FEATURE: Allow API requests to specify the DISCOURSE_VISIBLE header

This allows API consumers to automatically update the user's last_seen time. The default behaviour is unchanged.
2024-11-22 22:21:55 +08:00 · 2019-04-15 17:34:34 +01:00 · 2019-04-15 17:34:34 +01:00 · af86cf46dc
commit af86cf46dc
parent a37181ab30
2 changed files with 25 additions and 13 deletions
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -249,10 +249,10 @@ class Auth::DefaultCurrentUserProvider
  def should_update_last_seen?
    return false if Discourse.pg_readonly_mode?

-    if @request.xhr?
+    api = !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
+
+    if @request.xhr? || api
      @env["HTTP_DISCOURSE_VISIBLE".freeze] == "true".freeze
-    elsif !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
-      false
    else
      true
    end
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@ -365,13 +365,6 @@ describe Auth::DefaultCurrentUserProvider do

  end

-  it "should not update last seen for ajax calls without Discourse-Visible header" do
-    expect(provider("/topic/anything/goes",
-                    :method => "POST",
-                    "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"
-          ).should_update_last_seen?).to eq(false)
-  end
-
  describe "#current_user" do
    let(:user) { Fabricate(:user) }

@ -426,6 +419,11 @@ describe Auth::DefaultCurrentUserProvider do
    end
  end

+  it "should update last seen for non ajax" do
+    expect(provider("/topic/anything/goes", method: "POST").should_update_last_seen?).to eq(true)
+    expect(provider("/topic/anything/goes", method: "GET").should_update_last_seen?).to eq(true)
+  end
+
  it "should update ajax reqs with discourse visible" do
    expect(provider("/topic/anything/goes",
                    :method => "POST",
@ -434,9 +432,23 @@ describe Auth::DefaultCurrentUserProvider do
          ).should_update_last_seen?).to eq(true)
  end

-  it "should update last seen for non ajax" do
-    expect(provider("/topic/anything/goes", method: "POST").should_update_last_seen?).to eq(true)
-    expect(provider("/topic/anything/goes", method: "GET").should_update_last_seen?).to eq(true)
+  it "should not update last seen for ajax calls without Discourse-Visible header" do
+    expect(provider("/topic/anything/goes",
+                    :method => "POST",
+                    "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"
+          ).should_update_last_seen?).to eq(false)
+  end
+
+  it "should update last seen for API calls with Discourse-Visible header" do
+    user = Fabricate(:user)
+    ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
+    params = { :method => "POST",
+               "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest",
+               "HTTP_API_KEY" => "hello"
+              }
+
+    expect(provider("/topic/anything/goes", params).should_update_last_seen?).to eq(false)
+    expect(provider("/topic/anything/goes", params.merge("HTTP_DISCOURSE_VISIBLE" => "true")).should_update_last_seen?).to eq(true)
  end

  it "correctly rotates tokens" do