Remove device login functionality (proofcarryingdata#1023)

One of my first PRs, now gone but not forgotten.

Closes proofcarryingdata#1022

apps/passport-client/pages/index.tsx

@@ -14,7 +14,6 @@ import { HaloScreen } from "../components/screens/HaloScreen/HaloScreen";
 import { HomeScreen } from "../components/screens/HomeScreen";
 import { AlreadyRegisteredScreen } from "../components/screens/LoginScreens/AlreadyRegisteredScreen";
 import { CreatePasswordScreen } from "../components/screens/LoginScreens/CreatePasswordScreen";
-import { DeviceLoginScreen } from "../components/screens/LoginScreens/DeviceLoginScreen";
 import { LoginInterstitialScreen } from "../components/screens/LoginScreens/LoginInterstitialScreen";
 import { LoginScreen } from "../components/screens/LoginScreens/LoginScreen";
 import { NewPassportScreen } from "../components/screens/LoginScreens/NewPassportScreen";
@@ -177,7 +176,6 @@ function RouterImpl() {
             path="checkin-by-id"
             element={<DevconnectCheckinByIdScreen />}
           />
-          <Route path="device-login" element={<DeviceLoginScreen />} />
           <Route path="subscriptions" element={<SubscriptionsScreen />} />
           <Route path="add-subscription" element={<AddSubscriptionScreen />} />
           <Route path="telegram" element={<HomeScreen />} />

apps/passport-client/src/dispatch.ts

@@ -8,7 +8,6 @@ import {
   isSyncedEncryptedStorageV3,
   KnownTicketTypesAndKeys,
   requestCreateNewUser,
-  requestDeviceLogin,
   requestLogToServer,
   requestUser,
   SyncedEncryptedStorage,
@@ -62,12 +61,6 @@ export type Action =
       password: string;
       token: string;
     }
-  | {
-      type: "device-login";
-      email: string;
-      secret: string;
-    }
-  | { type: "new-device-login-passport" }
   | {
       type: "set-self";
       self: User;
@@ -147,10 +140,6 @@ export async function dispatch(
         state,
         update
       );
-    case "device-login":
-      return deviceLogin(action.email, action.secret, state, update);
-    case "new-device-login-passport":
-      return genDeviceLoginPassport(state.identity, update);
     case "set-self":
       return setSelf(action.self, state, update);
     case "error":
@@ -228,26 +217,6 @@ async function genPassport(
   update({ pcds });
 }
 
-/**
- * Pretty much the same as genPassport, but without screen
- * navigation coupled to the email verification workflow
- */
-async function genDeviceLoginPassport(identity: Identity, update: ZuUpdate) {
-  const identityPCD = await SemaphoreIdentityPCDPackage.prove({ identity });
-  const pcds = new PCDCollection(await getPackages(), [identityPCD]);
-
-  const crypto = await PCDCrypto.newInstance();
-  const encryptionKey = await crypto.generateRandomKey();
-
-  await savePCDs(pcds);
-  await saveEncryptionKey(encryptionKey);
-
-  update({
-    pcds,
-    encryptionKey
-  });
-}
-
 async function createNewUserSkipPassword(
   email: string,
   token: string,
@@ -326,32 +295,6 @@ async function createNewUserWithPassword(
   });
 }
 
-async function deviceLogin(
-  email: string,
-  secret: string,
-  state: AppState,
-  update: ZuUpdate
-) {
-  const deviceLoginResult = await requestDeviceLogin(
-    appConfig.zupassServer,
-    email,
-    secret,
-    state.identity.commitment.toString()
-  );
-
-  if (deviceLoginResult.success) {
-    return finishLogin(deviceLoginResult.value, state, update);
-  }
-
-  update({
-    error: {
-      title: "Login failed",
-      message: "Couldn't log in. " + deviceLoginResult.error,
-      dismissToCurrentPage: true
-    }
-  });
-}
-
 /**
  * Runs the first time the user logs in with their email
  */

apps/passport-server/src/database/queries/devconnect_pretix_tickets/fetchDevconnectPretixTicket.ts

@@ -86,36 +86,6 @@ export async function fetchDevconnectPretixTicketsByEmail(
   return result.rows;
 }
 
-/**
- * Fetch a Devconnect device login, by email and secret.
- *
- * For Devconnect we want to provide the ability for users to sign in using
- * device-specific email addresses, and a ticket-specific secret. We want
- * this query to succeed if we can match the email/secret, and the item is
- * a superuser for the event.
- */
-export async function fetchDevconnectDeviceLoginTicket(
-  client: Pool,
-  email: string,
-  secret: string
-): Promise<DevconnectPretixTicketDBWithEmailAndItem> {
-  const result = await sqlQuery(
-    client,
-    `\
-    select t.* from devconnect_pretix_tickets t
-    join devconnect_pretix_items_info i on t.devconnect_pretix_items_info_id = i.id
-    join devconnect_pretix_events_info e on e.id = i.devconnect_pretix_events_info_id
-    join pretix_events_config ec on ec.id = e.pretix_events_config_id
-    where i.item_id = ANY(ec.superuser_item_ids)
-    and t.email = $1 and t.secret = $2
-    and t.is_deleted = false
-    `,
-    [email, secret]
-  );
-
-  return result.rows[0];
-}
-
 export async function fetchDevconnectSuperusers(
   client: Pool
 ): Promise<Array<DevconnectSuperuser>> {

apps/passport-server/src/routing/routes/accountRoutes.ts

@@ -1,7 +1,6 @@
 import {
   ConfirmEmailRequest,
   CreateNewUserRequest,
-  DeviceLoginRequest,
   SaltResponseValue,
   VerifyTokenRequest,
   VerifyTokenResponseValue
@@ -147,34 +146,6 @@ export function initAccountRoutes(
     );
   });
 
-  /**
-   * Allows users to login as a particular email without having to go through
-   * the email verification flow.
-   *
-   * Caller must provide a `secret`, which corresponds to the `secret` on a valid
-   * ticket stored in pretix for the given email that is a superuser ticket.
-   *
-   * In the case that no such ticket exists, returns a 403 server error.
-   *
-   * In the case that a user has already signed in with that email, overwrites
-   * their account.
-   *
-   * If logging in was successful, returns a {@link ZupassUserJson}, otherwise
-   * a 500 server error.
-   */
-  app.post("/account/device-login", async (req: Request, res: Response) => {
-    const secret = checkBody<DeviceLoginRequest, "secret">(req, "secret");
-    const email = normalizeEmail(
-      checkBody<DeviceLoginRequest, "email">(req, "email")
-    );
-    const commitment = checkBody<DeviceLoginRequest, "commitment">(
-      req,
-      "commitment"
-    );
-
-    await userService.handleNewDeviceLogin(secret, email, commitment, res);
-  });
-
   /**
    * Gets a Zupass user by their uuid.
    * If the service is not ready, returns a 503 server error.

apps/passport-server/src/services/userService.ts

@@ -6,7 +6,6 @@ import {
 import { ONE_HOUR_MS, ZUPASS_SUPPORT_EMAIL } from "@pcd/util";
 import { Response } from "express";
 import { UserRow } from "../database/models";
-import { fetchDevconnectDeviceLoginTicket } from "../database/queries/devconnect_pretix_tickets/fetchDevconnectPretixTicket";
 import {
   updateUserAccountRestTimestamps,
   upsertUser
@@ -262,40 +261,6 @@ export class UserService {
     res.status(200).json(userJson);
   }
 
-  public async handleNewDeviceLogin(
-    secret: string,
-    email: string,
-    commitment: string,
-    res: Response
-  ): Promise<void> {
-    const ticket = await fetchDevconnectDeviceLoginTicket(
-      this.context.dbPool,
-      email,
-      secret
-    );
-
-    if (!ticket) {
-      throw new PCDHTTPError(
-        403,
-        `Secret key is not valid, or no such device login exists.`
-      );
-    }
-
-    logger(`[USER_SERVICE] Saving new commitment: ${commitment}`);
-    await upsertUser(this.context.dbPool, { email, commitment });
-    this.semaphoreService.scheduleReload();
-
-    const user = await fetchUserByEmail(this.context.dbPool, email);
-    if (!user) {
-      throw new PCDHTTPError(403, `no user with email '${email}' exists`);
-    }
-
-    const userJson = userRowToZupassUserJson(user);
-
-    logger(`[USER_SERVICE] logged in a device login user`, userJson);
-    res.status(200).json(userJson satisfies ZupassUserJson);
-  }
-
   /**
    * Returns either the user, or null if no user with the given uuid can be found.
    */