Remove PersonalAccessTokensFinder#find_by method

find_by_token is overriden by TokenAuthenticatable which can be easily missed or confused with #find_by(:token) defined by ActiveRecord. First step for safer usage is to remove #find_by.

Remove PersonalAccessTokensFinder#find_by method
8d900ade · Imre (Admin) · ef220c4d · 8d900ade · 8d900ade · 8d900ade
Unverified Commit 8d900ade authored 6 years ago by Imre (Admin)
--- a/app/finders/personal_access_tokens_finder.rb
+++ b/app/finders/personal_access_tokens_finder.rb
@@ -3,7 +3,7 @@
 class PersonalAccessTokensFinder
  attr_accessor :params
  
-  delegate :build, :find, :find_by, :find_by_token, to: :execute
+  delegate :build, :find, :find_by_id, :find_by_token, to: :execute
  
  def initialize(params = {})
    @params = params

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -460,12 +460,6 @@ class User < ActiveRecord::Base
      by_username(username).take!
    end
  
-    def find_by_personal_access_token(token_string)
-      return unless token_string
-
-      PersonalAccessTokensFinder.new(state: 'active').find_by_token(token_string)&.user # rubocop: disable CodeReuse/Finder
-    end
-
    # Returns a user for the given SSH key.
    def find_by_ssh_key_id(key_id)
      Key.find_by(id: key_id)&.user

--- a/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml
+++ b/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml
+---
+title: Remove PersonalAccessTokensFinder#find_by method
+merge_request: 22617
+author:
+type: fixed
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -512,11 +512,9 @@ module API
              PersonalAccessTokensFinder.new({ user: user, impersonation: true }.merge(options))
            end
  
-            # rubocop: disable CodeReuse/ActiveRecord
            def find_impersonation_token
-              finder.find_by(id: declared_params[:impersonation_token_id]) || not_found!('Impersonation Token')
+              finder.find_by_id(declared_params[:impersonation_token_id]) || not_found!('Impersonation Token')
            end
-            # rubocop: enable CodeReuse/ActiveRecord
          end
  
          before { authenticated_as_admin! }

--- a/spec/finders/personal_access_tokens_finder_spec.rb
+++ b/spec/finders/personal_access_tokens_finder_spec.rb
@@ -92,7 +92,7 @@ describe PersonalAccessTokensFinder do
      end
  
      describe 'with id' do
-        subject { finder(params).find_by(id: active_personal_access_token.id) }
+        subject { finder(params).find_by_id(active_personal_access_token.id) }
  
        it { is_expected.to eq(active_personal_access_token) }
  
@@ -106,7 +106,7 @@ describe PersonalAccessTokensFinder do
      end
  
      describe 'with token' do
-        subject { finder(params).find_by(token: active_personal_access_token.token) }
+        subject { finder(params).find_by_token(active_personal_access_token.token) }
  
        it { is_expected.to eq(active_personal_access_token) }
  
@@ -207,7 +207,7 @@ describe PersonalAccessTokensFinder do
      end
  
      describe 'with id' do
-        subject { finder(params).find_by(id: active_personal_access_token.id) }
+        subject { finder(params).find_by_id(active_personal_access_token.id) }
  
        it { is_expected.to eq(active_personal_access_token) }
  
@@ -221,7 +221,7 @@ describe PersonalAccessTokensFinder do
      end
  
      describe 'with token' do
-        subject { finder(params).find_by(token: active_personal_access_token.token) }
+        subject { finder(params).find_by_token(active_personal_access_token.token) }
  
        it { is_expected.to eq(active_personal_access_token) }