FIX: Do not update `last seen` time for suspended users

This commit is contained in:
David Taylor 2018-07-18 16:04:57 +01:00
parent f55ac892e4
commit 2dc3a50dac
2 changed files with 41 additions and 8 deletions

View File

@ -75,14 +75,6 @@ class Auth::DefaultCurrentUserProvider
@env[BAD_TOKEN] = true @env[BAD_TOKEN] = true
end end
if current_user && should_update_last_seen?
u = current_user
Scheduler::Defer.later "Updating Last Seen" do
u.update_last_seen!
u.update_ip_address!(request.ip)
end
end
# possible we have an api call, impersonate # possible we have an api call, impersonate
if api_key if api_key
current_user = lookup_api_user(api_key, request) current_user = lookup_api_user(api_key, request)
@ -127,6 +119,14 @@ class Auth::DefaultCurrentUserProvider
current_user = nil current_user = nil
end end
if current_user && should_update_last_seen?
u = current_user
Scheduler::Defer.later "Updating Last Seen" do
u.update_last_seen!
u.update_ip_address!(request.ip)
end
end
@env[CURRENT_USER_KEY] = current_user @env[CURRENT_USER_KEY] = current_user
end end

View File

@ -156,6 +156,39 @@ describe Auth::DefaultCurrentUserProvider do
).should_update_last_seen?).to eq(false) ).should_update_last_seen?).to eq(false)
end end
it "should not update last seen for suspended users" do
user = Fabricate(:user)
provider = provider('/')
cookies = {}
provider.log_on_user(user, {}, cookies)
unhashed_token = cookies["_t"][:value]
freeze_time
Sidekiq::Testing.inline! do
# Need to clear this key from redis, otherwise
# this test could fail if run twice in 1 minute
$redis.del("user:#{user.id}:#{Time.now.to_date}")
provider2 = provider("/", "HTTP_COOKIE" => "_t=#{unhashed_token}")
u = provider2.current_user
u.reload
expect(u.last_seen_at).to eq(Time.now)
freeze_time 20.minutes.from_now
u.last_seen_at = nil
u.suspended_till = 1.year.from_now
u.save!
$redis.del("user:#{user.id}:#{Time.now.to_date}")
provider2 = provider("/", "HTTP_COOKIE" => "_t=#{unhashed_token}")
expect(provider2.current_user).to eq(nil)
u.reload
expect(u.last_seen_at).to eq(nil)
end
end
it "should update ajax reqs with discourse visible" do it "should update ajax reqs with discourse visible" do
expect(provider("/topic/anything/goes", expect(provider("/topic/anything/goes",
:method => "POST", :method => "POST",