DEV: add request data to the before_session_destroy event (#16905)

app/controllers/session_controller.rb

@@ -566,7 +566,7 @@ class SessionController < ApplicationController
 
     redirect_url ||= path("/")
 
-    event_data = { redirect_url: redirect_url, user: current_user }
+    event_data = { redirect_url: redirect_url, user: current_user, client_ip: request&.ip, user_agent: request&.user_agent }
     DiscourseEvent.trigger(:before_session_destroy, event_data)
     redirect_url = event_data[:redirect_url]
 

spec/requests/session_controller_spec.rb

@@ -2291,6 +2291,22 @@ describe SessionController do
     ensure
       DiscourseEvent.off(:before_session_destroy, &callback)
     end
+
+    it 'includes ip and user agent in the before_session_destroy event params' do
+      callback_params = {}
+      callback = -> (data) { callback_params = data }
+
+      DiscourseEvent.on(:before_session_destroy, &callback)
+
+      user = sign_in(Fabricate(:user))
+      delete "/session/#{user.username}.json", xhr: true, headers: { HTTP_USER_AGENT: 'AwesomeBrowser' }
+
+      expect(callback_params[:user_agent]).to eq('AwesomeBrowser')
+      expect(callback_params[:client_ip]).to eq('127.0.0.1')
+    ensure
+      DiscourseEvent.off(:before_session_destroy, &callback)
+    end
+
   end
 
   describe '#one_time_password' do