DEV: Only show deprecation message for non-whitelisted requests

As another step toward fully dreprecating query parameter authentication
in API requests this change prevents an admin dashboard message from
showing up if using a whitelisted route like rss feeds or the
mail-receiver route.

lib/auth/default_current_user_provider.rb

@@ -295,10 +295,7 @@ class Auth::DefaultCurrentUserProvider
 
       # Check for deprecated api auth
       if !header_api_key?
-        if request.path == "/admin/email/handle_mail"
+        unless is_whitelisted_query_param_auth_route?(request)
-          # Notify admins that the mail receiver is still using query auth and to update
-          AdminDashboardData.add_problem_message('dashboard.update_mail_receiver', 1.day)
-        else
           # Notify admins of deprecated auth method
           AdminDashboardData.add_problem_message('dashboard.deprecated_api_usage', 1.day)
         end
@@ -330,6 +327,19 @@ class Auth::DefaultCurrentUserProvider
 
   private
 
+  def is_whitelisted_query_param_auth_route?(request)
+    (is_rss_feed?(request) || is_handle_mail?(request))
+  end
+
+  def is_rss_feed?(request)
+    return true if request.path.match?(/\/(c|t){1}\/\S*.(rss|json)/) && request.get? # topic or category route
+    return true if request.path.match?(/\/(latest|top|categories).(rss|json)/) && request.get? # specific routes with rss
+  end
+
+  def is_handle_mail?(request)
+    return true if request.path == "/admin/email/handle_mail" && request.post?
+  end
+
   def header_api_key?
     !!@env[HEADER_API_KEY]
   end