FEATURE: allow system api to target users via external id or user id

usage ?api_key=XYZ&api_user_external_id=ABC usage ?api_key=XYZ&api_user_id=123
2025-03-26 15:25:40 +08:00 · 2018-01-12 17:37:57 +11:00 · 2018-01-12 17:37:57 +11:00 · 215c0d5569
commit 215c0d5569
parent a2c561bbde
2 changed files with 17 additions and 0 deletions
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -259,6 +259,10 @@ class Auth::DefaultCurrentUserProvider
        api_key.user if !api_username || (api_key.user.username_lower == api_username.downcase)
      elsif api_username
        User.find_by(username_lower: api_username.downcase)
+      elsif user_id = request["api_user_id"]
+        User.find_by(id: user_id.to_i)
+      elsif external_id = request["api_user_external_id"]
+        SingleSignOnRecord.find_by(external_id: external_id.to_s).try(:user)
      end
    end
  end
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@ -88,6 +88,19 @@ describe Auth::DefaultCurrentUserProvider do
      expect(provider("/?api_key=hello&api_username=#{user.username.downcase}").current_user.id).to eq(user.id)
    end

+    it "finds a user for a correct system api key with external id" do
+      user = Fabricate(:user)
+      ApiKey.create!(key: "hello", created_by_id: -1)
+      SingleSignOnRecord.create(user_id: user.id, external_id: "abc", last_payload: '')
+      expect(provider("/?api_key=hello&api_user_external_id=abc").current_user.id).to eq(user.id)
+    end
+
+    it "finds a user for a correct system api key with id" do
+      user = Fabricate(:user)
+      ApiKey.create!(key: "hello", created_by_id: -1)
+      expect(provider("/?api_key=hello&api_user_id=#{user.id}").current_user.id).to eq(user.id)
+    end
+
    context "rate limiting" do
      before do
        RateLimiter.enable