remove support for legacy file domain verifiers

refs RECNVS-481 test-plan: specs Change-Id: I48245b80d5d5daaac26a3b64555f8443faed637b Reviewed-on: https://gerrit.instructure.com/151072 Tested-by: Jenkins Reviewed-by: Jonathan Featherstone <[email protected]> QA-Review: Collin Parrish <[email protected]> Product-Review: Jacob Fugal <[email protected]>
ralacas · Jun 12, 2018 · 0d222b3 · 0d222b3
1 parent ad02ae1
commit 0d222b3
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 32 deletions.
diff --git a/app/models/users/access_verifier.rb b/app/models/users/access_verifier.rb
@@ -22,15 +22,6 @@ module AccessVerifier
     class InvalidVerifier < RuntimeError
     end
 
-    def self.validate_legacy(fields)
-      return {} if fields[:sf_verifier].blank?
-      ts = fields[:ts]&.to_i
-      raise InvalidVerifier unless ts > 5.minutes.ago.to_i && ts < 1.minute.from_now.to_i
-      user = User.where(id: fields[:user_id]).first
-      raise InvalidVerifier unless user && fields[:sf_verifier] == OpenSSL::HMAC.hexdigest(OpenSSL::Digest::MD5.new, user.uuid, ts.to_s)
-      return { user: user }
-    end
-
     def self.generate(claims)
       return {} unless claims[:user]
 
@@ -52,11 +43,6 @@ def self.generate(claims)
     end
 
     def self.validate(fields)
-      if fields[:user_id].present? && fields[:ts].present?
-        # validate legacy verifiers
-        return validate_legacy(fields)
-      end
-
       return {} if fields[:sf_verifier].blank?
       claims = Canvas::Security.decode_jwt(fields[:sf_verifier])
 

diff --git a/spec/models/users/access_verifier_spec.rb b/spec/models/users/access_verifier_spec.rb
@@ -100,24 +100,6 @@ module Users
         tampered = verifier.merge(sf_verifier: 'tampered')
         expect{ Users::AccessVerifier.validate(tampered) }.to raise_exception(Users::AccessVerifier::InvalidVerifier)
       end
-
-      describe "with a legacy verifier" do
-        let(:verifier) do
-          ts = Time.now.utc.to_i.to_s
-          signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::MD5.new, user.uuid, ts)
-          { ts: ts, user_id: user.global_id, sf_verifier: signature }
-        end
-
-        it "validates" do
-          expect{ Users::AccessVerifier.validate(verifier) }.not_to raise_exception
-        end
-
-        it "returns verified user claim" do
-          verified = Users::AccessVerifier.validate(verifier)
-          expect(verified).to have_key(:user)
-          expect(verified[:user]).to eql(user)
-        end
-      end
     end
   end
 end