FEATURE: Allow API requests to specify the `DISCOURSE_VISIBLE` header

FEATURE: Allow API requests to specify the DISCOURSE_VISIBLE header

This allows API consumers to automatically update the user’s last_seen time. The default behaviour is unchanged.

diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 2efcde6..27fb47a 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -249,10 +249,10 @@ class Auth::DefaultCurrentUserProvider
   def should_update_last_seen?
     return false if Discourse.pg_readonly_mode?
 
-    if @request.xhr?
+    api = !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
+
+    if @request.xhr? || api
       @env["HTTP_DISCOURSE_VISIBLE".freeze] == "true".freeze
-    elsif !!(@env[API_KEY_ENV]) || !!(@env[USER_API_KEY_ENV])
-      false
     else
       true
     end
diff --git a/spec/components/auth/default_current_user_provider_spec.rb b/spec/components/auth/default_current_user_provider_spec.rb
index 7f73209..bf68a08 100644
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@@ -365,13 +365,6 @@ describe Auth::DefaultCurrentUserProvider do
 
   end
 
-  it "should not update last seen for ajax calls without Discourse-Visible header" do
-    expect(provider("/topic/anything/goes",
-                    :method => "POST",
-                    "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"
-          ).should_update_last_seen?).to eq(false)
-  end
-
   describe "#current_user" do
     let(:user) { Fabricate(:user) }
 
@@ -426,6 +419,11 @@ describe Auth::DefaultCurrentUserProvider do
     end
   end
 
+  it "should update last seen for non ajax" do
+    expect(provider("/topic/anything/goes", method: "POST").should_update_last_seen?).to eq(true)
+    expect(provider("/topic/anything/goes", method: "GET").should_update_last_seen?).to eq(true)
+  end
+
   it "should update ajax reqs with discourse visible" do
     expect(provider("/topic/anything/goes",
                     :method => "POST",
@@ -434,9 +432,23 @@ describe Auth::DefaultCurrentUserProvider do
           ).should_update_last_seen?).to eq(true)
   end
 
-  it "should update last seen for non ajax" do
-    expect(provider("/topic/anything/goes", method: "POST").should_update_last_seen?).to eq(true)
-    expect(provider("/topic/anything/goes", method: "GET").should_update_last_seen?).to eq(true)
+  it "should not update last seen for ajax calls without Discourse-Visible header" do
+    expect(provider("/topic/anything/goes",
+                    :method => "POST",
+                    "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"
+          ).should_update_last_seen?).to eq(false)
+  end
+
+  it "should update last seen for API calls with Discourse-Visible header" do
+    user = Fabricate(:user)
+    ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
+    params = { :method => "POST",
+               "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest",
+               "HTTP_API_KEY" => "hello"
+              }
+
+    expect(provider("/topic/anything/goes", params).should_update_last_seen?).to eq(false)
+    expect(provider("/topic/anything/goes", params.merge("HTTP_DISCOURSE_VISIBLE" => "true")).should_update_last_seen?).to eq(true)
   end
 
   it "correctly rotates tokens" do

GitHub sha: af86cf46

This commit has been mentioned on Discourse Meta. There might be relevant details there: