Remove legacy authorization mechanism, allows to remove challenge service as well (#150)

Author: jbern0rd

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 ## [[NEXT]](https://github.com/iExecBlockchainComputing/iexec-result-proxy/releases/tag/vNEXT) 2025
 
+### Breaking API changes
+
+- Remove legacy authorization mechanism, allows to remove challenge services as well. (#150)
+
 ### Dependency Upgrades
 
 - Upgrade to `eclipse-temurin:17.0.13_11-jre-focal`. (#149)

iexec-result-proxy-library/src/main/java/com/iexec/resultproxy/api/ResultProxyClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2024 IEXEC BLOCKCHAIN TECH
+ * Copyright 2022-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@
 
 import com.iexec.common.result.ResultModel;
 import com.iexec.commons.poco.chain.WorkerpoolAuthorization;
-import com.iexec.commons.poco.eip712.entity.EIP712Challenge;
 import feign.Headers;
 import feign.Param;
 import feign.RequestLine;
@@ -32,20 +31,6 @@
  */
 public interface ResultProxyClient {
 
-    /**
-     * @deprecated Will be replaced with new flow and removed in v10
-     */
-    @Deprecated(forRemoval = true)
-    @RequestLine("GET /results/challenge?chainId={chainId}")
-    EIP712Challenge getChallenge(@Param("chainId") int chainId);
-
-    /**
-     * @deprecated Will be replaced with new flow and removed in v10
-     */
-    @Deprecated(forRemoval = true)
-    @RequestLine("POST /results/login?chainId={chainId}")
-    String login(@Param("chainId") int chainId, String token);
-
     @RequestLine("POST /v1/results/token")
     @Headers("Authorization: {authorization}")
     String getJwt(@Param("authorization") String authorization, WorkerpoolAuthorization workerpoolAuthorization);

src/main/java/com/iexec/resultproxy/challenge/ChallengeService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 IEXEC BLOCKCHAIN TECH
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,11 +17,8 @@
 package com.iexec.resultproxy.proxy;
 
 import com.iexec.common.result.ResultModel;
-import com.iexec.common.security.SignedChallenge;
 import com.iexec.commons.poco.chain.WorkerpoolAuthorization;
-import com.iexec.commons.poco.eip712.entity.EIP712Challenge;
 import com.iexec.resultproxy.authorization.AuthorizationService;
-import com.iexec.resultproxy.challenge.ChallengeService;
 import com.iexec.resultproxy.ipfs.task.IpfsNameService;
 import com.iexec.resultproxy.jwt.JwtService;
 import lombok.extern.slf4j.Slf4j;
@@ -37,56 +34,24 @@
 public class ProxyController {
 
     private final AuthorizationService authorizationService;
-    private final ChallengeService challengeService;
     private final JwtService jwtService;
     private final ProxyService proxyService;
     private final IpfsNameService ipfsNameService;
 
     public ProxyController(AuthorizationService authorizationService,
-                           ChallengeService challengeService,
                            JwtService jwtService,
                            ProxyService proxyService,
                            IpfsNameService ipfsNameService) {
         this.authorizationService = authorizationService;
-        this.challengeService = challengeService;
         this.jwtService = jwtService;
         this.proxyService = proxyService;
         this.ipfsNameService = ipfsNameService;
     }
 
-    /**
-     * @deprecated Use new endpoint with valid {@code WorkerpoolAuthorization}
-     */
-    @Deprecated(forRemoval = true)
-    @GetMapping(value = "/results/challenge")
-    public ResponseEntity<EIP712Challenge> getChallenge(@RequestParam(name = "chainId") Integer chainId) {
-        EIP712Challenge eip712Challenge = challengeService.createChallenge(chainId);
-        return ResponseEntity.ok(eip712Challenge);
-    }
-
-    /**
-     * @deprecated Use new endpoint with valid {@code WorkerpoolAuthorization}
-     */
-    @Deprecated(forRemoval = true)
-    @PostMapping(value = "/results/login")
-    public ResponseEntity<String> login(@RequestParam(name = "chainId") Integer chainId,
-                                        @RequestBody String token) {
-        SignedChallenge signedChallenge = challengeService.tokenToSignedChallengeObject(token);
-        if (!challengeService.isSignedChallengeValid(signedChallenge)) {
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
-        }
-
-        String jwtString = jwtService.getOrCreateJwt(signedChallenge.getWalletAddress());
-        if (jwtString == null || jwtString.isEmpty()) {
-            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
-        }
-
-        challengeService.invalidateChallenge(signedChallenge.getChallengeHash());
-        return ResponseEntity.ok(jwtString);
-    }
-
     /**
      * Logs against Result Proxy with valid {@code WorkerpoolAuthorization}.
+     * <p>
+     * The address of the signer needs to be stored in the {@code workerWallet} field of {@code WorkerpoolAuthorization}
      */
     @PostMapping("/v1/results/token")
     public ResponseEntity<String> getJwt(@RequestHeader("Authorization") String authorization,
@@ -104,16 +69,6 @@ public ResponseEntity<String> getJwt(@RequestHeader("Authorization") String auth
         return ResponseEntity.ok(jwtString);
     }
 
-    /**
-     * @deprecated Use {@code /v1/results} endpoint, will be removed in v10
-     */
-    @Deprecated(forRemoval = true)
-    @PostMapping("/")
-    public ResponseEntity<String> addResultDeprecated(@RequestHeader("Authorization") String token,
-                                                      @RequestBody ResultModel model) {
-        return addResult(token, model);
-    }
-
     /**
      * Push result on IPFS through iExec Result Proxy.
      *
@@ -152,16 +107,6 @@ public ResponseEntity<String> addResult(@RequestHeader("Authorization") String t
         return ok(resultLink);
     }
 
-    /**
-     * @deprecated Use {@code /v1/results/{chainTaskId}} endpoint, will be removed in v10
-     */
-    @Deprecated(forRemoval = true)
-    @RequestMapping(method = RequestMethod.HEAD, path = "/results/{chainTaskId}")
-    public ResponseEntity<String> isResultUploadedDeprecated(@PathVariable(name = "chainTaskId") String chainTaskId,
-                                                             @RequestHeader("Authorization") String token) {
-        return isResultUploaded(chainTaskId, token);
-    }
-
     /**
      * Checks if a given task has been uploaded on IPFS through the current iExec Result Proxy instance.
      *
@@ -186,15 +131,6 @@ public ResponseEntity<String> isResultUploaded(@PathVariable(name = "chainTaskId
         return ResponseEntity.status(status).build();
     }
 
-    /**
-     * @deprecated Use {@code /v1/results/{chainTaskId}/ipfshash} endpoint, will be removed in v10
-     */
-    @Deprecated(forRemoval = true)
-    @GetMapping("/results/{chainTaskId}/ipfshash")
-    public ResponseEntity<String> getIpfsHashForTaskDeprecated(@PathVariable("chainTaskId") String chainTaskId) {
-        return getIpfsHashForTask(chainTaskId);
-    }
-
     /**
      * Retrieves ipfsHash for taskId if required
      *