1 files changed, 10 insertions, 0 deletions

diff --git a/lib/pleroma/web/plugs/session_authentication_plug.ex b/lib/pleroma/web/plugs/session_authentication_plug.ex
index 6e176d553..51704e273 100644
--- a/lib/pleroma/web/plugs/session_authentication_plug.ex
+++ b/lib/pleroma/web/plugs/session_authentication_plug.ex
@@ -3,17 +3,27 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.Plugs.SessionAuthenticationPlug do
+  @moduledoc """
+  Authenticates user by session-stored `:user_id` and request-contained username.
+  Username can be provided via HTTP Basic Auth (the password is not checked and can be anything).
+  """
+
   import Plug.Conn
 
+  alias Pleroma.Helpers.AuthHelper
+
   def init(options) do
     options
   end
 
+  def call(%{assigns: %{user: %Pleroma.User{}}} = conn, _), do: conn
+
   def call(conn, _) do
     with saved_user_id <- get_session(conn, :user_id),
          %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do
       conn
       |> assign(:user, conn.assigns.auth_user)
+      |> AuthHelper.skip_oauth()
     else
       _ -> conn
     end