FEATURE: Stricter rules for user presence

Previously we would consider a user "present" and "last seen" if the browser window was visible. This has many edge cases, you could be considered present and around for days just by having a window open and no screensaver on. Instead we now also check that you either clicked, transitioned around app or scrolled the page in the last minute in combination with window visibility This will lead to more reliable notifications via email and reduce load of message bus for cases where a user walks away from the terminal
2025-05-30 07:11:34 +08:00 · 2020-03-26 17:35:32 +11:00
parent 6f978bc95c
commit 25f1f23288
11 changed files with 69 additions and 18 deletions
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@ -462,18 +462,18 @@ describe Auth::DefaultCurrentUserProvider do
    expect(provider("/topic/anything/goes",
                    :method => "POST",
                    "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest",
-                    "HTTP_DISCOURSE_VISIBLE" => "true"
+                    "HTTP_DISCOURSE_PRESENT" => "true"
          ).should_update_last_seen?).to eq(true)
  end

-  it "should not update last seen for ajax calls without Discourse-Visible header" do
+  it "should not update last seen for ajax calls without Discourse-Present header" do
    expect(provider("/topic/anything/goes",
                    :method => "POST",
                    "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"
          ).should_update_last_seen?).to eq(false)
  end

-  it "should update last seen for API calls with Discourse-Visible header" do
+  it "should update last seen for API calls with Discourse-Present header" do
    user = Fabricate(:user)
    api_key = ApiKey.create!(user_id: user.id, created_by_id: -1)
    params = { :method => "POST",
@ -482,7 +482,7 @@ describe Auth::DefaultCurrentUserProvider do
              }

    expect(provider("/topic/anything/goes", params).should_update_last_seen?).to eq(false)
-    expect(provider("/topic/anything/goes", params.merge("HTTP_DISCOURSE_VISIBLE" => "true")).should_update_last_seen?).to eq(true)
+    expect(provider("/topic/anything/goes", params.merge("HTTP_DISCOURSE_PRESENT" => "true")).should_update_last_seen?).to eq(true)
  end

  it "correctly rotates tokens" do
--- a/spec/components/hijack_spec.rb
+++ b/spec/components/hijack_spec.rb
@ -108,7 +108,7 @@ describe Hijack do

    expected = {
      "Access-Control-Allow-Origin" => "www.rainbows.com",
-      "Access-Control-Allow-Headers" => "Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id, Authorization",
+      "Access-Control-Allow-Headers" => "Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Present, User-Api-Key, User-Api-Client-Id, Authorization",
      "Access-Control-Allow-Credentials" => "true",
      "Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE"
    }