From b89e0a9e8210b62f8aeecd2904dea14f1678d31c Mon Sep 17 00:00:00 2001
From: Adam Cooke <adam@krystal.io>
Date: Fri, 23 Feb 2024 14:30:00 +0000
Subject: [PATCH] refactor: remove token logins

---
 Gemfile                                |  1 -
 app/controllers/sessions_controller.rb | 14 +-------------
 config/routes.rb                       |  1 -
 3 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/Gemfile b/Gemfile
index e8837af..afa87d2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,7 +13,6 @@ gem "gelf"
 gem "haml"
 gem "hashie"
 gem "highline", require: false
-gem "jwt"
 gem "kaminari"
 gem "klogger-logger"
 gem "mail"
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index e873d7d..99a80f2 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
 
   layout "sub"
 
-  skip_before_action :login_required, only: [:new, :create, :create_with_token, :begin_password_reset, :finish_password_reset, :ip, :raise_error]
+  skip_before_action :login_required, only: [:new, :create, :begin_password_reset, :finish_password_reset, :ip, :raise_error]
 
   def create
     login(User.authenticate(params[:email_address], params[:password]))
@@ -15,18 +15,6 @@ class SessionsController < ApplicationController
     render "new"
   end
 
-  def create_with_token
-    result = JWT.decode(params[:token], Postal.signing_key.to_s, "HS256")[0]
-    if result["timestamp"] > 1.minute.ago.to_f
-      login(User.find(result["user"].to_i))
-      redirect_to root_path
-    else
-      destroy
-    end
-  rescue JWT::VerificationError
-    destroy
-  end
-
   def destroy
     auth_session.invalidate! if logged_in?
     reset_session
diff --git a/config/routes.rb b/config/routes.rb
index 727ed2b..51026e1 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -81,7 +81,6 @@ Rails.application.routes.draw do
 
   get "login" => "sessions#new"
   post "login" => "sessions#create"
-  get "login/token" => "sessions#create_with_token"
   delete "logout" => "sessions#destroy"
   match "login/reset" => "sessions#begin_password_reset", :via => [:get, :post]
   match "login/reset/:token" => "sessions#finish_password_reset", :via => [:get, :post]