From ad8d2b00a686b277d9a647966f3b118cfc8dafa5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Thu, 15 Feb 2024 20:34:14 +0100
Subject: [PATCH] Expire ApiKey without validation. (#4456)

---
 app/models/api_key.rb    |  5 ++++-
 test/models/user_test.rb | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/app/models/api_key.rb b/app/models/api_key.rb
index b9801e9ef4a..919f5ad5507 100644
--- a/app/models/api_key.rb
+++ b/app/models/api_key.rb
@@ -103,7 +103,10 @@ def expired?
   end
 
   def expire!
-    update!(expires_at: Time.current)
+    transaction do
+      update_column(:expires_at, Time.current)
+      record_expire_event
+    end
   end
 
   private
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index cd417db467f..6b5627beb2d 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -850,6 +850,24 @@ class UserTest < ActiveSupport::TestCase
     end
   end
 
+  context "block invalid legacy user" do
+    setup do
+      @user = create(:user, handle: "MikeJudge")
+      @api_key = create(:api_key, owner: @user)
+
+      # simulate legacy invalid api key
+      @api_key.update_columns(show_dashboard: true, add_owner: true)
+
+      refute_predicate @api_key, :valid?
+    end
+
+    should "block user anyway" do
+      assert_changed(@user, :email, :password, :api_key, :remember_token) do
+        @user.block!
+      end
+    end
+  end
+
   context ".normalize_email" do
     should "return the normalized email" do
       assert_equal "user@example.com", User.normalize_email(:"UsEr@ example . COM")