From 56e0f47bcd183f9d8e5cde853bcb9f8fe38eebf7 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Thu, 25 Oct 2018 13:38:57 +0100
Subject: [PATCH] FIX: Do not update `last_seen` for API access

This regressed in 2dc3a50. I have now added tests for the behavior.
---
 lib/auth/default_current_user_provider.rb                  | 2 ++
 spec/components/auth/default_current_user_provider_spec.rb | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 671022deeb2..e4badae622f 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -240,6 +240,8 @@ class Auth::DefaultCurrentUserProvider
   def should_update_last_seen?
     if @request.xhr?
       @env["HTTP_DISCOURSE_VISIBLE".freeze] == "true".freeze
+    elsif !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
+      false
     else
       true
     end
diff --git a/spec/components/auth/default_current_user_provider_spec.rb b/spec/components/auth/default_current_user_provider_spec.rb
index 20cf716d964..a141b15c196 100644
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@@ -32,7 +32,11 @@ describe Auth::DefaultCurrentUserProvider do
     it "finds a user for a correct per-user api key" do
       user = Fabricate(:user)
       ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
-      expect(provider("/?api_key=hello").current_user.id).to eq(user.id)
+      good_provider = provider("/?api_key=hello")
+      expect(good_provider.current_user.id).to eq(user.id)
+      expect(good_provider.is_api?).to eq(true)
+      expect(good_provider.is_user_api?).to eq(false)
+      expect(good_provider.should_update_last_seen?).to eq(false)
 
       user.update_columns(active: false)
 
@@ -399,6 +403,7 @@ describe Auth::DefaultCurrentUserProvider do
       expect(good_provider.current_user.id).to eq(user.id)
       expect(good_provider.is_api?).to eq(false)
       expect(good_provider.is_user_api?).to eq(true)
+      expect(good_provider.should_update_last_seen?).to eq(false)
 
       expect {
         provider("/", params.merge("REQUEST_METHOD" => "POST")).current_user