Remove deprecated methods and helpers (#147)

CHANGELOG.md

@@ -19,11 +19,19 @@ Passwordless no longer [_isolates namespace_](https://guides.rubyonrails.org/eng
 1. Update all your links with eg. `users.sign_in_path` to `users_sign_in_path`
 1. Remove all links with `main_app.whatever_path` to just `whatever_path`
 
+#### 3. Remove deprecated methods and helpers
+
+Removes `authenticate_by_cookie` and `upgrade_passwordless_cookie` from controller helpers.
+
 ### Changed
 
 - Tokens are now encrypted in the database ([#145](https://github.com/mikker/passwordless/pull/145))
 - Un-isolate namespace ([#146](https://github.com/mikker/passwordless/pull/146))
 
+### Removed
+
+- Deprecated methods and helpers ([#147](https://github.com/mikker/passwordless/pull/147))
+
 ## 0.12.0 (2023-06-16)
 
 ### Added

app/models/passwordless/session.rb

@@ -33,14 +33,6 @@ class Session < ApplicationRecord
  lambda { where("expires_at > ?", Time.current) }
  )
 
- def self.valid
- available
- end
-
- class << self
- deprecate :valid, deprecator: SessionValidDeprecation
- end
-
  def expired?
  expires_at <= Time.current
  end

lib/passwordless.rb

@@ -29,7 +29,4 @@ def self.digest(token)
  mattr_accessor(:after_session_save) do
  lambda { |session, _request| Mailer.magic_link(session).deliver_now }
  end
-
- CookieDeprecation = ActiveSupport::Deprecation.new("0.9", "passwordless")
- SessionValidDeprecation = ActiveSupport::Deprecation.new("0.9", "passwordless")
 end

lib/passwordless/controller_helpers.rb

@@ -23,40 +23,6 @@ def build_passwordless_session(authenticatable)
  end
  end
 
- # @deprecated Use {ControllerHelpers#authenticate_by_session}
- # Authenticate a record using cookies. Looks for a cookie corresponding to
- # the _authenticatable_class_. If found try to find it in the database.
- # @param authenticatable_class [ActiveRecord::Base] any Model connected to
- # passwordless. (e.g - _User_ or _Admin_).
- # @return [ActiveRecord::Base|nil] an instance of Model found by id stored
- # in cookies.encrypted or nil if nothing is found.
- # @see ModelHelpers#passwordless_with
- def authenticate_by_cookie(authenticatable_class)
- key = cookie_name(authenticatable_class)
- authenticatable_id = cookies.encrypted[key]
-
- return authenticatable_class.find_by(id: authenticatable_id) if authenticatable_id
-
- authenticate_by_session(authenticatable_class)
- end
-
- deprecate :authenticate_by_cookie, deprecator: CookieDeprecation
-
- def upgrade_passwordless_cookie(authenticatable_class)
- key = cookie_name(authenticatable_class)
-
- return unless (authenticatable_id = cookies.encrypted[key])
- cookies.encrypted.permanent[key] = {value: nil}
- cookies.delete(key)
-
- return unless (record = authenticatable_class.find_by(id: authenticatable_id))
- new_session = build_passwordless_session(record).tap { |s| s.save! }
-
- sign_in(new_session)
-
- new_session.authenticatable
- end
-
  # Authenticate a record using the session. Looks for a session key corresponding to
  # the _authenticatable_class_. If found try to find it in the database.
  # @param authenticatable_class [ActiveRecord::Base] any Model connected to
@@ -73,47 +39,30 @@ def authenticate_by_session(authenticatable_class)
  # @param authenticatable [Passwordless::Session] Instance of {Passwordless::Session}
  # to sign in
  # @return [ActiveRecord::Base] the record that is passed in.
- def sign_in(record)
- passwordless_session = if record.is_a?(Passwordless::Session)
- record
- else
- warn(
- "Passwordless::ControllerHelpers#sign_in with authenticatable " \
- "(`#{record.class}') is deprecated. Falling back to creating a " \
- "new Passwordless::Session"
- )
- build_passwordless_session(record).tap { |s| s.save! }
- end
-
+ def sign_in(passwordless_session)
  passwordless_session.claim! if Passwordless.restrict_token_reuse
 
  raise Passwordless::Errors::SessionTimedOutError if passwordless_session.timed_out?
 
- old_session = session.dup.to_hash
- reset_session if defined?(reset_session) # allow usage outside controllers
- old_session.each_pair { |k, v| session[k.to_sym] = v }
+ if defined?(reset_session)
+ old_session = session.dup.to_hash
+ # allow usage outside controllers
+ reset_session
+ old_session.each_pair { |k, v| session[k.to_sym] = v }
+ end
 
  key = session_key(passwordless_session.authenticatable_type)
  session[key] = passwordless_session.id
 
- if record.is_a?(Passwordless::Session)
- passwordless_session
- else
- passwordless_session.authenticatable
- end
+ passwordless_session
  end
 
  # Signs out user by deleting the session key.
  # @param (see #authenticate_by_session)
  # @return [boolean] Always true
  def sign_out(authenticatable_class)
- # Deprecated - cookies
- key = cookie_name(authenticatable_class)
- cookies.encrypted.permanent[key] = {value: nil}
- cookies.delete(key)
-
- # /deprecated
- reset_session if defined?(reset_session) # allow usage outside controllers
+ session.delete(session_key(authenticatable_class))
+ reset_session
  true
  end
 
@@ -151,10 +100,5 @@ def authenticatable_class_parameterized(authenticatable_class)
 
  authenticatable_class.base_class.to_s.parameterize
  end
-
- # Deprecated
- def cookie_name(authenticatable_class)
- :"#{authenticatable_class.base_class.to_s.underscore}_id"
- end
  end
 end

test/controllers/passwordless/sessions_controller_test.rb

@@ -125,6 +125,7 @@ class << User
 
  get "/users/sign_in/#{passwordless_session.token}"
  old_session_id = @request.session_options[:id].to_s
+
  get "/users/sign_in/#{passwordless_session.token}"
  new_session_id = @request.session_options[:id].to_s
 
@@ -199,14 +200,14 @@ class << User
  end
 
  test("signing in and redirecting with redirect_to options") do
- Passwordless.redirect_to_response_options = { notice: 'hello!' }
+ Passwordless.redirect_to_response_options = {notice: "hello!"}
 
  user = User.create!(email: "a@a")
  passwordless_session = create_session_for(user)
  get "/users/sign_in/#{passwordless_session.token}"
  follow_redirect!
 
- assert_equal 'hello!', flash[:notice]
+ assert_equal "hello!", flash[:notice]
  assert_equal 200, status
  assert_equal Passwordless.success_redirect_path, path
  end
@@ -253,8 +254,20 @@ class << User
  assert session[Helpers.session_key(user.class)].blank?
  end
 
+ test("reset session id when signing out") do
+ user = User.create(email: "a@a")
+ passwordless_session = create_session_for(user)
+ get "/users/sign_in/#{passwordless_session.token}"
+
+ old_session_id = @request.session_options[:id].to_s
+ get "/users/sign_out"
+ new_session_id = @request.session_options[:id].to_s
+
+ assert_not_equal old_session_id, new_session_id
+ end
+
  test("signing out with redirect_to options") do
- Passwordless.redirect_to_response_options = { notice: 'bye!' }
+ Passwordless.redirect_to_response_options = {notice: "bye!"}
 
  user = User.create(email: "a@a")
  passwordless_session = create_session_for(user)
@@ -265,7 +278,7 @@ class << User
 
  follow_redirect!
 
- assert_equal 'bye!', flash[:notice]
+ assert_equal "bye!", flash[:notice]
  assert_equal 200, status
  assert_equal "/", path
  assert session[Helpers.session_key(user.class)].blank?
@@ -309,19 +322,5 @@ class << User
 
  Passwordless.restrict_token_reuse = default
  end
-
- test("signing out removes cookies") do
- user = User.create(email: "a@a")
-
- cookies[:user_id] = user.id
- assert_not_nil cookies[:user_id]
-
- get "/users/sign_out"
- follow_redirect!
-
- assert_equal 200, status
- assert_equal "/", path
- assert cookies[:user_id].blank?
- end
  end
 end

test/dummy/app/controllers/application_controller.rb

@@ -10,7 +10,7 @@ class ApplicationController < ActionController::Base
  private
 
  def current_user
- @current_user ||= authenticate_by_session(User) || upgrade_passwordless_cookie(User)
+ @current_user ||= authenticate_by_session(User)
  end
 
  def authenticate_user!

test/dummy/config/routes.rb

@@ -9,8 +9,6 @@
 
  get("/secret", to: "secrets#index")
  get("/secret-alt", to: "secrets#index")
- get("/deprecated_secret", to: "deprecated_secrets#index")
- post("/deprecated_fake_login", to: "deprecated_secrets#fake_login")
 
  root(to: "users#index")
 end