Upgrade to PubSubHubbub 0.4 (removing verify_token)

Gemfile.lock

@@ -171,7 +171,7 @@ GEM
       pkg-config (~> 1.1.7)
     oj (2.17.3)
     orm_adapter (0.5.0)
-    ostatus2 (0.2.1)
+    ostatus2 (0.3)
       addressable (~> 2.4)
       http (~> 1.0)
       nokogiri (~> 1.6)

app/controllers/api/subscriptions_controller.rb

@@ -3,7 +3,7 @@ class Api::SubscriptionsController < ApiController
   respond_to :txt
 
   def show
-    if @account.subscription(api_subscription_url(@account.id)).valid?(params['hub.topic'], params['hub.verify_token'])
+    if @account.subscription(api_subscription_url(@account.id)).valid?(params['hub.topic'])
       @account.update(subscription_expires_at: Time.now + (params['hub.lease_seconds'].to_i).seconds)
       render plain: HTMLEntities.new.encode(params['hub.challenge']), status: 200
     else

app/models/account.rb

@@ -66,7 +66,7 @@ class Account < ApplicationRecord
   end
 
   def subscribed?
-    !(self.secret.blank? || self.verify_token.blank?)
+    !self.subscription_expires_at.nil?
   end
 
   def favourited?(status)
@@ -82,7 +82,7 @@ class Account < ApplicationRecord
   end
 
   def subscription(webhook_url)
-    OStatus2::Subscription.new(self.remote_url, secret: self.secret, token: self.verify_token, webhook: webhook_url, hub: self.hub_url)
+    OStatus2::Subscription.new(self.remote_url, secret: self.secret, lease_seconds: 86400 * 30, webhook: webhook_url, hub: self.hub_url)
   end
 
   def ping!(atom_url, hubs)

app/services/subscribe_service.rb

@@ -1,15 +1,12 @@
 class SubscribeService < BaseService
   def call(account)
-    account.secret       = SecureRandom.hex
-    account.verify_token = SecureRandom.hex
+    account.secret = SecureRandom.hex
 
     subscription = account.subscription(api_subscription_url(account.id))
     response = subscription.subscribe
 
     unless response.successful?
-      account.secret       = ''
-      account.verify_token = ''
-
+      account.secret = ''
       Rails.logger.debug "PuSH subscription request for #{account.acct} failed: #{response.message}"
     end
 

db/migrate/20160920003904_remove_verify_token_from_accounts.rb

@@ -0,0 +1,5 @@
+class RemoveVerifyTokenFromAccounts < ActiveRecord::Migration[5.0]
+  def change
+    remove_column :accounts, :verify_token, :string, null: false, default: ''
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160919221059) do
+ActiveRecord::Schema.define(version: 20160920003904) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -18,7 +18,6 @@ ActiveRecord::Schema.define(version: 20160919221059) do
   create_table "accounts", force: :cascade do |t|
     t.string   "username",                default: "", null: false
     t.string   "domain"
-    t.string   "verify_token",            default: "", null: false
     t.string   "secret",                  default: "", null: false
     t.text     "private_key"
     t.text     "public_key",              default: "", null: false

lib/tasks/mastodon.rake

@@ -13,12 +13,13 @@ namespace :mastodon do
     task clear: :environment do
       Account.remote.without_followers.find_each do |a|
         Rails.logger.debug "PuSH unsubscribing from #{a.acct}"
+
         begin
           a.subscription('').unsubscribe
         rescue HTTP::Error, OpenSSL::SSL::SSLError
           Rails.logger.debug "PuSH unsubscribing from #{a.acct} failed due to an HTTP or SSL error"
         ensure
-          a.update!(verify_token: '', secret: '', subscription_expires_at: nil)
+          a.update!(secret: '', subscription_expires_at: nil)
         end
       end
     end

spec/controllers/api/subscriptions_controller_spec.rb

@@ -3,11 +3,11 @@ require 'rails_helper'
 RSpec.describe Api::SubscriptionsController, type: :controller do
   render_views
 
-  let(:account) { Fabricate(:account, username: 'gargron', domain: 'quitter.no', verify_token: '123', remote_url: 'topic_url', secret: 'abc') }
+  let(:account) { Fabricate(:account, username: 'gargron', domain: 'quitter.no', remote_url: 'topic_url', secret: 'abc') }
 
   describe 'GET #show' do
     before do
-      get :show, params: { :id => account.id, 'hub.topic' => 'topic_url', 'hub.verify_token' => 123, 'hub.challenge' => '456' }
+      get :show, params: { :id => account.id, 'hub.topic' => 'topic_url', 'hub.challenge' => '456', 'hub.lease_seconds' => "#{86400 * 30}" }
     end
 
     it 'returns http success' do

spec/models/account_spec.rb

@@ -66,14 +66,12 @@ RSpec.describe Account, type: :model do
   end
 
   describe '#subscribed?' do
-    it 'returns false when no secrets and tokens have been set' do
+    it 'returns false when no subscription expiration information is present' do
       expect(subject.subscribed?).to be false
     end
 
-    it 'returns true when the secret and token have been set' do
-      subject.secret       = 'a'
-      subject.verify_token = 'b'
-
+    it 'returns true when subscription expiration has been set' do
+      subject.subscription_expires_at = 30.days.from_now
       expect(subject.subscribed?).to be true
     end
   end