--- /dev/null
+defmodule Pleroma.Plugs.SessionAuthenticationPlug do
+ import Plug.Conn
+ alias Pleroma.User
+
+ def init(options) do
+ options
+ end
+
+ def call(conn, _) do
+ with saved_user_id <- get_session(conn, :user_id),
+ %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do
+ conn
+ |> assign(:user, conn.assigns.auth_user)
+ else
+ _ -> conn
+ end
+ end
+end
--- /dev/null
+defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do
+ use Pleroma.Web.ConnCase, async: true
+
+ alias Pleroma.Plugs.SessionAuthenticationPlug
+ alias Pleroma.User
+
+ setup %{conn: conn} do
+ session_opts = [
+ store: :cookie,
+ key: "_test",
+ signing_salt: "cooldude"
+ ]
+
+ conn =
+ conn
+ |> Plug.Session.call(Plug.Session.init(session_opts))
+ |> fetch_session
+ |> assign(:auth_user, %User{id: 1})
+
+ %{conn: conn}
+ end
+
+ test "it does nothing if a user is assigned", %{conn: conn} do
+ conn =
+ conn
+ |> assign(:user, %User{})
+
+ ret_conn =
+ conn
+ |> SessionAuthenticationPlug.call(%{})
+
+ assert ret_conn == conn
+ end
+
+ test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{
+ conn: conn
+ } do
+ conn =
+ conn
+ |> put_session(:user_id, conn.assigns.auth_user.id)
+ |> SessionAuthenticationPlug.call(%{})
+
+ assert conn.assigns.user == conn.assigns.auth_user
+ end
+
+ test "if the auth_user has a different id as the user_id in the session, it does nothing", %{
+ conn: conn
+ } do
+ conn =
+ conn
+ |> put_session(:user_id, -1)
+
+ ret_conn =
+ conn
+ |> SessionAuthenticationPlug.call(%{})
+
+ assert ret_conn == conn
+ end
+end
projects / akkoma / commitdiff