FIX: Do not update last_seen for API access

This regressed in 2dc3a50. I have now added tests for the behavior.
This commit is contained in:
David Taylor 2018-10-25 13:38:57 +01:00
parent effbef7d0b
commit 56e0f47bcd
2 changed files with 8 additions and 1 deletions

View File

@ -240,6 +240,8 @@ class Auth::DefaultCurrentUserProvider
def should_update_last_seen?
if @request.xhr?
@env["HTTP_DISCOURSE_VISIBLE".freeze] == "true".freeze
elsif !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
false
else
true
end

View File

@ -32,7 +32,11 @@ describe Auth::DefaultCurrentUserProvider do
it "finds a user for a correct per-user api key" do
user = Fabricate(:user)
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
expect(provider("/?api_key=hello").current_user.id).to eq(user.id)
good_provider = provider("/?api_key=hello")
expect(good_provider.current_user.id).to eq(user.id)
expect(good_provider.is_api?).to eq(true)
expect(good_provider.is_user_api?).to eq(false)
expect(good_provider.should_update_last_seen?).to eq(false)
user.update_columns(active: false)
@ -399,6 +403,7 @@ describe Auth::DefaultCurrentUserProvider do
expect(good_provider.current_user.id).to eq(user.id)
expect(good_provider.is_api?).to eq(false)
expect(good_provider.is_user_api?).to eq(true)
expect(good_provider.should_update_last_seen?).to eq(false)
expect {
provider("/", params.merge("REQUEST_METHOD" => "POST")).current_user