[FEATURE] Update user's access time when authenticating

When a user makes an authenticated request, update the access time
on the user object. Just like core does.

Author: lukewertz

plugins/authentication/RestfulAuthenticationManager.php

@@ -123,6 +123,10 @@ public function getAccount(array $request = array(), $method = \RestfulInterface
     // This is necessary because the page cache system only looks at session
     // cookies, but not at HTTP Basic Auth headers.
     drupal_page_is_cacheable(!$account->uid && variable_get('restful_page_cache', FALSE));
+
+    // Record the access time of this request.
+    $this->setAccessTime($account);
+
     return $account;
   }
 
@@ -205,5 +209,20 @@ protected function getOriginalUserSession() {
     return $this->originalUserSession;
   }
 
-
+  /**
+   * Set the user's last access time.
+   *
+   * @param object $account
+   *   A user account.
+   *
+   * @see _drupal_session_write()
+   */
+  protected function setAccessTime($account) {
+    // This logic is pulled directly from _drupal_session_write().
+    if ($account->uid && REQUEST_TIME - $account->access > variable_get('session_write_interval', 180)) {
+      db_update('users')->fields(array(
+        'access' => REQUEST_TIME,
+      ))->condition('uid', $account->uid)->execute();
+    }
+  }
 }

tests/RestfulAuthenticationTestCase.test

@@ -138,4 +138,68 @@ class RestfulAuthenticationTestCase extends RestfulCurlBaseTestCase {
 
     $this->assertEqual($user->uid, 0, 'Global user is the correct one after an API call that switches the user.');
   }
+
+  /**
+   * Test recording of access time.
+   */
+  function testAccessTime() {
+    global $user;
+
+    $user1 = $this->drupalCreateUser();
+    $user2 = $this->drupalCreateUser();
+
+    $handler = restful_get_restful_handler('main', 1, 5);
+
+    // Case 1. Ensure that access time is recorded for cookie auth.
+    $user = $user1;
+
+    $user1_access_time_before = db_query('SELECT access FROM {users} WHERE uid = :d', array(':d' => $user1->uid))->fetchObject();
+
+    // Perform request authentication.
+    $handler->getAccount();
+
+    $user1_access_time = db_query('SELECT access FROM {users} WHERE uid = :d', array(':d' => $user1->uid))->fetchObject();
+    $this->assertEqual($user1_access_time->access, REQUEST_TIME, 'Cookie authenticated user access time is updated.');
+
+    $this->assertNotEqual($user1_access_time_before->access, $user1_access_time->access, 'Access time before and after request are equal.');
+
+    // Case 2. Ensure that access time is recorded for basic auth.
+    $user = $user2;
+
+    $_SERVER['PHP_AUTH_USER'] = $user2->name;
+    $_SERVER['PHP_AUTH_PW'] = $user2->pass_raw;
+    $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = NULL;
+    $handler = restful_get_restful_handler('articles');
+
+    // Perform request authentication.
+    $handler->getAccount();
+
+    $user2_access_time = db_query('SELECT access FROM {users} WHERE uid = :d', array(':d' => $user2->uid))->fetchObject();
+    $this->assertEqual($user2_access_time->access, REQUEST_TIME, 'Basic authenticated user access time is updated.');
+
+    // Case 3. Ensure that the timestamp gets updated.
+    $user = $user1;
+
+    // Get a timestamp that is in the past.
+    $the_past = REQUEST_TIME - variable_get('session_write_interval');
+
+    // To begin, we'll set the timestamp for user1 back a little bit.
+    $num_updated = db_update('users')
+      ->fields(array('access' => $the_past))
+      ->condition('uid', $user1->uid)
+      ->execute();
+
+    $user1_pre_access_time = db_query('SELECT access FROM {users} WHERE uid = :d', array(':d' => $user1->uid))->fetchObject();
+    $this->assertEqual($user1_pre_access_time->access, $the_past, 'Set user1 access time to a time in the past.');
+
+    // Perform an authenticated request.
+    $this->drupalGet('/api/v1.5/main', array(), array(
+      'Authorization' => 'Basic ' . base64_encode($user1->name . ':' . $user1->pass_raw))
+    );
+
+    $user1_post_access_time = db_query('SELECT access FROM {users} WHERE uid = :d', array(':d' => $user1->uid))->fetchObject();
+
+    $this->assertEqual($user1_post_access_time->access, REQUEST_TIME, 'Basic authenticated user access time is updated.');
+  }
+
 }