Add SessionAuthenticationPlug.

lib/pleroma/plugs/session_authentication_plug.ex

@@ -0,0 +1,18 @@
+defmodule Pleroma.Plugs.SessionAuthenticationPlug do
+  import Plug.Conn
+  alias Pleroma.User
+
+  def init(options) do
+    options
+  end
+
+  def call(conn, _) do
+    with saved_user_id <- get_session(conn, :user_id),
+         %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do
+      conn
+      |> assign(:user, conn.assigns.auth_user)
+    else
+      _ -> conn
+    end
+  end
+end

test/plugs/session_authentication_plug_test.exs

@@ -0,0 +1,59 @@
+defmodule Pleroma.Plugs.SessionAuthenticationPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Plugs.SessionAuthenticationPlug
+  alias Pleroma.User
+
+  setup %{conn: conn} do
+    session_opts = [
+      store: :cookie,
+      key: "_test",
+      signing_salt: "cooldude"
+    ]
+
+    conn =
+      conn
+      |> Plug.Session.call(Plug.Session.init(session_opts))
+      |> fetch_session
+      |> assign(:auth_user, %User{id: 1})
+
+    %{conn: conn}
+  end
+
+  test "it does nothing if a user is assigned", %{conn: conn} do
+    conn =
+      conn
+      |> assign(:user, %User{})
+
+    ret_conn =
+      conn
+      |> SessionAuthenticationPlug.call(%{})
+
+    assert ret_conn == conn
+  end
+
+  test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{
+    conn: conn
+  } do
+    conn =
+      conn
+      |> put_session(:user_id, conn.assigns.auth_user.id)
+      |> SessionAuthenticationPlug.call(%{})
+
+    assert conn.assigns.user == conn.assigns.auth_user
+  end
+
+  test "if the auth_user has a different id as the user_id in the session, it does nothing", %{
+    conn: conn
+  } do
+    conn =
+      conn
+      |> put_session(:user_id, -1)
+
+    ret_conn =
+      conn
+      |> SessionAuthenticationPlug.call(%{})
+
+    assert ret_conn == conn
+  end
+end