Pleroma/lib/pleroma/web/plugs/session_authentication_plug.ex

32 lines
864 B
Elixir
Raw Normal View History

# Pleroma: A lightweight social networking server
2020-03-03 23:44:49 +01:00
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
2020-06-24 08:27:29 +02:00
defmodule Pleroma.Web.Plugs.SessionAuthenticationPlug do
@moduledoc """
Authenticates user by session-stored `:user_id` and request-contained username.
Username can be provided via HTTP Basic Auth (the password is not checked and can be anything).
"""
2018-09-05 18:37:02 +02:00
import Plug.Conn
alias Pleroma.Helpers.AuthHelper
2018-09-05 18:37:02 +02:00
def init(options) do
options
end
def call(%{assigns: %{user: %Pleroma.User{}}} = conn, _), do: conn
2018-09-05 18:37:02 +02:00
def call(conn, _) do
with saved_user_id <- get_session(conn, :user_id),
%{auth_user: %{id: ^saved_user_id}} <- conn.assigns do
conn
|> assign(:user, conn.assigns.auth_user)
|> AuthHelper.skip_oauth()
2018-09-05 18:37:02 +02:00
else
_ -> conn
end
end
end