Remove PersonalAccessTokensFinder#find_by methoduse_tokenauthenticatable_method_for_token_lookup

find_by_token is overriden by TokenAuthenticatable which can be easily
missed or confused with #find_by(:token) defined by ActiveRecord. First
step for safer usage is to remove #find_by.

5 files changed, 11 insertions, 14 deletions

diff --git a/app/finders/personal_access_tokens_finder.rb b/app/finders/personal_access_tokens_finder.rb
index 81fd3b7a547..bd95dcd323f 100644
--- a/app/finders/personal_access_tokens_finder.rb
+++ b/app/finders/personal_access_tokens_finder.rb
@@ -3,7 +3,7 @@
 class PersonalAccessTokensFinder
   attr_accessor :params
 
-  delegate :build, :find, :find_by, :find_by_token, to: :execute
+  delegate :build, :find, :find_by_id, :find_by_token, to: :execute
 
   def initialize(params = {})
     @params = params
diff --git a/app/models/user.rb b/app/models/user.rb
index cc2cd1b7723..728ed7c0ef7 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -460,12 +460,6 @@ class User < ActiveRecord::Base
       by_username(username).take!
     end
 
-    def find_by_personal_access_token(token_string)
-      return unless token_string
-
-      PersonalAccessTokensFinder.new(state: 'active').find_by_token(token_string)&.user # rubocop: disable CodeReuse/Finder
-    end
-
     # Returns a user for the given SSH key.
     def find_by_ssh_key_id(key_id)
       Key.find_by(id: key_id)&.user
diff --git a/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml b/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml
new file mode 100644
index 00000000000..d4d78a2fd06
--- /dev/null
+++ b/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml
@@ -0,0 +1,5 @@
+---
+title: Remove PersonalAccessTokensFinder#find_by method
+merge_request: 22617
+author:
+type: fixed
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 47382b09207..2a56506f3a5 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -512,11 +512,9 @@ module API
               PersonalAccessTokensFinder.new({ user: user, impersonation: true }.merge(options))
             end
 
-            # rubocop: disable CodeReuse/ActiveRecord
             def find_impersonation_token
-              finder.find_by(id: declared_params[:impersonation_token_id]) || not_found!('Impersonation Token')
+              finder.find_by_id(declared_params[:impersonation_token_id]) || not_found!('Impersonation Token')
             end
-            # rubocop: enable CodeReuse/ActiveRecord
           end
 
           before { authenticated_as_admin! }
diff --git a/spec/finders/personal_access_tokens_finder_spec.rb b/spec/finders/personal_access_tokens_finder_spec.rb
index 3f22b3a253d..3e849c9a644 100644
--- a/spec/finders/personal_access_tokens_finder_spec.rb
+++ b/spec/finders/personal_access_tokens_finder_spec.rb
@@ -92,7 +92,7 @@ describe PersonalAccessTokensFinder do
       end
 
       describe 'with id' do
-        subject { finder(params).find_by(id: active_personal_access_token.id) }
+        subject { finder(params).find_by_id(active_personal_access_token.id) }
 
         it { is_expected.to eq(active_personal_access_token) }
 
@@ -106,7 +106,7 @@ describe PersonalAccessTokensFinder do
       end
 
       describe 'with token' do
-        subject { finder(params).find_by(token: active_personal_access_token.token) }
+        subject { finder(params).find_by_token(active_personal_access_token.token) }
 
         it { is_expected.to eq(active_personal_access_token) }
 
@@ -207,7 +207,7 @@ describe PersonalAccessTokensFinder do
       end
 
       describe 'with id' do
-        subject { finder(params).find_by(id: active_personal_access_token.id) }
+        subject { finder(params).find_by_id(active_personal_access_token.id) }
 
         it { is_expected.to eq(active_personal_access_token) }
 
@@ -221,7 +221,7 @@ describe PersonalAccessTokensFinder do
       end
 
       describe 'with token' do
-        subject { finder(params).find_by(token: active_personal_access_token.token) }
+        subject { finder(params).find_by_token(active_personal_access_token.token) }
 
         it { is_expected.to eq(active_personal_access_token) }