From 9a96c93be71a1347a0b4f709c89589e6bac8d4de Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Wed, 5 Sep 2018 18:37:02 +0200
Subject: [PATCH] Add SessionAuthenticationPlug.

---
 .../plugs/session_authentication_plug.ex      | 18 ++++++
 .../session_authentication_plug_test.exs      | 59 +++++++++++++++++++
 2 files changed, 77 insertions(+)
 create mode 100644 lib/pleroma/plugs/session_authentication_plug.ex
 create mode 100644 test/plugs/session_authentication_plug_test.exs

diff --git a/lib/pleroma/plugs/session_authentication_plug.ex b/lib/pleroma/plugs/session_authentication_plug.ex
new file mode 100644
index 000000000..904a27952
--- /dev/null
+++ b/lib/pleroma/plugs/session_authentication_plug.ex
@@ -0,0 +1,18 @@
+defmodule Pleroma.Plugs.SessionAuthenticationPlug do
+  import Plug.Conn
+  alias Pleroma.User
+
+  def init(options) do
+    options
+  end
+
+  def call(conn, _) do
+    with saved_user_id <- get_session(conn, :user_id),
+         %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do
+      conn
+      |> assign(:user, conn.assigns.auth_user)
+    else
+      _ -> conn
+    end
+  end
+end
diff --git a/test/plugs/session_authentication_plug_test.exs b/test/plugs/session_authentication_plug_test.exs
new file mode 100644
index 000000000..bb51bc0db
--- /dev/null
+++ b/test/plugs/session_authentication_plug_test.exs
@@ -0,0 +1,59 @@
+defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Plugs.SessionAuthenticationPlug
+  alias Pleroma.User
+
+  setup %{conn: conn} do
+    session_opts = [
+      store: :cookie,
+      key: "_test",
+      signing_salt: "cooldude"
+    ]
+
+    conn =
+      conn
+      |> Plug.Session.call(Plug.Session.init(session_opts))
+      |> fetch_session
+      |> assign(:auth_user, %User{id: 1})
+
+    %{conn: conn}
+  end
+
+  test "it does nothing if a user is assigned", %{conn: conn} do
+    conn =
+      conn
+      |> assign(:user, %User{})
+
+    ret_conn =
+      conn
+      |> SessionAuthenticationPlug.call(%{})
+
+    assert ret_conn == conn
+  end
+
+  test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{
+    conn: conn
+  } do
+    conn =
+      conn
+      |> put_session(:user_id, conn.assigns.auth_user.id)
+      |> SessionAuthenticationPlug.call(%{})
+
+    assert conn.assigns.user == conn.assigns.auth_user
+  end
+
+  test "if the auth_user has a different id as the user_id in the session, it does nothing", %{
+    conn: conn
+  } do
+    conn =
+      conn
+      |> put_session(:user_id, -1)
+
+    ret_conn =
+      conn
+      |> SessionAuthenticationPlug.call(%{})
+
+    assert ret_conn == conn
+  end
+end