When linuxdo_username and linuxdo_password are configured, the plugin
automatically logs in via Playwright and captures the _forum_session
cookie from the browser context. No manual cookie copy needed.
Auth priority:
1. Manual linuxdo_session_cookie (if configured)
2. Auto-login via username+password (if configured)
3. Anonymous access (fallback)
Also update README and CHANGELOG with dual-mode auth documentation.
linux.do doesn't provide user-level API keys, and the Playwright form
login approach was fragile (depends on SPA rendering, CSRF handling,
selector stability). Replace with a simpler cookie injection approach:
- User copies _forum_session cookie from browser DevTools
- Plugin injects it into StealthySession's browser context
- Validates via /session/current_user.json
- Falls back to anonymous if cookie is invalid/expired
Config changes:
- Add linuxdo_session_cookie (string, optional)
- Remove linuxdo_username and linuxdo_password (no longer needed)
When linuxdo_username and linuxdo_password are configured, the plugin
automatically logs in via Playwright's form POST to /login on Discourse.
The session cookies persist in the StealthySession context, enabling
authenticated API calls to access restricted categories, private
messages, and other non-public content.
The login flow:
1. _ensure_authenticated() is called once per StealthySession lifetime
2. _check_login_state() detects if already logged in (avoids re-login)
3. If not logged in, _do_login() navigates to /login, fills the form
(username/password), and clicks submit (no CSRF token needed for
HTML form POST — Discourse only enforces CSRF on XHR)
4. If login fails (wrong credentials, 2FA, rate limit), the plugin
gracefully degrades to anonymous access and proceeds normally
Config additions:
- linuxdo_username: string, optional
- linuxdo_password: string, optional (sensitive, plaintext in config)
Version: 1.1.3 → 1.2.0 (new feature)