remove v1/v2 api token logic

app/controllers/api/v2/base_controller.rb

@@ -8,7 +8,6 @@ class API::V2::BaseController < ApplicationController
   private
 
   def context
-    # new token
     if api_token.present?
       api_token.context
     # web interface (/graphql) give current_administrateur
@@ -18,12 +17,6 @@ class API::V2::BaseController < ApplicationController
         procedure_ids: current_administrateur.procedure_ids,
         write_access: true
       }
-    # old token
-    else
-      {
-        token: authorization_bearer_token,
-        write_access: true
-      }
     end
   end
 

app/controllers/api_controller.rb

@@ -4,7 +4,7 @@ class APIController < ApplicationController
   protected
 
   def find_administrateur_for_token(procedure)
-    api_token = APIToken.find_and_verify(authorization_bearer_token, procedure.administrateurs)
+    api_token = APIToken.find_and_verify(authorization_bearer_token)
     if api_token.present? && api_token.context.fetch(:procedure_ids).include?(procedure.id)
       api_token.touch(:last_v1_authenticated_at)
       api_token.administrateur

app/graphql/api/v2/context.rb

@@ -75,20 +75,7 @@ class API::V2::Context < GraphQL::Query::Context
 
   def compute_demarche_authorization(demarche)
     # procedure_ids and token are passed from graphql controller
-    if self[:procedure_ids].present?
-      self[:procedure_ids].include?(demarche.id)
-    elsif self[:token].present?
-      token = APIToken.find_and_verify(self[:token], demarche.administrateurs)
-      if token.present?
-        token.touch(:last_v2_authenticated_at)
-        Current.user = token.administrateur.user
-        true
-      else
-        false
-      end
-    else
-      false
-    end
+    (self[:procedure_ids] || []).include?(demarche.id)
   end
 
   # This is a query AST visitor that we use to check

app/models/api_token.rb

@@ -55,53 +55,13 @@ class APIToken < ApplicationRecord
       [api_token, packed_token]
     end
 
-    def find_and_verify(maybe_packed_token, administrateurs = [])
-      token = case unpack(maybe_packed_token)
-      in { plain_token:, id: } # token v3
-        find_by(id:, version: 3)&.then(&ensure_valid_token(plain_token))
-      in { plain_token:, administrateur_id: } # token v2
-        # the migration to the APIToken model set `version: 1` for all the v1 and v2 token
-        # this is the only place where we can fix the version
-        where(administrateur_id:, version: 1).update_all(version: 2) # update to v2
-        find_by(administrateur_id:, version: 2)&.then(&ensure_valid_token(plain_token))
-      in { plain_token: } # token v1
-        where(administrateur: administrateurs, version: 1).find(&ensure_valid_token(plain_token))
-      end
-
-      # TODO:
-      # remove all the not v3 version code
-      # when everyone has migrated
-      # it should also be a good place in case we need to feature flag old token use
-      if token&.version == 3 || Rails.env.test?
-        token
-      else
-        nil
-      end
+    def find_and_verify(base64_packed_token)
+      id, plain_token = Base64.urlsafe_decode64(base64_packed_token).split(';')
+      find_by(id:, version: 3)&.then(&ensure_valid_token(plain_token))
     end
 
     private
 
-    UUID_SIZE = SecureRandom.uuid.size
-    def unpack(maybe_packed_token)
-      case message_verifier.verified(maybe_packed_token)
-      in [administrateur_id, plain_token]
-        { plain_token:, administrateur_id: }
-      else
-        case Base64.urlsafe_decode64(maybe_packed_token).split(';')
-        in [id, plain_token] if id.size == UUID_SIZE # valid format "<uuid>;<random token>"
-          { plain_token:, id: }
-        else
-          { plain_token: maybe_packed_token }
-        end
-      end
-    rescue
-      { plain_token: maybe_packed_token }
-    end
-
-    def message_verifier
-      Rails.application.message_verifier('api_v2_token')
-    end
-
     def ensure_valid_token(plain_token)
       -> (api_token) { api_token if BCrypt::Password.new(api_token.encrypted_token) == plain_token }
     end