cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drop user tokens table

Browse source
This commit is contained in:
Tom Hughes 2024-02-28 20:59:34 +00:00
parent fa55f3878a
commit 29cc21c599
10 changed files with 10 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api_controller.rb
View file

@ -112,8 +112,6 @@ class ApiController < ApplicationController
# authenticate per-scheme # authenticate per-scheme
self.current_user = if username.nil? self.current_user = if username.nil?
nil # no authentication provided - perhaps first connect (client should retry after 401) nil # no authentication provided - perhaps first connect (client should retry after 401)
elsif username == "token"
User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
else else
User.authenticate(:username => username, :password => passwd) # basic auth User.authenticate(:username => username, :password => passwd) # basic auth
end end

2
app/controllers/application_controller.rb
View file

@ -44,8 +44,6 @@ class ApplicationController < ActionController::Base
redirect_to :controller => "users", :action => "terms", :referer => request.fullpath redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
end end
end end
elsif session[:token]
session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
end end
session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil? session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?

12
app/controllers/confirmations_controller.rb
View file

@ -15,10 +15,7 @@ class ConfirmationsController < ApplicationController
def confirm def confirm
if request.post? if request.post?
token = params[:confirm_string] user = User.find_by_token_for(:new_user, params[:confirm_string])
user = User.find_by_token_for(:new_user, token) ||
UserToken.unexpired.find_by(:token => token)&.user
if !user if !user
flash[:error] = t(".unknown token") flash[:error] = t(".unknown token")
@ -34,7 +31,6 @@ class ConfirmationsController < ApplicationController
flash[:notice] = gravatar_status_message(user) if gravatar_enable(user) flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
user.save! user.save!
referer = safe_referer(params[:referer]) if params[:referer] referer = safe_referer(params[:referer]) if params[:referer]
UserToken.delete_by(:token => token)
pending_user = session.delete(:pending_user) pending_user = session.delete(:pending_user)
@ -70,10 +66,7 @@ class ConfirmationsController < ApplicationController
def confirm_email def confirm_email
if request.post? if request.post?
token = params[:confirm_string] self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])
self.current_user = User.find_by_token_for(:new_email, token) ||
UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
if current_user&.new_email? if current_user&.new_email?
current_user.email = current_user.new_email current_user.email = current_user.new_email
@ -89,7 +82,6 @@ class ConfirmationsController < ApplicationController
else else
flash[:errors] = current_user.errors flash[:errors] = current_user.errors
end end
current_user.tokens.delete_all
session[:user] = current_user.id session[:user] = current_user.id
session[:fingerprint] = current_user.fingerprint session[:fingerprint] = current_user.fingerprint
elsif current_user elsif current_user

7
app/controllers/passwords_controller.rb
View file

@ -19,8 +19,7 @@ class PasswordsController < ApplicationController
@title = t ".title" @title = t ".title"
if params[:token] if params[:token]
self.current_user = User.find_by_token_for(:password_reset, params[:token]) || self.current_user = User.find_by_token_for(:password_reset, params[:token])
UserToken.unexpired.find_by(:token => params[:token])&.user
if current_user.nil? if current_user.nil?
flash[:error] = t ".flash token bad" flash[:error] = t ".flash token bad"
@ -53,8 +52,7 @@ class PasswordsController < ApplicationController
def update def update
if params[:token] if params[:token]
self.current_user = User.find_by_token_for(:password_reset, params[:token]) || self.current_user = User.find_by_token_for(:password_reset, params[:token])
UserToken.unexpired.find_by(:token => params[:token])&.user
if current_user if current_user
if params[:user] if params[:user]
@ -64,7 +62,6 @@ class PasswordsController < ApplicationController
current_user.email_valid = true current_user.email_valid = true
if current_user.save if current_user.save
UserToken.delete_by(:token => params[:token])
session[:fingerprint] = current_user.fingerprint session[:fingerprint] = current_user.fingerprint
flash[:notice] = t ".flash changed" flash[:notice] = t ".flash changed"
successful_login(current_user) successful_login(current_user)

6
app/models/user.rb
View file

@ -57,7 +57,6 @@ class User < ApplicationRecord
has_many :muted_messages, -> { where(:to_user_visible => true, :muted => true).order(:sent_on => :desc).preload(:sender, :recipient) }, :class_name => "Message", :foreign_key => :to_user_id has_many :muted_messages, -> { where(:to_user_visible => true, :muted => true).order(:sent_on => :desc).preload(:sender, :recipient) }, :class_name => "Message", :foreign_key => :to_user_id
has_many :friendships, -> { joins(:befriendee).where(:users => { :status => %w[active confirmed] }) } has_many :friendships, -> { joins(:befriendee).where(:users => { :status => %w[active confirmed] }) }
has_many :friends, :through => :friendships, :source => :befriendee has_many :friends, :through => :friendships, :source => :befriendee
has_many :tokens, :class_name => "UserToken", :dependent => :destroy
has_many :preferences, :class_name => "UserPreference" has_many :preferences, :class_name => "UserPreference"
has_many :changesets, -> { order(:created_at => :desc) }, :inverse_of => :user has_many :changesets, -> { order(:created_at => :desc) }, :inverse_of => :user
has_many :changeset_comments, :foreign_key => :author_id, :inverse_of => :author has_many :changeset_comments, :foreign_key => :author_id, :inverse_of => :author
@ -165,9 +164,6 @@ class User < ApplicationRecord
else else
user = nil user = nil
end end
elsif options[:token]
token = UserToken.find_by(:token => options[:token])
user = token.user if token
end end
if user && if user &&
@ -177,8 +173,6 @@ class User < ApplicationRecord
user = nil user = nil
end end
token.update(:expiry => 1.week.from_now) if token && user
user user
end end

38
app/models/user_token.rb
View file

@ -1,38 +0,0 @@
# == Schema Information
#
# Table name: user_tokens
#
# id :bigint(8) not null, primary key
# user_id :bigint(8) not null
# token :string not null
# expiry :datetime not null
# referer :text
#
# Indexes
#
# user_tokens_token_idx (token) UNIQUE
# user_tokens_user_id_idx (user_id)
#
# Foreign Keys
#
# user_tokens_user_id_fkey (user_id => users.id)
#
class UserToken < ApplicationRecord
belongs_to :user
scope :unexpired, -> { where("expiry >= now()") }
after_initialize :set_defaults
def expired?
expiry < Time.now.utc
end
private
def set_defaults
self.token = OSM.make_token if token.blank?
self.expiry = 1.week.from_now if expiry.blank?
end
end

5
db/migrate/20240228205723_drop_user_tokens.rb Normal file
View file

@ -0,0 +1,5 @@
class DropUserTokens < ActiveRecord::Migration[7.1]
def up
drop_table :user_tokens
end
end

70
db/structure.sql
View file

@ -1532,38 +1532,6 @@ CREATE SEQUENCE public.user_roles_id_seq
ALTER SEQUENCE public.user_roles_id_seq OWNED BY public.user_roles.id; ALTER SEQUENCE public.user_roles_id_seq OWNED BY public.user_roles.id;
--
-- Name: user_tokens; Type: TABLE; Schema: public; Owner: -
--
CREATE TABLE public.user_tokens (
id bigint NOT NULL,
user_id bigint NOT NULL,
token character varying NOT NULL,
expiry timestamp without time zone NOT NULL,
referer text
);
--
-- Name: user_tokens_id_seq; Type: SEQUENCE; Schema: public; Owner: -
--
CREATE SEQUENCE public.user_tokens_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
--
-- Name: user_tokens_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
--
ALTER SEQUENCE public.user_tokens_id_seq OWNED BY public.user_tokens.id;
-- --
-- Name: users; Type: TABLE; Schema: public; Owner: - -- Name: users; Type: TABLE; Schema: public; Owner: -
-- --
@ -1882,13 +1850,6 @@ ALTER TABLE ONLY public.user_mutes ALTER COLUMN id SET DEFAULT nextval('public.u
ALTER TABLE ONLY public.user_roles ALTER COLUMN id SET DEFAULT nextval('public.user_roles_id_seq'::regclass); ALTER TABLE ONLY public.user_roles ALTER COLUMN id SET DEFAULT nextval('public.user_roles_id_seq'::regclass);
--
-- Name: user_tokens id; Type: DEFAULT; Schema: public; Owner: -
--
ALTER TABLE ONLY public.user_tokens ALTER COLUMN id SET DEFAULT nextval('public.user_tokens_id_seq'::regclass);
-- --
-- Name: users id; Type: DEFAULT; Schema: public; Owner: - -- Name: users id; Type: DEFAULT; Schema: public; Owner: -
-- --
@ -2280,14 +2241,6 @@ ALTER TABLE ONLY public.user_roles
ADD CONSTRAINT user_roles_pkey PRIMARY KEY (id); ADD CONSTRAINT user_roles_pkey PRIMARY KEY (id);
--
-- Name: user_tokens user_tokens_pkey; Type: CONSTRAINT; Schema: public; Owner: -
--
ALTER TABLE ONLY public.user_tokens
ADD CONSTRAINT user_tokens_pkey PRIMARY KEY (id);
-- --
-- Name: users users_pkey; Type: CONSTRAINT; Schema: public; Owner: - -- Name: users users_pkey; Type: CONSTRAINT; Schema: public; Owner: -
-- --
@ -2901,20 +2854,6 @@ CREATE INDEX user_id_idx ON public.friends USING btree (friend_user_id);
CREATE UNIQUE INDEX user_roles_id_role_unique ON public.user_roles USING btree (user_id, role); CREATE UNIQUE INDEX user_roles_id_role_unique ON public.user_roles USING btree (user_id, role);
--
-- Name: user_tokens_token_idx; Type: INDEX; Schema: public; Owner: -
--
CREATE UNIQUE INDEX user_tokens_token_idx ON public.user_tokens USING btree (token);
--
-- Name: user_tokens_user_id_idx; Type: INDEX; Schema: public; Owner: -
--
CREATE INDEX user_tokens_user_id_idx ON public.user_tokens USING btree (user_id);
-- --
-- Name: users_auth_idx; Type: INDEX; Schema: public; Owner: - -- Name: users_auth_idx; Type: INDEX; Schema: public; Owner: -
-- --
@ -3490,14 +3429,6 @@ ALTER TABLE ONLY public.user_roles
ADD CONSTRAINT user_roles_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id); ADD CONSTRAINT user_roles_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);
--
-- Name: user_tokens user_tokens_user_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
--
ALTER TABLE ONLY public.user_tokens
ADD CONSTRAINT user_tokens_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);
-- --
-- Name: way_nodes way_nodes_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- Name: way_nodes way_nodes_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
-- --
@ -3581,6 +3512,7 @@ INSERT INTO "schema_migrations" (version) VALUES
('23'), ('23'),
('22'), ('22'),
('21'), ('21'),
('20240228205723'),
('20240117185445'), ('20240117185445'),
('20231213182102'), ('20231213182102'),
('20231206141457'), ('20231206141457'),

1
script/cleanup
View file

@ -2,7 +2,6 @@
require File.join(File.dirname(__FILE__), "..", "config", "environment") require File.join(File.dirname(__FILE__), "..", "config", "environment")
UserToken.where("expiry < NOW()").delete_all
OauthNonce.where("timestamp < EXTRACT(EPOCH FROM NOW() - INTERVAL '1 day')").delete_all OauthNonce.where("timestamp < EXTRACT(EPOCH FROM NOW() - INTERVAL '1 day')").delete_all
OauthToken.where("invalidated_at < NOW() - INTERVAL '28 days'").delete_all OauthToken.where("invalidated_at < NOW() - INTERVAL '28 days'").delete_all
RequestToken.where("authorized_at IS NULL AND created_at < NOW() - INTERVAL '28 days'").delete_all RequestToken.where("authorized_at IS NULL AND created_at < NOW() - INTERVAL '28 days'").delete_all

4
test/models/user_token_test.rb
View file

@ -1,4 +0,0 @@
require "test_helper"
class UserTokenTest < ActiveSupport::TestCase
end