From dac58839a54fb44aa469f121613b23635ea33c77 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Tue, 1 Feb 2022 23:12:44 +0100
Subject: [PATCH] Remove support for deprecated invite/selfservice/signup links

In 32e40c4, c9873e4, 42338bd the old invite, password reset and mail
verification URL schema was deprecated and replaced with a new schema
that adds a numeric id to the links. Support for the old id-less URLs
is now removed.
---
 uffd/invite/views.py      | 11 -----------
 uffd/selfservice/views.py | 26 --------------------------
 uffd/signup/views.py      | 14 --------------
 3 files changed, 51 deletions(-)

diff --git a/uffd/invite/views.py b/uffd/invite/views.py
index c647e5dc..4a1e7b4c 100644
--- a/uffd/invite/views.py
+++ b/uffd/invite/views.py
@@ -102,17 +102,6 @@ def reset(invite_id):
 	db.session.commit()
 	return redirect(url_for('.index'))
 
-# Deprecated
-@bp.route('/<token>')
-def use_legacy(token):
-	matching_invite = None
-	for invite in Invite.query.filter(Invite.valid_until > datetime.datetime.now().replace(second=0, microsecond=0)):
-		if secrets.compare_digest(invite.token, token):
-			matching_invite = invite
-	if not matching_invite:
-		abort(404)
-	return redirect(url_for('invite.use', invite_id=matching_invite.id, token=token))
-
 @bp.route('/<int:invite_id>/<token>')
 def use(invite_id, token):
 	invite = Invite.query.get(invite_id)
diff --git a/uffd/selfservice/views.py b/uffd/selfservice/views.py
index b194ceca..2be17e32 100644
--- a/uffd/selfservice/views.py
+++ b/uffd/selfservice/views.py
@@ -79,19 +79,6 @@ def forgot_password():
 		send_passwordreset(user)
 	return redirect(url_for('session.login'))
 
-# Deprecated
-@bp.route('/token/password/<token>')
-def token_password_legacy(token):
-	matching_token = None
-	filter_expr = PasswordToken.created >= (datetime.datetime.now() - datetime.timedelta(days=2))
-	for dbtoken in PasswordToken.query.filter(filter_expr):
-		if secrets.compare_digest(dbtoken.token, token):
-			matching_token = dbtoken
-	if not matching_token:
-		flash(_('Token expired, please try again.'))
-		return redirect(url_for('session.login'))
-	return redirect(url_for('token_password', token_id=matching_token.id, token=token))
-
 @bp.route("/token/password/<int:token_id>/<token>", methods=(['POST', 'GET']))
 def token_password(token_id, token):
 	dbtoken = PasswordToken.query.get(token_id)
@@ -120,19 +107,6 @@ def token_password(token_id, token):
 	db.session.commit()
 	return redirect(url_for('session.login'))
 
-# Deprecated
-@bp.route("/token/mail_verification/<token>")
-def token_mail_legacy(token):
-	matching_token = None
-	filter_expr = MailToken.created >= (datetime.datetime.now() - datetime.timedelta(days=2))
-	for dbtoken in MailToken.query.filter(filter_expr):
-		if secrets.compare_digest(dbtoken.token, token):
-			matching_token = dbtoken
-	if not matching_token:
-		flash(_('Token expired, please try again.'))
-		return redirect(url_for('session.login'))
-	return redirect(url_for('mail_password', token_id=matching_token.id, token=token))
-
 @bp.route("/token/mail_verification/<int:token_id>/<token>")
 @login_required(selfservice_acl_check)
 def token_mail(token_id, token):
diff --git a/uffd/signup/views.py b/uffd/signup/views.py
index d5c3ddcf..88cda5f9 100644
--- a/uffd/signup/views.py
+++ b/uffd/signup/views.py
@@ -1,6 +1,5 @@
 import functools
 import secrets
-import datetime
 
 from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app, jsonify
 from flask_babel import gettext as _
@@ -70,19 +69,6 @@ def signup_submit():
 	signup_ratelimit.log(request.form['mail'])
 	return render_template('signup/submitted.html', signup=signup)
 
-# Deprecated
-@bp.route('/confirm/<token>')
-def signup_confirm_legacy(token):
-	matching_signup = None
-	filter_expr = Signup.created >= (datetime.datetime.now() - datetime.timedelta(hours=48))
-	for signup in Signup.query.filter(filter_expr):
-		if secrets.compare_digest(signup.token, token):
-			matching_signup = signup
-	if not matching_signup:
-		flash(_('Invalid signup link'))
-		return redirect(url_for('session.login'))
-	return redirect(url_for('signup.signup_confirm', signup_id=matching_signup.id, token=token))
-
 # signup_confirm* views are always accessible so other modules (e.g. invite) can reuse them
 @bp.route('/confirm/<int:signup_id>/<token>')
 def signup_confirm(signup_id, token):
-- 
GitLab