From 7e4ffb6ffc9ee4d6d4bd9462a2869378add62d7d Mon Sep 17 00:00:00 2001
From: Nathan Mills <nathanm@instructure.com>
Date: Wed, 7 Oct 2015 12:33:18 -0600
Subject: [PATCH] remove expiration code for oauth tokens

test-plan:
when you get an access via oauth2 token you shouldn't get an expiration, and it shouldn't be set in the db

Change-Id: Ie0b15b54ef789b9a94b726026c09fe9497f0adc5
Reviewed-on: https://gerrit.instructure.com/64749
Reviewed-by: Brad Horrocks <bhorrocks@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
---
 lib/canvas/oauth/token.rb                     | 18 +----------
 .../oauth2_provider_controller_spec.rb        |  2 +-
 spec/lib/canvas/oauth/token_spec.rb           | 30 +------------------
 3 files changed, 3 insertions(+), 47 deletions(-)

diff --git a/lib/canvas/oauth/token.rb b/lib/canvas/oauth/token.rb
index 2e0bdfedaf5..487d1277e86 100644
--- a/lib/canvas/oauth/token.rb
+++ b/lib/canvas/oauth/token.rb
@@ -54,7 +54,7 @@ module Canvas::Oauth
         user.access_tokens.where(developer_key_id: key).destroy_all if replace_tokens || key.replace_tokens
 
         # Then create a new one
-        @access_token = user.access_tokens.create!({:developer_key => key, :remember_access => remember_access?, :scopes => scopes, :purpose => purpose, expires_at: expiration_date})
+        @access_token = user.access_tokens.create!({:developer_key => key, :remember_access => remember_access?, :scopes => scopes, :purpose => purpose})
 
         @access_token.clear_full_token! if @access_token.scoped_to?(['userinfo'])
         @access_token.clear_plaintext_refresh_token! if @access_token.scoped_to?(['userinfo'])
@@ -80,7 +80,6 @@ module Canvas::Oauth
         'refresh_token' => access_token.plaintext_refresh_token,
         'user' => user.as_json(:only => [:id, :name], :include_root => false)
       }
-      json['expires_in'] = access_token.expires_at.utc.to_time.to_i - Time.now.utc.to_i if access_token.expires_at
       json
     end
 
@@ -112,20 +111,5 @@ module Canvas::Oauth
       Canvas.redis.del "#{REDIS_PREFIX}#{code}"
     end
 
-    private
-
-    # This is a temporary measure to start letting developers know that they will need to start using refresh tokens on
-    # June 30th 2016. It will short circuit starting June 29th 2016 at 23:00 UTC. It should be removed after that
-    # date, and have tokens expire an hour after generation.
-    def expiration_date
-      now = DateTime.now
-      if now > DateTime.parse('2016-06-29T00:00:00+00:00')  #This should be the default behaviour after June 30th 2016
-        now + 1.hour
-      else
-        expires_at = DateTime.parse('2016-06-30T00:00:00+00:00')
-        expires_at.change(hour: now.hour, min: now.minute)
-      end
-    end
-
   end
 end
diff --git a/spec/controllers/oauth2_provider_controller_spec.rb b/spec/controllers/oauth2_provider_controller_spec.rb
index 877140aaa01..eb1953124f6 100644
--- a/spec/controllers/oauth2_provider_controller_spec.rb
+++ b/spec/controllers/oauth2_provider_controller_spec.rb
@@ -133,7 +133,7 @@ describe Oauth2ProviderController do
       Canvas.stubs(:redis => redis)
       get :token, :client_id => key.id, :client_secret => key.api_key, :code => valid_code
       expect(response).to be_success
-      expect(JSON.parse(response.body).keys.sort).to eq ['access_token',  'expires_in', 'refresh_token', 'user']
+      expect(JSON.parse(response.body).keys.sort).to match_array(['access_token',  'refresh_token', 'user'])
     end
 
     it 'deletes existing tokens for the same key when replace_tokens=1' do
diff --git a/spec/lib/canvas/oauth/token_spec.rb b/spec/lib/canvas/oauth/token_spec.rb
index 45758254a9c..2d76cd8d90a 100644
--- a/spec/lib/canvas/oauth/token_spec.rb
+++ b/spec/lib/canvas/oauth/token_spec.rb
@@ -148,16 +148,8 @@ module Canvas::Oauth
         expect(json['user']).to eq user.as_json(:only => [:id, :name], :include_root => false)
       end
 
-      it 'returns the expires_in parameter' do
-        Time.stubs(:now).returns(DateTime.parse('2015-07-10T09:29:00+00:00').utc.to_time)
-        access_token = token.access_token
-        access_token.expires_at = DateTime.parse('2015-07-10T10:29:00+00:00')
-        access_token.save!
-        expect(json['expires_in']).to eq 3600
-      end
-
       it 'does not put anything else into the json' do
-        expect(json.keys.sort).to eq ['access_token', 'expires_in', 'refresh_token', 'user']
+        expect(json.keys.sort).to match_array(['access_token', 'refresh_token', 'user'])
       end
 
     end
@@ -191,25 +183,5 @@ module Canvas::Oauth
       end
     end
 
-    context "token expiration" do
-      context "interim June 30th 2016 expiration default" do
-        it "sets the default expiration for new tokens to be on June 30th 2016 before 2016-06-29T23:00:00+00:00" do
-          DateTime.stubs(:now).returns(DateTime.parse('2016-06-20T00:00:00+00:00'))
-          expect(token.access_token.expires_at.utc.iso8601).to eq('2016-06-30T00:00:00+00:00')
-        end
-
-        it "uses the curent hour and minute for setting the expiration on June 30th 2016" do
-          DateTime.stubs(:now).returns(DateTime.parse('2015-07-10T09:29:00+00:00'))
-          expect(token.access_token.expires_at.utc.iso8601).to eq('2016-06-30T09:29:00+00:00')
-        end
-
-        it "starts expiring tokens in 1 hour intervals at 2016-06-29T23:00:00+00:00" do
-          DateTime.stubs(:now).returns(DateTime.parse('2016-06-29T23:01:00+00:00'))
-          expect(token.access_token.expires_at.utc.iso8601).to eq('2016-06-30T00:01:00+00:00')
-        end
-
-      end
-    end
-
   end
 end