FEATURE: allow system api to target users via external id or user id

usage ?api_key=XYZ&api_user_external_id=ABC
usage ?api_key=XYZ&api_user_id=123

lib/auth/default_current_user_provider.rb

@@ -259,6 +259,10 @@ class Auth::DefaultCurrentUserProvider
         api_key.user if !api_username || (api_key.user.username_lower == api_username.downcase)
       elsif api_username
         User.find_by(username_lower: api_username.downcase)
+      elsif user_id = request["api_user_id"]
+        User.find_by(id: user_id.to_i)
+      elsif external_id = request["api_user_external_id"]
+        SingleSignOnRecord.find_by(external_id: external_id.to_s).try(:user)
       end
     end
   end

spec/components/auth/default_current_user_provider_spec.rb

@@ -88,6 +88,19 @@ describe Auth::DefaultCurrentUserProvider do
       expect(provider("/?api_key=hello&api_username=#{user.username.downcase}").current_user.id).to eq(user.id)
     end
 
+    it "finds a user for a correct system api key with external id" do
+      user = Fabricate(:user)
+      ApiKey.create!(key: "hello", created_by_id: -1)
+      SingleSignOnRecord.create(user_id: user.id, external_id: "abc", last_payload: '')
+      expect(provider("/?api_key=hello&api_user_external_id=abc").current_user.id).to eq(user.id)
+    end
+
+    it "finds a user for a correct system api key with id" do
+      user = Fabricate(:user)
+      ApiKey.create!(key: "hello", created_by_id: -1)
+      expect(provider("/?api_key=hello&api_user_id=#{user.id}").current_user.id).to eq(user.id)
+    end
+
     context "rate limiting" do
       before do
         RateLimiter.enable