DEV: add request data to the before_session_destroy event (#16905)

2022-05-31 18:18:56 -04:00 · 2022-05-31 18:18:56 -04:00 · 9ac85d6163
parent 41fa278c00
commit 9ac85d6163
2 changed files with 17 additions and 1 deletions
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -566,7 +566,7 @@ class SessionController < ApplicationController

    redirect_url ||= path("/")

-    event_data = { redirect_url: redirect_url, user: current_user }
+    event_data = { redirect_url: redirect_url, user: current_user, client_ip: request&.ip, user_agent: request&.user_agent }
    DiscourseEvent.trigger(:before_session_destroy, event_data)
    redirect_url = event_data[:redirect_url]

--- a/spec/requests/session_controller_spec.rb
+++ b/spec/requests/session_controller_spec.rb
@ -2291,6 +2291,22 @@ describe SessionController do
    ensure
      DiscourseEvent.off(:before_session_destroy, &callback)
    end
+
+    it 'includes ip and user agent in the before_session_destroy event params' do
+      callback_params = {}
+      callback = -> (data) { callback_params = data }
+
+      DiscourseEvent.on(:before_session_destroy, &callback)
+
+      user = sign_in(Fabricate(:user))
+      delete "/session/#{user.username}.json", xhr: true, headers: { HTTP_USER_AGENT: 'AwesomeBrowser' }
+
+      expect(callback_params[:user_agent]).to eq('AwesomeBrowser')
+      expect(callback_params[:client_ip]).to eq('127.0.0.1')
+    ensure
+      DiscourseEvent.off(:before_session_destroy, &callback)
+    end
+
  end

  describe '#one_time_password' do