From 8aab9bacbe440ffaed056e6032ca0e489e229b95 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 31 Jul 2019 22:25:40 +0100 Subject: [PATCH] Delete now irrelevant authorize_api endpoint and logic OFN API is now authenticating all users, if no session and no key is provided an anonymous user will be created so that user can access public endpoints, authorization is then done at each individual endpoint. This makes this spree api auth call irrelevant --- .../admin/bulk_product_update.js.coffee | 9 ++------- .../services/spree_api_auth.js.coffee | 16 ---------------- .../variant_overrides_controller.js.coffee | 10 ++-------- app/controllers/spree/api/users_controller.rb | 7 ------- .../admin/products/index/_indicators.html.haml | 3 --- config/routes/spree.rb | 6 ------ .../admin/bulk_product_update_spec.js.coffee | 4 ---- 7 files changed, 4 insertions(+), 51 deletions(-) delete mode 100644 app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee delete mode 100644 app/controllers/spree/api/users_controller.rb diff --git a/app/assets/javascripts/admin/bulk_product_update.js.coffee b/app/assets/javascripts/admin/bulk_product_update.js.coffee index e220f2bb41..1b82a0e0f7 100644 --- a/app/assets/javascripts/admin/bulk_product_update.js.coffee +++ b/app/assets/javascripts/admin/bulk_product_update.js.coffee @@ -1,4 +1,4 @@ -angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, SpreeApiAuth, Columns, tax_categories, RequestMonitor) -> +angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, Columns, tax_categories, RequestMonitor) -> $scope.StatusMessage = StatusMessage $scope.columns = Columns.columns @@ -39,12 +39,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout $scope.DisplayProperties = DisplayProperties $scope.initialise = -> - SpreeApiAuth.authorise() - .then -> - $scope.spree_api_key_ok = true - $scope.fetchProducts() - .catch (message) -> - $scope.api_error_msg = message + $scope.fetchProducts() $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter, per_page]', -> $scope.page = 1 # Reset page when changing filters for new search diff --git a/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee b/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee deleted file mode 100644 index a74f05ed15..0000000000 --- a/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee +++ /dev/null @@ -1,16 +0,0 @@ -angular.module("admin.indexUtils").factory "SpreeApiAuth", ($q, $http, SpreeApiKey) -> - new class SpreeApiAuth - authorise: -> - deferred = $q.defer() - - $http.get("/api/users/authorise_api?token=" + SpreeApiKey) - .success (response) -> - if response?.success == "Use of API Authorised" - $http.defaults.headers.common["X-Spree-Token"] = SpreeApiKey - deferred.resolve() - - .error (response) -> - error = response?.error || t('js.unauthorized') - deferred.reject(error) - - deferred.promise diff --git a/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee b/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee index 6b7cea8243..c37ba72071 100644 --- a/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee +++ b/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee @@ -1,4 +1,4 @@ -angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, SpreeApiAuth, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) -> +angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) -> $scope.hubs = Indexer.index hubs $scope.hub_id = if hubs.length == 1 then hubs[0].id else null $scope.products = [] @@ -39,13 +39,7 @@ angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", $scope.producerFilter != 0 || $scope.query != '' $scope.initialise = -> - SpreeApiAuth.authorise() - .then -> - $scope.spree_api_key_ok = true - $scope.fetchProducts() - .catch (message) -> - $scope.api_error_msg = message - + $scope.fetchProducts() $scope.fetchProducts = -> url = "/api/products/overridable?page=::page::;per_page=100" diff --git a/app/controllers/spree/api/users_controller.rb b/app/controllers/spree/api/users_controller.rb deleted file mode 100644 index 74f83f6709..0000000000 --- a/app/controllers/spree/api/users_controller.rb +++ /dev/null @@ -1,7 +0,0 @@ -module Spree - module Api - class UsersController < Spree::Api::BaseController - respond_to :json - end - end -end diff --git a/app/views/spree/admin/products/index/_indicators.html.haml b/app/views/spree/admin/products/index/_indicators.html.haml index b4b605a34b..4c39f9a5d9 100644 --- a/app/views/spree/admin/products/index/_indicators.html.haml +++ b/app/views/spree/admin/products/index/_indicators.html.haml @@ -1,6 +1,3 @@ -%div{ 'ng-show' => '!spree_api_key_ok' } - {{ api_error_msg }} - %div.sixteen.columns.alpha#loading{ 'ng-if' => 'RequestMonitor.loading' } %br %img.spinner{ src: "/assets/spinning-circles.svg" } diff --git a/config/routes/spree.rb b/config/routes/spree.rb index 77a954081e..72d43d90ec 100644 --- a/config/routes/spree.rb +++ b/config/routes/spree.rb @@ -51,12 +51,6 @@ Spree::Core::Engine.routes.prepend do resources :credit_cards - namespace :api, :defaults => { :format => 'json' } do - resources :users do - get :authorise_api, on: :collection - end - end - namespace :admin do get '/search/known_users' => "search#known_users", :as => :search_known_users get '/search/customers' => 'search#customers', :as => :search_customers diff --git a/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee b/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee index bc07c70cdf..c2db1cc403 100644 --- a/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee +++ b/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee @@ -272,13 +272,9 @@ describe "AdminProductEditCtrl", -> describe "loading data upon initialisation", -> it "gets a list of producers and then resets products with a list of data", -> - $httpBackend.expectGET("/api/users/authorise_api?token=API_KEY").respond success: "Use of API Authorised" spyOn($scope, "fetchProducts").and.returnValue "nothing" $scope.initialise() - $httpBackend.flush() expect($scope.fetchProducts.calls.count()).toBe 1 - expect($scope.spree_api_key_ok).toEqual true - describe "fetching products", -> $q = null