FIX: Do not check for suspicious login when impersonating. (#6534)

* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.

lib/auth/current_user_provider.rb

@@ -12,7 +12,7 @@ class Auth::CurrentUserProvider
   end
 
   # log on a user and set cookies and session etc.
-  def log_on_user(user, session, cookies)
+  def log_on_user(user, session, cookies, opts = {})
     raise NotImplementedError
   end
 

lib/auth/default_current_user_provider.rb

@@ -149,13 +149,14 @@ class Auth::DefaultCurrentUserProvider
     end
   end
 
-  def log_on_user(user, session, cookies)
+  def log_on_user(user, session, cookies, opts = {})
     @user_token = UserAuthToken.generate!(
       user_id: user.id,
       user_agent: @env['HTTP_USER_AGENT'],
       path: @env['REQUEST_PATH'],
       client_ip: @request.ip,
-      staff: user.staff?)
+      staff: user.staff?,
+      impersonate: opts.impersonate)
 
     cookies[TOKEN_COOKIE] = cookie_hash(@user_token.unhashed_auth_token)
     unstage_user(user)