misc: remove dead logged-in JSONP endpoint (#88195)

2024-03-14 17:10:30 +01:00 · 2024-03-14 17:10:30 +01:00 · 4dc8f6aab7
parent 95701c5e76
commit 4dc8f6aab7
3 changed files with 1 additions and 33 deletions
--- a/src/authentic2/app_settings.py
+++ b/src/authentic2/app_settings.py
@ -177,7 +177,6 @@ default_settings = dict(
        default=True, definition='Check username uniqueness on registration'
    ),
    IDP_BACKENDS=(),
-    VALID_REFERERS=Setting(default=(), definition='List of prefix to match referers'),
    A2_OPENED_SESSION_COOKIE_NAME=Setting(default='A2_OPENED_SESSION', definition='Authentic session open'),
    A2_OPENED_SESSION_COOKIE_DOMAIN=Setting(default=None),
    A2_ATTRIBUTE_KINDS=Setting(default=(), definition='List of other attribute kinds'),
--- a/src/authentic2/urls.py
+++ b/src/authentic2/urls.py
@ -50,7 +50,6 @@ accounts_urlpatterns = [
        views.ValidateDeletionView.as_view(),
        name='validate_deletion',
    ),
-    path('logged-in/', views.logged_in, name='logged-in'),
    path('edit/', views.edit_profile, name='profile_edit'),
    path('edit/required/', views.edit_required_profile, name='profile_required_edit'),
    re_path(r'^edit/(?P<scope>[-\w]+)/$', views.edit_profile, name='profile_edit_with_scope'),
--- a/src/authentic2/views.py
+++ b/src/authentic2/views.py
@ -33,13 +33,7 @@ from django.db.models import Count
 from django.db.models.query import Q
 from django.db.transaction import atomic
 from django.forms import CharField
-from django.http import (
-    Http404,
-    HttpResponse,
-    HttpResponseBadRequest,
-    HttpResponseForbidden,
-    HttpResponseRedirect,
-)
+from django.http import Http404, HttpResponseBadRequest, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render
 from django.template import loader
 from django.template.loader import render_to_string
@ -1074,30 +1068,6 @@ def login_password_profile(request, *args, **kwargs):
    )


-class LoggedInView(View):
-    '''JSONP web service to detect if an user is logged'''
-
-    http_method_names = ['get']
-
-    def check_referrer(self):
-        '''Check if the given referer is authorized'''
-        referer = self.request.headers.get('Referer', '')
-        for valid_referer in app_settings.VALID_REFERERS:
-            if referer.startswith(valid_referer):
-                return True
-        return False
-
-    def get(self, request, *args, **kwargs):
-        if not self.check_referrer():
-            return HttpResponseForbidden()
-        callback = request.GET.get('callback')
-        content = f'{callback}({int(request.user.is_authenticated)})'
-        return HttpResponse(content, content_type='application/json')
-
-
-logged_in = never_cache(LoggedInView.as_view())
-
-
 def csrf_failure_view(request, reason=''):
    messages.warning(request, _('The page is out of date, it was reloaded for you'))
    return HttpResponseRedirect(request.get_full_path())