diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-10-31 13:38:35 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-10-31 13:38:35 +0300 |
| commit | 04f6b48ac1a76fe9c6c3fd573427d418bc152adf (patch) | |
| tree | 8e04de0c63b91f68430a639337ce401c2b1cc9a4 /lib/pleroma/web/plugs/session_authentication_plug.ex | |
| parent | 4fbdd1c8a12fd2b3dc6b63ccbbaa7d4241fa778e (diff) | |
| download | pleroma-04f6b48ac1a76fe9c6c3fd573427d418bc152adf.tar.gz | |
Auth subsystem refactoring and tweaks.
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
Diffstat (limited to 'lib/pleroma/web/plugs/session_authentication_plug.ex')
| -rw-r--r-- | lib/pleroma/web/plugs/session_authentication_plug.ex | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/pleroma/web/plugs/session_authentication_plug.ex b/lib/pleroma/web/plugs/session_authentication_plug.ex index 6e176d553..51704e273 100644 --- a/lib/pleroma/web/plugs/session_authentication_plug.ex +++ b/lib/pleroma/web/plugs/session_authentication_plug.ex @@ -3,17 +3,27 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.SessionAuthenticationPlug do + @moduledoc """ + Authenticates user by session-stored `:user_id` and request-contained username. + Username can be provided via HTTP Basic Auth (the password is not checked and can be anything). + """ + import Plug.Conn + alias Pleroma.Helpers.AuthHelper + def init(options) do options end + def call(%{assigns: %{user: %Pleroma.User{}}} = conn, _), do: conn + def call(conn, _) do with saved_user_id <- get_session(conn, :user_id), %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do conn |> assign(:user, conn.assigns.auth_user) + |> AuthHelper.skip_oauth() else _ -> conn end |