token => params[:token])&.user
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])
 
       if current_user
         if params[:user]
@@ -64,7 +62,6 @@ class PasswordsController < ApplicationController
           current_user.email_valid = true
 
           if current_user.save
-            UserToken.delete_by(:token => params[:token])
             session[:fingerprint] = current_user.fingerprint
             flash[:notice] = t ".flash changed"
             successful_login(current_user)
diff --git a/app/models/user.rb b/app/models/user.rb
index 125e5e973..7ed7c249f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -57,7 +57,6 @@ class User < ApplicationRecord
   has_many :muted_messages, -> { where(:to_user_visible => true, :muted => true).order(:sent_on => :desc).preload(:sender, :recipient) }, :class_name => "Message", :foreign_key => :to_user_id
   has_many :friendships, -> { joins(:befriendee).where(:users => { :status => %w[active confirmed] }) }
   has_many :friends, :through => :friendships, :source => :befriendee
-  has_many :tokens, :class_name => "UserToken", :dependent => :destroy
   has_many :preferences, :class_name => "UserPreference"
   has_many :changesets, -> { order(:created_at => :desc) }, :inverse_of => :user
   has_many :changeset_comments, :foreign_key => :author_id, :inverse_of => :author
@@ -165,9 +164,6 @@ class User < ApplicationRecord
       else
         user = nil
       end
-    elsif options[:token]
-      token = UserToken.find_by(:token => options[:token])
-      user = token.user if token
     end
 
     if user &&
@@ -177,8 +173,6 @@ class User < ApplicationRecord
       user = nil
     end
 
-    token.update(:expiry => 1.week.from_now) if token && user
-
     user
   end
 
diff --git a/app/models/user_token.rb b/app/models/user_token.rb
deleted file mode 100644
index fbd276a6f..000000000
--- a/app/models/user_token.rb
+++ /dev/null
@@ -1,38 +0,0 @@
-# == Schema Information
-#
-# Table name: user_tokens
-#
-#  id      :bigint(8)        not null, primary key
-#  user_id :bigint(8)        not null
-#  token   :string           not null
-#  expiry  :datetime         not null
-#  referer :text
-#
-# Indexes
-#
-#  user_tokens_token_idx    (token) UNIQUE
-#  user_tokens_user_id_idx  (user_id)
-#
-# Foreign Keys
-#
-#  user_tokens_user_id_fkey  (user_id => users.id)
-#
-
-class UserToken < ApplicationRecord
-  belongs_to :user
-
-  scope :unexpired, -> { where("expiry >= now()") }
-
-  after_initialize :set_defaults
-
-  def expired?
-    expiry < Time.now.utc
-  end
-
-  private
-
-  def set_defaults
-    self.token = OSM.make_token if token.blank?
-    self.expiry = 1.week.from_now if expiry.blank?
-  end
-end
diff --git a/db/migrate/20240228205723_drop_user_tokens.rb b/db/migrate/20240228205723_drop_user_tokens.rb
new file mode 100644
index 000000000..a6c885a1a
--- /dev/null
+++ b/db/migrate/20240228205723_drop_user_tokens.rb
@@ -0,0 +1,5 @@
+class DropUserTokens < ActiveRecord::Migration[7.1]
+  def up
+    drop_table :user_tokens
+  end
+end
diff --git a/db/structure.sql b/db/structure.sql
index 4998bc694..a41cb6991 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -1532,38 +1532,6 @@ CREATE SEQUENCE public.user_roles_id_seq
 ALTER SEQUENCE public.user_roles_id_seq OWNED BY public.user_roles.id;
 
 
---
--- Name: user_tokens; Type: TABLE; Schema: public; Owner: -
---
-
-CREATE TABLE public.user_tokens (
-    id bigint NOT NULL,
-    user_id bigint NOT NULL,
-    token character varying NOT NULL,
-    expiry timestamp without time zone NOT NULL,
-    referer text
-);
-
-
---
--- Name: user_tokens_id_seq; Type: SEQUENCE; Schema: public; Owner: -
---
-
-CREATE SEQUENCE public.user_tokens_id_seq
-    START WITH 1
-    INCREMENT BY 1
-    NO MINVALUE
-    NO MAXVALUE
-    CACHE 1;
-
-
---
--- Name: user_tokens_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
---
-
-ALTER SEQUENCE public.user_tokens_id_seq OWNED BY public.user_tokens.id;
-
-
 --
 -- Name: users; Type: TABLE; Schema: public; Owner: -
 --
@@ -1882,13 +1850,6 @@ ALTER TABLE ONLY public.user_mutes ALTER COLUMN id SET DEFAULT nextval('public.u
 ALTER TABLE ONLY public.user_roles ALTER COLUMN id SET DEFAULT nextval('public.user_roles_id_seq'::regclass);
 
 
---
--- Name: user_tokens id; Type: DEFAULT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.user_tokens ALTER COLUMN id SET DEFAULT nextval('public.user_tokens_id_seq'::regclass);
-
-
 --
 -- Name: users id; Type: DEFAULT; Schema: public; Owner: -
 --
@@ -2280,14 +2241,6 @@ ALTER TABLE ONLY public.user_roles
     ADD CONSTRAINT user_roles_pkey PRIMARY KEY (id);
 
 
---
--- Name: user_tokens user_tokens_pkey; Type: CONSTRAINT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.user_tokens
-    ADD CONSTRAINT user_tokens_pkey PRIMARY KEY (id);
-
-
 --
 -- Name: users users_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -2901,20 +2854,6 @@ CREATE INDEX user_id_idx ON public.friends USING btree (friend_user_id);
 CREATE UNIQUE INDEX user_roles_id_role_unique ON public.user_roles USING btree (user_id, role);
 
 
---
--- Name: user_tokens_token_idx; Type: INDEX; Schema: public; Owner: -
---
-
-CREATE UNIQUE INDEX user_tokens_token_idx ON public.user_tokens USING btree (token);
-
-
---
--- Name: user_tokens_user_id_idx; Type: INDEX; Schema: public; Owner: -
---
-
-CREATE INDEX user_tokens_user_id_idx ON public.user_tokens USING btree (user_id);
-
-
 --
 -- Name: users_auth_idx; Type: INDEX; Schema: public; Owner: -
 --
@@ -3490,14 +3429,6 @@ ALTER TABLE ONLY public.user_roles
     ADD CONSTRAINT user_roles_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);
 
 
---
--- Name: user_tokens user_tokens_user_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.user_tokens
-    ADD CONSTRAINT user_tokens_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);
-
-
 --
 -- Name: way_nodes way_nodes_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@@ -3581,6 +3512,7 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('23'),
 ('22'),
 ('21'),
+('20240228205723'),
 ('20240117185445'),
 ('20231213182102'),
 ('20231206141457'),
diff --git a/script/cleanup b/script/cleanup
index 67cc0705e..7601d35cf 100755
--- a/script/cleanup
+++ b/script/cleanup
@@ -2,7 +2,6 @@
 
 require File.join(File.dirname(__FILE__), "..", "config", "environment")
 
-UserToken.where("expiry < NOW()").delete_all
 OauthNonce.where("timestamp < EXTRACT(EPOCH FROM NOW() - INTERVAL '1 day')").delete_all
 OauthToken.where("invalidated_at < NOW() - INTERVAL '28 days'").delete_all
 RequestToken.where("authorized_at IS NULL AND created_at < NOW() - INTERVAL '28 days'").delete_all
diff --git a/test/models/user_token_test.rb b/test/models/user_token_test.rb
deleted file mode 100644
index cf9f09ea4..000000000
--- a/test/models/user_token_test.rb
+++ /dev/null
@@ -1,4 +0,0 @@
-require "test_helper"
-
-class UserTokenTest < ActiveSupport::TestCase
-end