module CurrentUser def self.has_auth_cookie?(env) Discourse.current_user_provider.new(env).has_auth_cookie? end def self.lookup_from_env(env) Discourse.current_user_provider.new(env).current_user end # can be used to pretend current user does no exist, for CSRF attacks def clear_current_user @current_user_provider = Discourse.current_user_provider.new({}) end def log_on_user(user) current_user_provider.log_on_user(user,session,cookies) end def log_off_user current_user_provider.log_off_user(session,cookies) end def is_api? current_user_provider.is_api? end def current_user c = current_user_provider.current_user ScreenedIpAddress.block_login?(c, request.remote_ip) ? nil : c end private def current_user_provider @current_user_provider ||= Discourse.current_user_provider.new(request.env) end end