github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 13:23:38 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: Allow API requests to specify the DISCOURSE_VISIBLE header

Browse Source 
This allows API consumers to automatically update the user's last_seen time. The default behaviour is unchanged.
This commit is contained in:
David Taylor 2019-04-15 17:34:34 +01:00
parent a37181ab30
commit af86cf46dc
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/auth/default_current_user_provider.rb
View File

@ -249,10 +249,10 @@ class Auth::DefaultCurrentUserProvider
def should_update_last_seen? def should_update_last_seen?
return false if Discourse.pg_readonly_mode? return false if Discourse.pg_readonly_mode?
if @request.xhr? api = !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
if @request.xhr? || api
@env["HTTP_DISCOURSE_VISIBLE".freeze] == "true".freeze @env["HTTP_DISCOURSE_VISIBLE".freeze] == "true".freeze
elsif !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
false
else else
true true
end end

32
spec/components/auth/default_current_user_provider_spec.rb
View File

@ -365,13 +365,6 @@ describe Auth::DefaultCurrentUserProvider do
end end
it "should not update last seen for ajax calls without Discourse-Visible header" do
expect(provider("/topic/anything/goes",
:method => "POST",
"HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"
).should_update_last_seen?).to eq(false)
end
describe "#current_user" do describe "#current_user" do
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
@ -426,6 +419,11 @@ describe Auth::DefaultCurrentUserProvider do
end end
end end
it "should update last seen for non ajax" do
expect(provider("/topic/anything/goes", method: "POST").should_update_last_seen?).to eq(true)
expect(provider("/topic/anything/goes", method: "GET").should_update_last_seen?).to eq(true)
end
it "should update ajax reqs with discourse visible" do it "should update ajax reqs with discourse visible" do
expect(provider("/topic/anything/goes", expect(provider("/topic/anything/goes",
:method => "POST", :method => "POST",
@ -434,9 +432,23 @@ describe Auth::DefaultCurrentUserProvider do
).should_update_last_seen?).to eq(true) ).should_update_last_seen?).to eq(true)
end end
it "should update last seen for non ajax" do it "should not update last seen for ajax calls without Discourse-Visible header" do
expect(provider("/topic/anything/goes", method: "POST").should_update_last_seen?).to eq(true) expect(provider("/topic/anything/goes",
expect(provider("/topic/anything/goes", method: "GET").should_update_last_seen?).to eq(true) :method => "POST",
"HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"
).should_update_last_seen?).to eq(false)
end
it "should update last seen for API calls with Discourse-Visible header" do
user = Fabricate(:user)
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
params = { :method => "POST",
"HTTP_X_REQUESTED_WITH" => "XMLHttpRequest",
"HTTP_API_KEY" => "hello"
}
expect(provider("/topic/anything/goes", params).should_update_last_seen?).to eq(false)
expect(provider("/topic/anything/goes", params.merge("HTTP_DISCOURSE_VISIBLE" => "true")).should_update_last_seen?).to eq(true)
end end
it "correctly rotates tokens" do it "correctly rotates tokens" do