lib/warden/jwt_auth/hooks.rb in warden-jwt_auth-0.3.4 vs lib/warden/jwt_auth/hooks.rb in warden-jwt_auth-0.3.5

@@ -16,39 +16,19 @@
       # @see https://github.com/hassox/warden/wiki/Callbacks
       def self.after_set_user(user, auth, opts)
         new.send(:prepare_token, user, auth, opts)
       end
 
-      # Sign out a JWT scope if it comes from the session unless it is an HTML
-      # request
-      #
-      # If a user is meant to be authenticated via JWT, then if it is fetched
-      # from the session during an API request it must be something not intended
-      # to happen and a security threat.
-      #
-      # Workaround until https://github.com/hassox/warden/pull/118 is fixed
-      def self.after_fetch(_user, auth, opts)
-        new.send(:logout_scope, auth, opts)
-      end
-
       private
 
       def prepare_token(user, auth, opts)
         env = auth.env
         scope = opts[:scope]
         return unless token_should_be_added?(scope, env)
         add_token_to_env(user, scope, env)
       end
 
-      # :reek:FeatureEnvy
-      def logout_scope(auth, opts)
-        env = auth.env
-        scope = opts[:scope]
-        return if !jwt_scope?(scope) || EnvHelper.no_api_request?(env)
-        auth.logout(scope)
-      end
-
       def token_should_be_added?(scope, env)
         path_info = EnvHelper.path_info(env)
         method = EnvHelper.request_method(env)
         jwt_scope?(scope) && request_matches?(path_info, method)
       end
@@ -80,10 +60,6 @@
   end
 end
 
 Warden::Manager.after_set_user do |user, auth, opts|
   Warden::JWTAuth::Hooks.after_set_user(user, auth, opts)
-end
-
-Warden::Manager.after_fetch do |user, auth, opts|
-  Warden::JWTAuth::Hooks.after_fetch(user, auth, opts)
 end