Delete now irrelevant authorize_api endpoint and logic

OFN API is now authenticating all users, if no session and no key is provided an anonymous user will be created so that user can access public endpoints, authorization is then done at each individual endpoint. This makes this spree api auth call irrelevant
2026-01-24 20:36:49 +00:00 · 2019-07-31 22:25:40 +01:00
parent 66fdbe4379
commit 8aab9bacbe
7 changed files with 4 additions and 51 deletions
--- a/app/assets/javascripts/admin/bulk_product_update.js.coffee
+++ b/app/assets/javascripts/admin/bulk_product_update.js.coffee
@@ -1,4 +1,4 @@
-angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, SpreeApiAuth, Columns, tax_categories, RequestMonitor) ->
+angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, Columns, tax_categories, RequestMonitor) ->
  $scope.StatusMessage = StatusMessage

  $scope.columns = Columns.columns
@@ -39,12 +39,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
  $scope.DisplayProperties = DisplayProperties

  $scope.initialise = ->
-    SpreeApiAuth.authorise()
-    .then ->
-      $scope.spree_api_key_ok = true
-      $scope.fetchProducts()
-    .catch (message) ->
-      $scope.api_error_msg = message
+    $scope.fetchProducts()

  $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter, per_page]', ->
    $scope.page = 1 # Reset page when changing filters for new search
--- a/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee
@@ -1,16 +0,0 @@
-angular.module("admin.indexUtils").factory "SpreeApiAuth", ($q, $http, SpreeApiKey) ->
-  new class SpreeApiAuth
-    authorise: ->
-      deferred = $q.defer()
-
-      $http.get("/api/users/authorise_api?token=" + SpreeApiKey)
-      .success (response) ->
-        if response?.success == "Use of API Authorised"
-          $http.defaults.headers.common["X-Spree-Token"] = SpreeApiKey
-          deferred.resolve()
-
-      .error (response) ->
-        error = response?.error || t('js.unauthorized')
-        deferred.reject(error)
-
-      deferred.promise
--- a/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee
+++ b/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee
@@ -1,4 +1,4 @@
-angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, SpreeApiAuth, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) ->
+angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) ->
  $scope.hubs = Indexer.index hubs
  $scope.hub_id = if hubs.length == 1 then hubs[0].id else null
  $scope.products = []
@@ -39,13 +39,7 @@ angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl",
    $scope.producerFilter != 0 || $scope.query != ''

  $scope.initialise = ->
-    SpreeApiAuth.authorise()
-    .then ->
-      $scope.spree_api_key_ok = true
-      $scope.fetchProducts()
-    .catch (message) ->
-      $scope.api_error_msg = message
-
+    $scope.fetchProducts()

  $scope.fetchProducts = ->
    url = "/api/products/overridable?page=::page::;per_page=100"
--- a/app/controllers/spree/api/users_controller.rb
+++ b/app/controllers/spree/api/users_controller.rb
@@ -1,7 +0,0 @@
-module Spree
-  module Api
-    class UsersController < Spree::Api::BaseController
-      respond_to :json
-    end
-  end
-end
--- a/app/views/spree/admin/products/index/_indicators.html.haml
+++ b/app/views/spree/admin/products/index/_indicators.html.haml
@@ -1,6 +1,3 @@
-%div{ 'ng-show' => '!spree_api_key_ok' }
-  {{ api_error_msg }}
-
 %div.sixteen.columns.alpha#loading{ 'ng-if' => 'RequestMonitor.loading' }
  %br
  %img.spinner{ src: "/assets/spinning-circles.svg" }
--- a/config/routes/spree.rb
+++ b/config/routes/spree.rb
@@ -51,12 +51,6 @@ Spree::Core::Engine.routes.prepend do

  resources :credit_cards

-  namespace :api, :defaults => { :format => 'json' } do
-    resources :users do
-      get :authorise_api, on: :collection
-    end
-  end
-
  namespace :admin do
    get '/search/known_users' => "search#known_users", :as => :search_known_users
    get '/search/customers' => 'search#customers', :as => :search_customers
--- a/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee
+++ b/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee
@@ -272,13 +272,9 @@ describe "AdminProductEditCtrl", ->

  describe "loading data upon initialisation", ->
    it "gets a list of producers and then resets products with a list of data", ->
-      $httpBackend.expectGET("/api/users/authorise_api?token=API_KEY").respond success: "Use of API Authorised"
      spyOn($scope, "fetchProducts").and.returnValue "nothing"
      $scope.initialise()
-      $httpBackend.flush()
      expect($scope.fetchProducts.calls.count()).toBe 1
-      expect($scope.spree_api_key_ok).toEqual true
-

  describe "fetching products", ->
    $q = null