Stop generating refresh_tokens #1654

Merged
merged 5 commits into from Dec 1, 2016

Projects

None yet

2 participants

@richvdh
Member
richvdh commented Nov 25, 2016 edited

Refresh tokens are dead, so let's stop trying to generate new ones.

richvdh added some commits Nov 28, 2016
@richvdh richvdh Stop generating refresh tokens
Since we're not doing refresh tokens any more, we should start killing off the
dead code paths. /tokenrefresh itself is a bit of a thornier subject, since
there might be apps out there using it, but we can at least not generate
refresh tokens on new logins.
5c4edc8
@richvdh richvdh Merge branch 'develop' into rav/no_more_refresh_tokens
dc4b23e
@richvdh richvdh Rip out more refresh_token code
We might as well treat all refresh_tokens as invalid. Just return a 403 from
/tokenrefresh, so that we don't have a load of dead, untestable code hanging
around.

Still TODO: removing the table from the schema.
aa09d6b
@richvdh richvdh fix imports
12f3b90
@@ -386,8 +386,8 @@ def _create_registration_details(self, user_id, params):
"""
@NegativeMjark
NegativeMjark Dec 1, 2016 Contributor

The doc-string still refers to refresh_tokens

@NegativeMjark
Contributor

We might want to remove the refresh_tokens database table at somepoint, but fitting that into the schema upgrade process might be subtle given that there are background updates run against that table. So lets leave that for another PR so that it can be reviewed properly.

@NegativeMjark
Contributor
NegativeMjark commented Dec 1, 2016 edited

Other than the stale docstring LGTM.

@richvdh
Member
richvdh commented Dec 1, 2016

We might want to remove the refresh_tokens database table at somepoint, but fitting that into the schema upgrade process might be subtle given that there are background updates run against that table. So lets leave that for another PR so that it can be reviewed properly.

yeah, I came to exactly the same conclusion.

@richvdh richvdh Fix doc-string
Remove refresh_token reference
6841d8f
@richvdh richvdh merged commit 4712000 into develop Dec 1, 2016

0 of 5 checks passed

Flake8 + Packaging (Merged PR) Build triggered. sha1 is merged.
Details
Sytest Dendron (Merged PR) Build triggered. sha1 is merged.
Details
Sytest Postgres (Merged PR) Build triggered. sha1 is merged.
Details
Sytest SQLite (Merged PR) Build triggered. sha1 is merged.
Details
Unit Tests (Merged PR) Build triggered. sha1 is merged.
Details
@richvdh richvdh deleted the rav/no_more_refresh_tokens branch Dec 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment