Revert "Merge pull request ManageIQ#178 from abellotti/api_onetime_sy…

…stem_token" This reverts commit e8c018b, reversing changes made to 9a2767c.
abellotti · Nov 20, 2017 · 28b92fa · 28b92fa
1 parent 9d11c25
commit 28b92fa
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 28 deletions.
diff --git a/app/controllers/api/base_controller/authentication.rb b/app/controllers/api/base_controller/authentication.rb
@@ -1,8 +1,6 @@
 module Api
   class BaseController
     module Authentication
-      SYSTEM_TOKEN_ALLOWED_TIME_SKEW = 5.minutes
-
       #
       # REST APIs Authenticator and Redirector
       #
@@ -80,8 +78,6 @@ def authenticate_with_user_token(auth_token)
       end
 
       def authenticate_with_system_token(x_miq_token)
-        validate_system_token_otp(x_miq_token)
-
         @miq_token_hash = YAML.load(MiqPassword.decrypt(x_miq_token))
 
         validate_system_token_server(@miq_token_hash[:server_guid])
@@ -106,14 +102,7 @@ def validate_system_token_server(server_guid)
 
       def validate_system_token_timestamp(timestamp)
         raise "Missing timestamp" if timestamp.blank?
-        raise "Invalid timestamp #{timestamp} specified" if SYSTEM_TOKEN_ALLOWED_TIME_SKEW.ago.utc > timestamp
-      end
-
-      def validate_system_token_otp(x_miq_token)
-        token_store = TokenStore.acquire("api_system_token_otp", SYSTEM_TOKEN_ALLOWED_TIME_SKEW)
-        token_used_timestamp = token_store.read(x_miq_token)
-        raise "System Token was already used at #{token_used_timestamp}" if token_used_timestamp
-        token_store.write(x_miq_token, Time.now.getlocal)
+        raise "Invalid timestamp #{timestamp} specified" if 5.minutes.ago.utc > timestamp
       end
     end
   end

diff --git a/spec/requests/authentication_spec.rb b/spec/requests/authentication_spec.rb
@@ -342,22 +342,6 @@ def systoken(server_guid, userid, timestamp)
       expect(response).to have_http_status(:ok)
       expect_result_to_have_keys(ENTRYPOINT_KEYS)
     end
-
-    it "authentication using a valid token succeeds only once" do
-      miq_token = systoken(MiqServer.first.guid, @user.userid, Time.now.utc)
-
-      get api_entrypoint_url, :headers => {Api::HttpHeaders::MIQ_TOKEN => miq_token}
-
-      expect(response).to have_http_status(:ok)
-      expect_result_to_have_keys(ENTRYPOINT_KEYS)
-
-      get api_entrypoint_url, :headers => {Api::HttpHeaders::MIQ_TOKEN => miq_token}
-
-      expect(response).to have_http_status(:unauthorized)
-      expect(response.parsed_body).to include(
-        "error" => a_hash_including("kind" => "unauthorized", "message" => AUTHENTICATION_ERROR)
-      )
-    end
   end
 
   context "Role Based Authorization" do