diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index fc343601bd..77585eb438 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -124,12 +124,6 @@ def export end end - def regenerate_api_key - @user.regenerate_api_key - @user.save(validate: false) - render(json: {value: @user.api_key}) - end - def regenerate_sms_auth_code @user.regenerate_sms_auth_code @user.save(validate: false) diff --git a/app/models/user.rb b/app/models/user.rb index 8f3e566498..1a63082098 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -8,7 +8,6 @@ # id :uuid not null, primary key # active :boolean default(TRUE), not null # admin :boolean default(FALSE), not null -# api_key :string(255) # birth_year :integer # crypted_password :string(255) not null # current_login_at :datetime diff --git a/app/serializers/user_serializer.rb b/app/serializers/user_serializer.rb index ccad22d202..88c1c96a96 100644 --- a/app/serializers/user_serializer.rb +++ b/app/serializers/user_serializer.rb @@ -8,7 +8,6 @@ # id :uuid not null, primary key # active :boolean default(TRUE), not null # admin :boolean default(FALSE), not null -# api_key :string(255) # birth_year :integer # crypted_password :string(255) not null # current_login_at :datetime diff --git a/app/views/users/form.html.erb b/app/views/users/form.html.erb index 952660a5c9..3cdc5240bb 100644 --- a/app/views/users/form.html.erb +++ b/app/views/users/form.html.erb @@ -47,9 +47,6 @@ <%= f.field(:password_confirmation, type: :password) %> <% end %> - <% if !@user.new_record? && can?(:regenerate_api_key, @user) %> - <%= f.regenerable_field(:api_key, confirm: t("setting.api_key_warning")) %> - <% end %> <% if !@user.new_record? && can?(:regenerate_sms_auth_code, @user) %> <%= f.regenerable_field(:sms_auth_code, confirm: t("setting.sms_auth_code_warning")) %> <% end %> diff --git a/config/locales/en/main.yml b/config/locales/en/main.yml index 570304cd2a..6346763c03 100644 --- a/config/locales/en/main.yml +++ b/config/locales/en/main.yml @@ -2200,7 +2200,6 @@ en: change_api_key: "Change API Key" override_code_warning: "Note that the new override code will not work with forms that have already been downloaded. You should record the existing code if this is a problem. Are you sure you want to regenerate the code?" sms_token_warning: "Note that this will invalidate the previous SMS token for this mission. All incoming SMSes will be rejected until your SMS gateway settings are updated accordingly. Are you sure you want to regenerate the token?" - api_key_warning: "Note that this will invalidate the previous API key for this user. Are you sure you want to regenerate the key?" sms_auth_code_warning: "Note that this will invalidate the previous SMS auth code for this user. Are you sure you want to regenerate the code?" using_incoming_sms_token: "How do I use this?" headings: @@ -2373,8 +2372,6 @@ en: user: add_assignment: "Add Assignment" - api_key: - regenerate: "Regenerate" back_to_index: "Back to Users List" bulk_destroy_confirm: zero: "Are you sure you want to delete zero users?" diff --git a/db/migrate/20231129192037_remove_api_v1_columns.rb b/db/migrate/20231129192037_remove_api_v1_columns.rb index b923d110b8..bd42689574 100644 --- a/db/migrate/20231129192037_remove_api_v1_columns.rb +++ b/db/migrate/20231129192037_remove_api_v1_columns.rb @@ -3,17 +3,21 @@ class RemoveAPIV1Columns < ActiveRecord::Migration[6.1] def up drop_table :whitelistings + + remove_column :users, :api_key end def down - # create_table "whitelistings", id: :uuid, default: -> { "uuid_generate_v4()" }, force: :cascade do |t| - # t.datetime "created_at", null: false - # t.datetime "updated_at", null: false - # t.uuid "user_id" - # t.uuid "whitelistable_id" - # t.string "whitelistable_type", limit: 255 - # t.index ["user_id"], name: "index_whitelistings_on_user_id" - # t.index ["whitelistable_id"], name: "index_whitelistings_on_whitelistable_id" - # end + create_table :whitelistings, id: :uuid, default: -> { "uuid_generate_v4()" } do |t| + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.uuid "user_id" + t.uuid "whitelistable_id" + t.string "whitelistable_type", limit: 255 + t.index ["user_id"], name: "index_whitelistings_on_user_id" + t.index ["whitelistable_id"], name: "index_whitelistings_on_whitelistable_id" + end + + add_column :users, :api_key, :string, limit: 255 end end diff --git a/db/schema.rb b/db/schema.rb index 38c9311675..8ef380fe6a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -569,7 +569,6 @@ create_table "users", id: :uuid, default: -> { "uuid_generate_v4()" }, force: :cascade do |t| t.boolean "active", default: true, null: false t.boolean "admin", default: false, null: false - t.string "api_key", limit: 255 t.integer "birth_year" t.datetime "created_at", null: false t.string "crypted_password", limit: 255, null: false diff --git a/docs/erd.pdf b/docs/erd.pdf index 49641de18a..160937b4eb 100644 Binary files a/docs/erd.pdf and b/docs/erd.pdf differ diff --git a/spec/factories/users.rb b/spec/factories/users.rb index d2bc15ee97..e017355ddd 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -8,7 +8,6 @@ # id :uuid not null, primary key # active :boolean default(TRUE), not null # admin :boolean default(FALSE), not null -# api_key :string(255) # birth_year :integer # crypted_password :string(255) not null # current_login_at :datetime diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 922587d738..1c42417030 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -8,7 +8,6 @@ # id :uuid not null, primary key # active :boolean default(TRUE), not null # admin :boolean default(FALSE), not null -# api_key :string(255) # birth_year :integer # crypted_password :string(255) not null # current_login_at :datetime diff --git a/spec/support/contexts/api_context.rb b/spec/support/contexts/api_context.rb deleted file mode 100644 index d33e416314..0000000000 --- a/spec/support/contexts/api_context.rb +++ /dev/null @@ -1,30 +0,0 @@ -# frozen_string_literal: true - -# See also similar `contexts/odata`. - -shared_context "api" do - let(:mission) { create(:mission, name: "Mission 1") } - let(:user) { create(:user, mission: mission) } - let(:headers) { {"HTTP_AUTHORIZATION" => "Token token=#{user.api_key}"} } - let(:bad_headers) { {"HTTP_AUTHORIZATION" => "Token token=xxx"} } - let(:json) { JSON.parse(response.body) } -end - -shared_context "api form with responses" do - before do - decoy = create(:form, mission: mission, access_level: "public", question_types: %w[integer]) - create(:response, form: decoy, answer_values: [1]) - - @form = create(:form, mission: mission, access_level: "public", - question_types: %w[integer select_one text]) - @form.questions[2].update_attribute(:access_level, "private") - - Timecop.freeze(Time.now.utc - 10.days) do - create(:response, form: @form, answer_values: [1, "Dog", "Bar"]) - end - Timecop.freeze(Time.now.utc - 5.days) do - create(:response, form: @form, answer_values: [2, "Cat", "Foo"]) - end - create(:response, form: @form, answer_values: [3, "Dog", "Bar"]) - end -end diff --git a/spec/support/helpers/request_spec_helpers.rb b/spec/support/helpers/request_spec_helpers.rb index 70735fc251..ccd753f42b 100644 --- a/spec/support/helpers/request_spec_helpers.rb +++ b/spec/support/helpers/request_spec_helpers.rb @@ -18,18 +18,6 @@ def logout follow_redirect! end - def do_api_request(endpoint, params = {}) - params[:user] ||= @api_user - params[:mission_name] ||= @mission.compact_name - - path_args = [{mission_name: params[:mission_name]}] - path_args.unshift(params[:obj]) if params[:obj] - path = send("api_v1_#{endpoint}_path", *path_args) - - get(path, params: params[:params], - headers: {"HTTP_AUTHORIZATION" => "Token token=#{params[:user].api_key}"}) - end - # Needed for older request specs, maybe related to assert_select. # See http://blog.cynthiakiser.com/blog/page/5/ def document_root_element