diff options
| author | lain <lain@soykaf.club> | 2018-09-05 18:37:02 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2018-09-05 18:37:02 +0200 |
| commit | 9a96c93be71a1347a0b4f709c89589e6bac8d4de (patch) | |
| tree | 5e0cb8f5b33f5b9852478c5de48eb3bca8359fb2 | |
| parent | a3f54fca4d67fd7938ae00752c2cd409b6cf15ae (diff) | |
| download | pleroma-9a96c93be71a1347a0b4f709c89589e6bac8d4de.tar.gz | |
Add SessionAuthenticationPlug.
| -rw-r--r-- | lib/pleroma/plugs/session_authentication_plug.ex | 18 | ||||
| -rw-r--r-- | test/plugs/session_authentication_plug_test.exs | 59 |
2 files changed, 77 insertions, 0 deletions
diff --git a/lib/pleroma/plugs/session_authentication_plug.ex b/lib/pleroma/plugs/session_authentication_plug.ex new file mode 100644 index 000000000..904a27952 --- /dev/null +++ b/lib/pleroma/plugs/session_authentication_plug.ex @@ -0,0 +1,18 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(conn, _) do + with saved_user_id <- get_session(conn, :user_id), + %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do + conn + |> assign(:user, conn.assigns.auth_user) + else + _ -> conn + end + end +end diff --git a/test/plugs/session_authentication_plug_test.exs b/test/plugs/session_authentication_plug_test.exs new file mode 100644 index 000000000..bb51bc0db --- /dev/null +++ b/test/plugs/session_authentication_plug_test.exs @@ -0,0 +1,59 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do + use Pleroma.Web.ConnCase, async: true + + alias Pleroma.Plugs.SessionAuthenticationPlug + alias Pleroma.User + + setup %{conn: conn} do + session_opts = [ + store: :cookie, + key: "_test", + signing_salt: "cooldude" + ] + + conn = + conn + |> Plug.Session.call(Plug.Session.init(session_opts)) + |> fetch_session + |> assign(:auth_user, %User{id: 1}) + + %{conn: conn} + end + + test "it does nothing if a user is assigned", %{conn: conn} do + conn = + conn + |> assign(:user, %User{}) + + ret_conn = + conn + |> SessionAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end + + test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{ + conn: conn + } do + conn = + conn + |> put_session(:user_id, conn.assigns.auth_user.id) + |> SessionAuthenticationPlug.call(%{}) + + assert conn.assigns.user == conn.assigns.auth_user + end + + test "if the auth_user has a different id as the user_id in the session, it does nothing", %{ + conn: conn + } do + conn = + conn + |> put_session(:user_id, -1) + + ret_conn = + conn + |> SessionAuthenticationPlug.call(%{}) + + assert ret_conn == conn + end +end |