v0.5 -- change of approach given Discourse changes -- the Auth::DefaultCurrentUserProvider class has a current_user method which we want to try extending instead.

plugin.rb

@@ -4,54 +4,57 @@
 
 # name: discourse-md5_authentication
 # about: A plugin to authenticate users with MD5 passwords from legacy systems
-# version: 0.3
+# version: 0.5
 # authors: saint
 # url: https://gitea.federated.computer/saint/discourse-md5_authentication.git
 
+# This block will run after Discourse has initialized
 after_initialize do
-  Rails.logger.error("MD5 Authentication Plugin: Initialized")
+  # Define a module to contain the MD5 authentication logic
-  class ::User
+  module LegacyMd5Authentication
-    module LegacyMd5Authentication
+    # Override the current_user method to include MD5 authentication
-      def self.included(base)
+    def current_user
-        base.singleton_class.prepend(ClassMethods)
+      # Attempt to find the current user using the standard Discourse method
-      end
+      user = super
+      return user if user
 
-      module ClassMethods
+      # Check for MD5 authentication if no user is found by the standard method
-        def authenticate(login, password)
+      email_or_username = @request.params[:login]
-          Rails.logger.error("LegacyMd5Authentication: Trying to authenticate user with login #{login}")
+      password = @request.params[:password]
 
-          user = nil
+      if email_or_username && password
+        # Log the start of the MD5 authentication attempt
+        Rails.logger.info("MD5 Auth: Attempting to authenticate #{email_or_username}")
 
-          if login.include?('@')
+        # Find the user by username or email, ignoring case
-            # Assume it's an email address
+        user = User.find_by_username_or_email(email_or_username.downcase.strip)
-            user_email = UserEmail.find_by(email: login.downcase.strip)
+
-            user = user_email ? User.find(user_email.user_id) : nil
+        # Log if a user with an MD5 password is found
-          else
+        if user && user.custom_fields['md5_password']
-            # Assume it's a username
+          Rails.logger.info("MD5 Auth: User found with MD5 password - #{user.username}")
-            user = User.find_by(username: login.downcase.strip)
+
+          # Check if the provided password matches the stored MD5 password
+          if user.custom_fields['md5_password'] == Digest::MD5.hexdigest(password)
+            # Log the successful MD5 password match
+            Rails.logger.info("MD5 Auth: MD5 password match for user #{user.username}")
+
+            # Update the user to use the new password and clear the MD5 password
+            user.update!(password: password)
+            user.custom_fields['md5_password'] = nil
+            user.save_custom_fields
+
+            # Set the current user in the environment
+            @env[CURRENT_USER_KEY] = user
+            return user
           end
-
-          if user
-            Rails.logger.error("LegacyMd5Authentication: User found: #{user.username}")
-            if user.custom_fields['md5_password'] && user.custom_fields['md5_password'] == Digest::MD5.hexdigest(password)
-              Rails.logger.error("LegacyMd5Authentication: MD5 password match for user: #{user.username}")
-              user.update!(password: password)
-              user.custom_fields['md5_password'] = nil
-              user.save_custom_fields
-              return user
-            else
-              Rails.logger.error("LegacyMd5Authentication: MD5 password did not match for user: #{user.username}")
-            end
-          else
-            Rails.logger.error("LegacyMd5Authentication: No user found with login #{login}")
-          end
-
-          super(login, password)
         end
       end
+
+      # Fallback to the original current_user method
+      nil
     end
-
-    include LegacyMd5Authentication
   end
-end
 
+  # Prepend our module to the DefaultCurrentUserProvider class
+  Auth::DefaultCurrentUserProvider.prepend LegacyMd5Authentication
+end