I just added a couple of classes that allow you to override the way we lookup the current user. This is particularly important to people looking to integrate using cookie auth from a top level domain.
Essentially you can elect a provider for the current user functionality, to do so:
Implement a class that inherits off:
class Auth::CurrentUserProvider # do all current user initialization here def initialize(env) raise NotImplementedError end # our current user, return nil if none is found def current_user raise NotImplementedError end # log on a user and set cookies and session etc. def log_on_user(user,session,cookies) raise NotImplementedError end # api has special rights return true if api was detected def is_api? raise NotImplementedError end # we may need to know very early on in the middleware if an auth token # exists, to optimise caching def has_auth_cookie? raise NotImplementedError end def log_off_user(session, cookies) raise NotImplementedError end end
If you just feel like extending the current behavior, inherit off
Auth::DefaultCurrentUserProvider , this allow you to run special code when a user is logged on or off and so on.
To wire your own provider, run
Discourse.current_user_provider = MyCurrentUserProvider
This is way cleaner and more predictable than monkey patching.