sessions: remove legacy user_name / password_hash cookies.

Remove support for logging in with the deprecated user_name /
password_hash cookies. Followup to 320ff01e0.

test/functional/maintenance/user/api_keys_controller_test.rb

@@ -23,25 +23,6 @@ module Maintenance
               assert_response :success
             end
 
-            # hard to test this in integrationtest
-            # context "if the user doesn't already have an api key" do
-            #   setup do
-            #     ::User.any_instance.stubs(:api_key).returns(nil)
-            #     cookies[:user_name] = @user.name
-            #     cookies[:password_hash] = @user.bcrypt_cookie_password_hash
-            #   end
-
-            #   should "generate one" do
-            #     ApiKey.expects(:generate!)
-
-            #     assert_difference("ApiKey.count", 1) do
-            #       post view_maintenance_user_api_key_path(user_id: @user.id), params: {user: {password: "password"}}
-            #     end
-
-            #     assert_not_nil(@user.reload.api_key)
-            #   end
-            # end
-
             should "not generate another API key if the user already has one" do
               assert_difference("ApiKey.count", 0) do
                 post_auth view_maintenance_user_api_key_path(user_id: @user.id), @user, params: {user: {password: "password"}}

test/unit/user_test.rb

@@ -151,15 +151,6 @@ class UserTest < ActiveSupport::TestCase
     end
 
     context "password" do
-      should "match the cookie hash" do
-        @user = FactoryBot.create(:user)
-        @user.password = "zugzug5"
-        @user.password_confirmation = "zugzug5"
-        @user.save
-        @user.reload
-        assert(User.authenticate_cookie_hash(@user.name, @user.bcrypt_cookie_password_hash))
-      end
-
       should "match the confirmation" do
         @user = FactoryBot.create(:user)
         @user.old_password = "password"