From f30fac57a024c2b43dbd519c25c9d1000fb8a86c Mon Sep 17 00:00:00 2001
From: Suzanne Vogt <suzanne.vogt@datacite.org>
Date: Fri, 25 Feb 2022 09:24:28 -0500
Subject: [PATCH] Remove password from jwt. Review mods.

---
 app/models/concerns/authenticable.rb | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/app/models/concerns/authenticable.rb b/app/models/concerns/authenticable.rb
index 2f6107b08..a1a86c58f 100644
--- a/app/models/concerns/authenticable.rb
+++ b/app/models/concerns/authenticable.rb
@@ -308,7 +308,6 @@ def generate_token(attributes = {})
         provider_id: attributes.fetch(:provider_id, nil),
         client_id: attributes.fetch(:client_id, nil),
         role_id: attributes.fetch(:role_id, "staff_admin"),
-        password: attributes.fetch(:password, nil),
         beta_tester: attributes.fetch(:beta_tester, nil),
         has_orcid_token: attributes.fetch(:has_orcid_token, nil),
         aud: attributes.fetch(:aud, Rails.env),
@@ -331,7 +330,6 @@ def generate_alb_token(attributes = {})
         provider_id: attributes.fetch(:provider_id, nil),
         client_id: attributes.fetch(:client_id, nil),
         role_id: attributes.fetch(:role_id, "user"),
-        password: attributes.fetch(:password, nil),
         aud: Rails.env,
         iat: Time.now.to_i,
         exp: Time.now.to_i + attributes.fetch(:exp, 30),
@@ -358,11 +356,8 @@ def get_payload(uid: nil, user: nil, password: nil)
 
       # we only need password for clients registering DOIs in the handle system
       if uid.include? "."
-        payload.merge!(
-          "provider_id" => user.provider_id,
-          "client_id" => uid,
-          "password" => password,
-        )
+        payload["provider_id"] = user.provider_id
+        payload["client_id"] = uid
       elsif uid != "admin"
         payload["provider_id"] = uid
       end