discourse/lib/current_user.rb

module CurrentUser

  def self.has_auth_cookie?(env)
    Discourse.current_user_provider.new(env).has_auth_cookie?
  end

  def self.lookup_from_env(env)
    Discourse.current_user_provider.new(env).current_user
  end


  # can be used to pretend current user does no exist, for CSRF attacks
  def clear_current_user
    @current_user_provider = Discourse.current_user_provider.new({})
  end

  def log_on_user(user)
    current_user_provider.log_on_user(user,session,cookies)
  end

  def log_off_user
    current_user_provider.log_off_user(session,cookies)
  end

  def is_api?
    current_user_provider.is_api?
  end

  def current_user
    current_user_provider.current_user
  end

  private

  def current_user_provider
    @current_user_provider ||= Discourse.current_user_provider.new(request.env)
  end

end
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`module CurrentUser`

introduce rack:cache as a default, so users don't need to configure apache or nginx under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine) reorganised so mini profilers can be cleanly disabled from config file added caching for categories index move production.rb to production.sample.rb 2013-04-11 14:24:08 +08:00			`def self.has_auth_cookie?(env)`
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`Discourse.current_user_provider.new(env).has_auth_cookie?`
introduce rack:cache as a default, so users don't need to configure apache or nginx under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine) reorganised so mini profilers can be cleanly disabled from config file added caching for categories index move production.rb to production.sample.rb 2013-04-11 14:24:08 +08:00			`end`

started work on message bus diags 2013-02-15 16:23:40 +08:00			`def self.lookup_from_env(env)`
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`Discourse.current_user_provider.new(env).current_user`
refactor and organise current_user better 2013-02-24 18:42:04 +08:00			`end`


SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 13:13:13 +08:00			`# can be used to pretend current user does no exist, for CSRF attacks`
			`def clear_current_user`
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`@current_user_provider = Discourse.current_user_provider.new({})`
SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 13:13:13 +08:00			`end`

refactor and organise current_user better 2013-02-24 18:42:04 +08:00			`def log_on_user(user)`
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`current_user_provider.log_on_user(user,session,cookies)`
cookie recovery cause we have been messing with it. 2013-02-24 18:50:34 +08:00			`end`

add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`def log_off_user`
			`current_user_provider.log_off_user(session,cookies)`
started work on message bus diags 2013-02-15 16:23:40 +08:00			`end`

SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 13:13:13 +08:00			`def is_api?`
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`current_user_provider.is_api?`
SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 13:13:13 +08:00			`end`

Initial release of Discourse 2013-02-06 03:16:51 +08:00			`def current_user`
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`current_user_provider.current_user`
			`end`
basic api support 2013-03-26 09:04:28 +08:00
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`private`
basic api support 2013-03-26 09:04:28 +08:00
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 12:10:37 +08:00			`def current_user_provider`
			`@current_user_provider \|\|= Discourse.current_user_provider.new(request.env)`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`end`

			`end`