Remove authentication using user.private_token

1 files changed, 6 insertions, 16 deletions

diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 87b9db66efd..0ff376bbab6 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -44,7 +44,7 @@ module API
     module HelperMethods
       def find_current_user
         user =
-          find_user_from_private_token ||
+          find_user_from_personal_access_token ||
           find_user_from_oauth_token ||
           find_user_from_warden
 
@@ -61,13 +61,14 @@ module API
 
       private
 
-      def find_user_from_private_token
+      def find_user_from_personal_access_token
         token_string = private_token.to_s
         return nil unless token_string.present?
 
-        user =
-          find_user_by_authentication_token(token_string) ||
-          find_user_by_personal_access_token(token_string)
+        access_token = PersonalAccessToken.find_by_token(token_string)
+        raise UnauthorizedError unless access_token
+
+        user = find_user_by_access_token(access_token)
 
         raise UnauthorizedError unless user
 
@@ -99,17 +100,6 @@ module API
         find_user_by_access_token(access_token)
       end
 
-      def find_user_by_authentication_token(token_string)
-        User.find_by_authentication_token(token_string)
-      end
-
-      def find_user_by_personal_access_token(token_string)
-        access_token = PersonalAccessToken.find_by_token(token_string)
-        return unless access_token
-
-        find_user_by_access_token(access_token)
-      end
-
       # Check the Rails session for valid authentication details
       def find_user_from_warden
         warden.try(:authenticate) if verified_request?