--- a/kallithea/lib/auth.py	Sun Jul 21 23:34:47 2019 +0200
+++ b/kallithea/lib/auth.py	Tue Aug 06 22:50:03 2019 +0200
@@ -35,7 +35,6 @@
 
 from tg import request, session
 from tg.i18n import ugettext as _
-from webhelpers.pylonslib import secure_form
 from sqlalchemy.orm.exc import ObjectDeletedError
 from sqlalchemy.orm import joinedload
 from webob.exc import HTTPFound, HTTPBadRequest, HTTPForbidden, HTTPMethodNotAllowed

--- a/kallithea/model/validators.py	Sun Jul 21 23:34:47 2019 +0200
+++ b/kallithea/model/validators.py	Tue Aug 06 22:50:03 2019 +0200
@@ -22,7 +22,6 @@
 from collections import defaultdict
 from tg.i18n import ugettext as _
 from sqlalchemy import func
-from webhelpers.pylonslib.secure_form import authentication_token
 import sqlalchemy
 
 from formencode.validators import (
@@ -306,19 +305,6 @@
     return _validator
 
 
-def ValidAuthToken():
-    class _validator(formencode.validators.FancyValidator):
-        messages = {
-            'invalid_token': _('Token mismatch')
-        }
-
-        def _validate_python(self, value, state):
-            if value != authentication_token():
-                msg = self.message('invalid_token', state)
-                raise formencode.Invalid(msg, value, state)
-    return _validator
-
-
 def ValidRepoName(edit=False, old_data=None):
     old_data = old_data or {}
 

--- a/kallithea/tests/other/test_validators.py	Sun Jul 21 23:34:47 2019 +0200
+++ b/kallithea/tests/other/test_validators.py	Tue Aug 06 22:50:03 2019 +0200
@@ -139,13 +139,6 @@
         with pytest.raises(formencode.Invalid):
             validator.to_python(invalid_creds)
 
-    def test_ValidAuthToken(self):
-        validator = v.ValidAuthToken()
-        # this is untestable without a threadlocal
-#        self.assertRaises(formencode.Invalid,
-#                          validator.to_python, 'BadToken')
-        validator
-
     def test_ValidRepoName(self):
         validator = v.ValidRepoName()