FIX: Don't update User#last_seen_at when PG is readonly take 2.

2024-11-22 09:12:45 +08:00 · 2019-01-21 13:49:08 +08:00 · 2019-01-21 13:49:08 +08:00 · 4466fcf1bc
commit 4466fcf1bc
parent c732ae9ca9
5 changed files with 14 additions and 17 deletions
--- a/lib/admin_constraint.rb
+++ b/lib/admin_constraint.rb
@ -12,7 +12,7 @@ class AdminConstraint
    provider.current_user &&
      provider.current_user.admin? &&
      custom_admin_check(request)
-  rescue Discourse::InvalidAccess
+  rescue Discourse::InvalidAccess, Discourse::ReadOnly
    false
  end

--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -25,6 +25,7 @@ class Auth::DefaultCurrentUserProvider
  # our current user, return nil if none is found
  def current_user
    return @env[CURRENT_USER_KEY] if @env.key?(CURRENT_USER_KEY)
+    raise Discourse::ReadOnly if Discourse.pg_readonly_mode?

    # bypass if we have the shared session header
    if shared_key = @env['HTTP_X_SHARED_SESSION_KEY']
@ -241,8 +242,6 @@ class Auth::DefaultCurrentUserProvider
  end

  def should_update_last_seen?
-    return false if Discourse.pg_readonly_mode?
-
    if @request.xhr?
      @env["HTTP_DISCOURSE_VISIBLE".freeze] == "true".freeze
    elsif !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
--- a/lib/homepage_constraint.rb
+++ b/lib/homepage_constraint.rb
@ -9,7 +9,7 @@ class HomePageConstraint
    provider = Discourse.current_user_provider.new(request.env)
    homepage = provider&.current_user&.user_option&.homepage || SiteSetting.anonymous_homepage
    homepage == @filter
-  rescue Discourse::InvalidAccess
+  rescue Discourse::InvalidAccess, Discourse::ReadOnly
    false
  end
 end
--- a/lib/staff_constraint.rb
+++ b/lib/staff_constraint.rb
@ -7,7 +7,7 @@ class StaffConstraint
    provider.current_user &&
      provider.current_user.staff? &&
      custom_staff_check(request)
-  rescue Discourse::InvalidAccess
+  rescue Discourse::InvalidAccess, Discourse::ReadOnly
    false
  end

--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@ -161,20 +161,13 @@ describe Auth::DefaultCurrentUserProvider do
  end

  describe "#current_user" do
-    let(:unhashed_token) do
-      provider = provider('/')
-      cookies = {}
-      provider.log_on_user(Fabricate(:user), {}, cookies)
-      cookies["_t"][:value]
-    end
-
    after do
      $redis.flushall
    end

    it "should not update last seen for suspended users" do
-      user = Fabricate(:user)
      provider = provider('/')
+      user = Fabricate(:user)
      cookies = {}
      provider.log_on_user(user, {}, cookies)
      unhashed_token = cookies["_t"][:value]
@ -201,7 +194,11 @@ describe Auth::DefaultCurrentUserProvider do
    end

    describe "when readonly mode is enabled due to postgres" do
+      let(:test_provider) { provider("/") }
+      let(:user) { Fabricate(:user) }
+
      before do
+        test_provider.log_on_user(user, {}, {})
        Discourse.enable_readonly_mode(Discourse::PG_READONLY_MODE_KEY)
      end

@ -210,10 +207,11 @@ describe Auth::DefaultCurrentUserProvider do
      end

      it "should not update last seen at" do
-        provider2 = provider("/", "HTTP_COOKIE" => "_t=#{unhashed_token}")
-        u = provider2.current_user
-        u.reload
-        expect(u.last_seen_at).to eq(nil)
+        expect(test_provider.current_user).to eq(user)
+
+        expect do
+          provider("/?api_key=hello").current_user
+        end.to raise_error(Discourse::ReadOnly)
      end
    end
  end