Remove graphql_minimal_auth_methods FpF

Changelog: fixed

config/feature_flags/ops/graphql_minimal_auth_methods.yml

----
-name: graphql_minimal_auth_methods
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/438462
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150407
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/444929
-milestone: '17.0'
-group: group::authentication
-type: ops
-default_enabled: true
\ No newline at end of file

doc/api/graphql/index.md

@@ -66,9 +66,6 @@ If the authentication information is not valid, GitLab returns an error message
 
 #### Token authentication
 
-> - Authentication method restrictions [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150407) in GitLab 17.0 [with a flag](../../administration/feature_flags.md) named `graphql_minimal_auth_methods` and backported to GitLab 17.0.3 and GitLab 16.11.5. Disabled by default in 17.0.
-> - Flag enabled by default in 17.0.3 and 16.11.5, therefore restrictions are enforced in these versions and later.
-
 Use any of the following tokens to authenticate with the GraphQL API:
 
 - [OAuth 2.0 tokens](../../api/oauth2.md)

ee/spec/controllers/ee/graphql_controller_spec.rb

@@ -15,16 +15,6 @@
     it 'succeeds' do
       expect(response).to be_successful
     end
-
-    context 'when graphql_minimal_auth_methods is disabled' do
-      before do
-        stub_feature_flags(graphql_minimal_auth_methods: false)
-      end
-
-      it 'fails' do
-        expect(response).not_to be_successful
-      end
-    end
   end
 
   context 'when user uses a read_user scope API token' do

lib/gitlab/auth/request_authenticator.rb

@@ -68,12 +68,8 @@ def valid_access_token?(scopes: [])
       #
       # Overridden in EE
       def find_user_for_graphql_api_request
-        if Feature.enabled? :graphql_minimal_auth_methods # rubocop:disable Gitlab/FeatureFlagWithoutActor -- reverting MR
-          find_user_from_web_access_token(:api, scopes: graphql_authorization_scopes) ||
-            find_user_from_personal_access_token_for_api_or_git
-        else
-          find_user_from_any_authentication_method(:api)
-        end
+        find_user_from_web_access_token(:api, scopes: graphql_authorization_scopes) ||
+          find_user_from_personal_access_token_for_api_or_git
       end
 
       # Overridden in EE

spec/requests/api/graphql_spec.rb

@@ -531,18 +531,6 @@
 
             expect(graphql_data['currentUser']).to be_nil
           end
-
-          context 'when graphql_minimal_auth_methods FF is disabled' do
-            before do
-              stub_feature_flags(graphql_minimal_auth_methods: false)
-            end
-
-            it 'authenticates users with an LFS token' do
-              post '/api/graphql.git', params: { query: query }, headers: headers
-
-              expect(graphql_data['currentUser']['username']).to eq(user.username)
-            end
-          end
         end
 
         describe 'with job token' do
@@ -560,18 +548,6 @@
 
             expect_graphql_errors_to_include(/Invalid token/)
           end
-
-          context 'when graphql_minimal_auth_methods FF is disabled' do
-            before do
-              stub_feature_flags(graphql_minimal_auth_methods: false)
-            end
-
-            it 'authenticates as the user' do
-              post '/api/graphql', params: { query: query, job_token: job_token }
-
-              expect(graphql_data['currentUser']['username']).to eq(user.username)
-            end
-          end
         end
 
         describe 'with static object token' do
@@ -590,25 +566,6 @@
 
             expect_graphql_errors_to_include(/Invalid token/)
           end
-
-          # context is included to demonstrate that the FF code is not changing this behavior
-          context 'when graphql_minimal_auth_methods FF is disabled' do
-            before do
-              stub_feature_flags(graphql_minimal_auth_methods: false)
-            end
-
-            it 'does not authenticate user from header' do
-              post '/api/graphql', params: { query: query }, headers: headers
-
-              expect(graphql_data['currentUser']).to be_nil
-            end
-
-            it 'does not authenticate user from parameter' do
-              post "/api/graphql?token=#{user.static_object_token}", params: { query: query }
-
-              expect_graphql_errors_to_include(/Invalid token/)
-            end
-          end
         end
 
         describe 'with dependency proxy token' do
@@ -629,25 +586,6 @@
 
             expect_graphql_errors_to_include(/Invalid token/)
           end
-
-          # context is included to demonstrate that the FF code is not changing this behavior
-          context 'when graphql_minimal_auth_methods FF is disabled' do
-            before do
-              stub_feature_flags(graphql_minimal_auth_methods: false)
-            end
-
-            it 'does not authenticate user from dependency proxy token in headers' do
-              post '/api/graphql', params: { query: query }, headers: headers
-
-              expect_graphql_errors_to_include(/Invalid token/)
-            end
-
-            it 'does not authenticate user from dependency proxy token in parameter' do
-              post "/api/graphql?access_token=#{token}", params: { query: query }
-
-              expect_graphql_errors_to_include(/Invalid token/)
-            end
-          end
         end
       end