X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Fauthentication_plug.ex;h=a3317f432d5de1041b67e76ba754bfa3dc4c9073;hb=32aa83f3a2a6ab14e36a3452708ea3be94ad4c43;hp=76a4710c18f6c27416e3d62bc14c4650c7242725;hpb=e32dbfc9a5477830dba7bf3e99621161e4454a29;p=akkoma

diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex
index 76a4710c1..a3317f432 100644
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@@ -8,21 +8,29 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
   def call(conn, opts) do
     with {:ok, username, password} <- decode_header(conn),
          {:ok, user} <- opts[:fetcher].(username),
-         {:ok, verified_user} <- verify(user, password)
+         saved_user_id <- get_session(conn, :user_id),
+         {:ok, verified_user} <- verify(user, password, saved_user_id)
     do
-      conn |> assign(:user, verified_user)
+      conn
+      |> assign(:user, verified_user)
+      |> put_session(:user_id, verified_user.id)
     else
       _ -> conn |> halt_or_continue(opts)
     end
   end
 
-  defp verify(nil, _password) do
+  # Short-circuit if we have a cookie with the id for the given user.
+  defp verify(%{id: id} = user, _password, id) do
+    {:ok, user}
+  end
+
+  defp verify(nil, _password, _user_id) do
     Comeonin.Pbkdf2.dummy_checkpw
     :error
   end
 
-  defp verify(user, password) do
-    if Comeonin.Pbkdf2.checkpw(password, user[:password_hash]) do
+  defp verify(user, password, _user_id) do
+    if Comeonin.Pbkdf2.checkpw(password, user.password_hash) do
       {:ok, user}
     else
       :error