[server] Remove unused endpoint (#4772)

## Description

No logs for request in last 30 days and client code also don't refer to
this endpoint.

## Tests

server/cmd/museum/main.go

@@ -496,7 +496,6 @@ func main() {
 	privateAPI.POST("/users/two-factor/disable", userHandler.DisableTwoFactor)
 	privateAPI.PUT("/users/attributes", userHandler.SetAttributes)
 	privateAPI.PUT("/users/email-mfa", userHandler.UpdateEmailMFA)
-	privateAPI.PUT("/users/keys", userHandler.UpdateKeys)
 	privateAPI.POST("/users/srp/setup", userHandler.SetupSRP)
 	privateAPI.POST("/users/srp/complete", userHandler.CompleteSRPSetup)
 	privateAPI.POST("/users/srp/update", userHandler.UpdateSrpAndKeyAttributes)

server/pkg/api/user.go

@@ -105,23 +105,6 @@ func (h *UserHandler) UpdateEmailMFA(c *gin.Context) {
 	c.Status(http.StatusOK)
 }
 
-// UpdateKeys updates the user key attributes on password change
-func (h *UserHandler) UpdateKeys(c *gin.Context) {
-	userID := auth.GetUserID(c.Request.Header)
-	var request ente.UpdateKeysRequest
-	if err := c.ShouldBindJSON(&request); err != nil {
-		handler.Error(c, stacktrace.Propagate(err, ""))
-		return
-	}
-	token := auth.GetToken(c)
-	err := h.UserController.UpdateKeys(c, userID, request, token)
-	if err != nil {
-		handler.Error(c, stacktrace.Propagate(err, ""))
-		return
-	}
-	c.Status(http.StatusOK)
-}
-
 // SetRecoveryKey sets the recovery key attributes for a user.
 func (h *UserHandler) SetRecoveryKey(c *gin.Context) {
 	userID := auth.GetUserID(c.Request.Header)

server/pkg/controller/user/user.go

@@ -184,31 +184,6 @@ func (c *UserController) UpdateEmailMFA(context *gin.Context, userID int64, isEn
 	return c.UserAuthRepo.UpdateEmailMFA(context, userID, isEnabled)
 }
 
-// UpdateKeys updates the user keys on password change
-func (c *UserController) UpdateKeys(context *gin.Context, userID int64,
-	request ente.UpdateKeysRequest, token string) error {
-	/*
-		todo: send email to the user on password change and may be keep history of old keys for X days.
-			History will allow easy recovery of the account when password is changed by a bad actor
-	*/
-	isSRPSetupDone, err := c.UserAuthRepo.IsSRPSetupDone(context, userID)
-	if err != nil {
-		return err
-	}
-	if isSRPSetupDone {
-		return stacktrace.Propagate(ente.NewBadRequestWithMessage("Need to upgrade client"), "can not use old API to change password after SRP is setup")
-	}
-	err = c.UserRepo.UpdateKeys(userID, request)
-	if err != nil {
-		return stacktrace.Propagate(err, "")
-	}
-	err = c.UserAuthRepo.RemoveAllOtherTokens(userID, token)
-	if err != nil {
-		return stacktrace.Propagate(err, "")
-	}
-	return nil
-}
-
 // SetRecoveryKey sets the recovery key attributes for a user, if not already set
 func (c *UserController) SetRecoveryKey(userID int64, request ente.SetRecoveryKeyRequest) error {
 	keyAttr, keyErr := c.UserRepo.GetKeyAttributes(userID)

server/pkg/repo/user.go

@@ -265,13 +265,6 @@ func (repo *UserRepository) SetKeyAttributes(userID int64, keyAttributes ente.Ke
 	return stacktrace.Propagate(err, "")
 }
 
-// UpdateKeys sets the keys of a user
-func (repo *UserRepository) UpdateKeys(userID int64, keys ente.UpdateKeysRequest) error {
-	_, err := repo.DB.Exec(`UPDATE key_attributes SET kek_salt = $1, encrypted_key = $2, key_decryption_nonce = $3, mem_limit = $4, ops_limit = $5 WHERE user_id = $6`,
-		keys.KEKSalt, keys.EncryptedKey, keys.KeyDecryptionNonce, keys.MemLimit, keys.OpsLimit, userID)
-	return stacktrace.Propagate(err, "")
-}
-
 // SetRecoveryKeyAttributes sets the recovery key and related attributes for a user
 func (repo *UserRepository) SetRecoveryKeyAttributes(userID int64, keys ente.SetRecoveryKeyRequest) error {
 	_, err := repo.DB.Exec(`UPDATE key_attributes SET master_key_encrypted_with_recovery_key = $1, master_key_decryption_nonce = $2, recovery_key_encrypted_with_master_key = $3, recovery_key_decryption_nonce = $4 WHERE user_id = $5`,