From 2998432744fa958c567266c8899bc9204e3883e9 Mon Sep 17 00:00:00 2001 From: Maikel Linke Date: Wed, 18 Mar 2026 16:18:40 +1100 Subject: [PATCH] Remove use of devise token_authenticable Our production servers don't show any use of this feature. The associated column is nil for all users. The gem has not been updated in seven years and it's blocking an important upgrade of devise. --- app/models/spree/user.rb | 2 +- config/initializers/devise.rb | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/app/models/spree/user.rb b/app/models/spree/user.rb index b31099752b..c04ad57268 100644 --- a/app/models/spree/user.rb +++ b/app/models/spree/user.rb @@ -8,7 +8,7 @@ module Spree searchable_attributes :email - devise :database_authenticatable, :token_authenticatable, :registerable, :recoverable, + devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :encryptable, :confirmable, encryptor: 'authlogic_sha512', reconfirmable: true, diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index d3348dc9a4..332ef1e6e3 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -138,11 +138,6 @@ Devise.setup do |config| config.case_insensitive_keys = [:email] end -Devise::TokenAuthenticatable.setup do |config| - # Defines name of the authentication token params key - config.token_authentication_key = :auth_token -end - if ENV["OPENID_APP_ID"].present? && ENV["OPENID_APP_SECRET"].present? Devise.setup do |config| site = if Rails.env.development?