Cookie auth rework / Auth subsystem refactoring and tweaks Closes pleroma/secteam/pleroma#3 See merge request pleroma/pleroma!3112stable
commit
477c6c8e55
@ -1,8 +1,10 @@
|
||||
*.ex diff=elixir
|
||||
*.exs diff=elixir
|
||||
# At the time of writing all js/css files included
|
||||
# in the repo are minified bundles, and we don't want
|
||||
# to search/diff those as text files.
|
||||
|
||||
priv/static/instance/static.css diff=css
|
||||
|
||||
# Most of js/css files included in the repo are minified bundles,
|
||||
# and we don't want to search/diff those as text files.
|
||||
*.js binary
|
||||
*.js.map binary
|
||||
*.css binary
|
||||
|
@ -0,0 +1,46 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Helpers.AuthHelper do
|
||||
alias Pleroma.Web.Plugs.OAuthScopesPlug
|
||||
alias Plug.Conn
|
||||
|
||||
import Plug.Conn
|
||||
|
||||
@oauth_token_session_key :oauth_token
|
||||
|
||||
@doc """
|
||||
Skips OAuth permissions (scopes) checks, assigns nil `:token`.
|
||||
Intended to be used with explicit authentication and only when OAuth token cannot be determined.
|
||||
"""
|
||||
def skip_oauth(conn) do
|
||||
conn
|
||||
|> assign(:token, nil)
|
||||
|> OAuthScopesPlug.skip_plug()
|
||||
end
|
||||
|
||||
@doc "Drops authentication info from connection"
|
||||
def drop_auth_info(conn) do
|
||||
# To simplify debugging, setting a private variable on `conn` if auth info is dropped
|
||||
conn
|
||||
|> assign(:user, nil)
|
||||
|> assign(:token, nil)
|
||||
|> put_private(:authentication_ignored, true)
|
||||
end
|
||||
|
||||
@doc "Gets OAuth token string from session"
|
||||
def get_session_token(%Conn{} = conn) do
|
||||
get_session(conn, @oauth_token_session_key)
|
||||
end
|
||||
|
||||
@doc "Updates OAuth token string in session"
|
||||
def put_session_token(%Conn{} = conn, token) when is_binary(token) do
|
||||
put_session(conn, @oauth_token_session_key, token)
|
||||
end
|
||||
|
||||
@doc "Deletes OAuth token string from session"
|
||||
def delete_session_token(%Conn{} = conn) do
|
||||
delete_session(conn, @oauth_token_session_key)
|
||||
end
|
||||
end
|
@ -1,18 +0,0 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.EnsureUserKeyPlug do
|
||||
import Plug.Conn
|
||||
|
||||
def init(opts) do
|
||||
opts
|
||||
end
|
||||
|
||||
def call(%{assigns: %{user: _}} = conn, _), do: conn
|
||||
|
||||
def call(conn, _) do
|
||||
conn
|
||||
|> assign(:user, nil)
|
||||
end
|
||||
end
|
@ -0,0 +1,36 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug do
|
||||
import Plug.Conn
|
||||
|
||||
alias Pleroma.Helpers.AuthHelper
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
@moduledoc "Ensures presence and consistency of :user and :token assigns."
|
||||
|
||||
def init(opts) do
|
||||
opts
|
||||
end
|
||||
|
||||
def call(%{assigns: %{user: %User{id: user_id}} = assigns} = conn, _) do
|
||||
with %Token{user_id: ^user_id} <- assigns[:token] do
|
||||
conn
|
||||
else
|
||||
%Token{} ->
|
||||
# A safety net for abnormal (unexpected) scenario: :token belongs to another user
|
||||
AuthHelper.drop_auth_info(conn)
|
||||
|
||||
_ ->
|
||||
assign(conn, :token, nil)
|
||||
end
|
||||
end
|
||||
|
||||
def call(conn, _) do
|
||||
conn
|
||||
|> assign(:user, nil)
|
||||
|> assign(:token, nil)
|
||||
end
|
||||
end
|
@ -1,41 +0,0 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.LegacyAuthenticationPlug do
|
||||
import Plug.Conn
|
||||
|
||||
alias Pleroma.User
|
||||
|
||||
def init(options) do
|
||||
options
|
||||
end
|
||||
|
||||
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
|
||||
|
||||
def call(
|
||||
%{
|
||||
assigns: %{
|
||||
auth_user: %{password_hash: "$6$" <> _ = password_hash} = auth_user,
|
||||
auth_credentials: %{password: password}
|
||||
}
|
||||
} = conn,
|
||||
_
|
||||
) do
|
||||
with ^password_hash <- :crypt.crypt(password, password_hash),
|
||||
{:ok, user} <-
|
||||
User.reset_password(auth_user, %{password: password, password_confirmation: password}) do
|
||||
conn
|
||||
|> assign(:auth_user, user)
|
||||
|> assign(:user, user)
|
||||
|> Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug()
|
||||
else
|
||||
_ ->
|
||||
conn
|
||||
end
|
||||
end
|
||||
|
||||
def call(conn, _) do
|
||||
conn
|
||||
end
|
||||
end
|
@ -1,21 +0,0 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.SessionAuthenticationPlug do
|
||||
import Plug.Conn
|
||||
|
||||
def init(options) do
|
||||
options
|
||||
end
|
||||
|
||||
def call(conn, _) do
|
||||
with saved_user_id <- get_session(conn, :user_id),
|
||||
%{auth_user: %{id: ^saved_user_id}} <- conn.assigns do
|
||||
conn
|
||||
|> assign(:user, conn.assigns.auth_user)
|
||||
else
|
||||
_ -> conn
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,296 @@
|
||||
* {
|
||||
box-sizing: border-box;
|
||||
}
|
||||
|
||||
:root {
|
||||
--brand-color: #d8a070;
|
||||
--background-color: #121a24;
|
||||
--foreground-color: #182230;
|
||||
--primary-text-color: #b9b9ba;
|
||||
--muted-text-color: #89898a;
|
||||
}
|
||||
|
||||
body {
|
||||
background-color: var(--background-color);
|
||||
font-family: sans-serif;
|
||||
color: var(--primary-text-color);
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.instance-header {
|
||||
height: 60px;
|
||||
padding: 10px;
|
||||
background: var(--foreground-color);
|
||||
box-shadow: 0 1px 4px 0px rgba(0, 0, 0, 0.5);
|
||||
}
|
||||
|
||||
.instance-header__content {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
max-width: 400px;
|
||||
margin: 0 auto;
|
||||
}
|
||||
|
||||
.instance-header__thumbnail {
|
||||
max-width: 40px;
|
||||
border-radius: 4px;
|
||||
margin-right: 12px;
|
||||
}
|
||||
|
||||
.instance-header__title {
|
||||
font-size: 16px;
|
||||
font-weight: bold;
|
||||
color: var(--primary-text-color);
|
||||
}
|
||||
|
||||
.container {
|
||||
max-width: 400px;
|
||||
background-color: var(--foreground-color);
|
||||
border-radius: 4px;
|
||||
overflow: hidden;
|
||||
margin: 35px auto;
|
||||
box-shadow: 0 1px 4px 0px rgba(0, 0, 0, 0.5);
|
||||
}
|
||||
|
||||
.container__content {
|
||||
padding: 0 20px;
|
||||
}
|
||||
|
||||
h1 {
|
||||
margin: 0;
|
||||
font-size: 24px;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
h2 {
|
||||
color: var(--primary-text-color);
|
||||
font-weight: normal;
|
||||
font-size: 18px;
|
||||
margin-bottom: 20px;
|
||||
}
|
||||
|
||||
a {
|
||||
color: var(--brand-color);
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
form {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.input {
|
||||
color: var(--muted-text-color);
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
}
|
||||
|
||||
input {
|
||||
box-sizing: content-box;
|
||||
padding: 10px;
|
||||
margin-top: 5px;
|
||||
margin-bottom: 10px;
|
||||
background-color: var(--background-color);
|
||||
color: var(--primary-text-color);
|
||||
border: 0;
|
||||
transition-property: border-bottom;
|
||||
transition-duration: 0.35s;
|
||||
border-bottom: 2px solid #2a384a;
|
||||
font-size: 14px;
|
||||
}
|
||||
|
||||
.scopes-input {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
margin: 1em 0;
|
||||
color: var(--muted-text-color);
|
||||
}
|
||||
|
||||
.scopes-input label:first-child {
|
||||
height: 2em;
|
||||
}
|
||||
|
||||
.scopes {
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
color: var(--primary-text-color);
|
||||
}
|
||||
|
||||
.scope {
|
||||
display: flex;
|
||||
flex-basis: 100%;
|
||||
height: 2em;
|
||||
align-items: center;
|
||||
}
|
||||
|
||||
.scope:before {
|
||||
color: var(--primary-text-color);
|
||||
content: "✔\fe0e";
|
||||
margin-left: 1em;
|
||||
margin-right: 1em;
|
||||
}
|
||||
|
||||
[type="checkbox"] + label {
|
||||
display: none;
|
||||
cursor: pointer;
|
||||
margin: 0.5em;
|
||||
}
|
||||
|
||||
[type="checkbox"] {
|
||||
display: none;
|
||||
}
|
||||
|
||||
[type="checkbox"] + label:before {
|
||||
cursor: pointer;
|
||||
display: inline-block;
|
||||
color: white;
|
||||
background-color: var(--background-color);
|
||||
border: 4px solid var(--background-color);
|
||||
box-shadow: 0px 0px 1px 0 var(--brand-color);
|
||||
width: 1.2em;
|
||||
height: 1.2em;
|
||||
margin-right: 1.0em;
|
||||
content: "";
|
||||
transition-property: background-color;
|
||||
transition-duration: 0.35s;
|
||||
color: var(--background-color);
|
||||
margin-bottom: -0.2em;
|
||||
border-radius: 2px;
|
||||
}
|
||||
|
||||
[type="checkbox"]:checked + label:before {
|
||||
background-color: var(--brand-color);
|
||||
}
|
||||
|
||||
input:focus {
|
||||
outline: none;
|
||||
border-bottom: 2px solid var(--brand-color);
|
||||
}
|
||||
|
||||
.actions {
|
||||
display: flex;
|
||||
justify-content: flex-end;
|
||||
}
|
||||
|
||||
.actions button,
|
||||
.actions a.button {
|
||||
width: auto;
|
||||
margin-left: 10px;
|
||||
}
|
||||
|
||||
a.button,
|
||||
button {
|
||||
width: 100%;
|
||||
background-color: #1c2a3a;
|
||||
color: var(--primary-text-color);
|
||||
border-radius: 4px;
|
||||
border: none;
|
||||
padding: 10px 16px;
|
||||
margin-top: 20px;
|
||||
margin-bottom: 20px;
|
||||
text-transform: uppercase;
|
||||
font-size: 16px;
|
||||
box-shadow: 0px 0px 2px 0px black,
|
||||
0px 1px 0px 0px rgba(255, 255, 255, 0.2) inset,
|
||||
0px -1px 0px 0px rgba(0, 0, 0, 0.2) inset;
|
||||
}
|
||||
|
||||
a.button:hover,
|
||||
button:hover {
|
||||
cursor: pointer;
|
||||
box-shadow: 0px 0px 0px 1px var(--brand-color),
|
||||
0px 1px 0px 0px rgba(255, 255, 255, 0.2) inset,
|
||||
0px -1px 0px 0px rgba(0, 0, 0, 0.2) inset;
|
||||
}
|
||||
|
||||
.alert-danger {
|
||||
width: 100%;
|
||||
background-color: #931014;
|
||||
border: 1px solid #a06060;
|
||||
border-radius: 4px;
|
||||
padding: 10px;
|
||||
margin-top: 20px;
|
||||
font-weight: 500;
|
||||
font-size: 16px;
|
||||
}
|
||||
|
||||
.alert-info {
|
||||
width: 100%;
|
||||
border-radius: 4px;
|
||||
border: 1px solid #7d796a;
|
||||
padding: 10px;
|
||||
margin-top: 20px;
|
||||
font-weight: 500;
|
||||
font-size: 16px;
|
||||
}
|
||||
|
||||
.account-header__banner {
|
||||
width: 100%;
|
||||
height: 112px;
|
||||
background-size: cover;
|
||||
background-position: center;
|
||||
}
|
||||
|
||||
.account-header__avatar {
|
||||
width: 94px;
|
||||
height: 94px;
|
||||
background-size: cover;
|
||||
background-position: center;
|
||||
margin: -47px 10px 0;
|
||||
border: 6px solid var(--foreground-color);
|
||||
border-radius: 999px;
|
||||
}
|
||||
|
||||
.account-header__meta {
|
||||
padding: 6px 20px 17px;
|
||||
}
|
||||
|
||||
.account-header__display-name {
|
||||
font-size: 20px;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.account-header__nickname {
|
||||
font-size: 14px;
|
||||
color: var(--muted-text-color);
|
||||
}
|
||||
|
||||
@media all and (max-width: 420px) {
|
||||
.container {
|
||||
margin: 0 auto;
|
||||
border-radius: 0;
|
||||
}
|
||||
|
||||
.scope {
|
||||
flex-basis: 0%;
|
||||
}
|
||||
|
||||
.scope:before {
|
||||
content: "";
|
||||
margin-left: 0em;
|
||||
margin-right: 1em;
|
||||
}
|
||||
|
||||
.scope:first-child:before {
|
||||
margin-left: 1em;
|
||||
content: "✔\fe0e";
|
||||
}
|
||||
|
||||
.scope:after {
|
||||
content: ",";
|
||||
}
|
||||
|
||||
.scope:last-child:after {
|
||||
content: "";
|
||||
}
|
||||
}
|
||||
.form-row {
|
||||
display: flex;
|
||||
}
|
||||
.form-row > label {
|
||||
line-height: 47px;
|
||||
flex: 1;
|
||||
}
|
||||
.form-row > input {
|
||||
flex: 2;
|
||||
}
|
@ -1,29 +0,0 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.EnsureUserKeyPlugTest do
|
||||
use Pleroma.Web.ConnCase, async: true
|
||||
|
||||
alias Pleroma.Web.Plugs.EnsureUserKeyPlug
|
||||
|
||||
test "if the conn has a user key set, it does nothing", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, 1)
|
||||
|
||||
ret_conn =
|
||||
conn
|
||||
|> EnsureUserKeyPlug.call(%{})
|
||||
|
||||
assert conn == ret_conn
|
||||
end
|
||||
|
||||
test "if the conn has no key set, it sets it to nil", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> EnsureUserKeyPlug.call(%{})
|
||||
|
||||
assert Map.has_key?(conn.assigns, :user)
|
||||
end
|
||||
end
|
@ -0,0 +1,69 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.EnsureUserTokenAssignsPlugTest do
|
||||
use Pleroma.Web.ConnCase, async: true
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
alias Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug
|
||||
|
||||
test "with :user assign set to a User record " <>
|
||||
"and :token assign set to a Token belonging to this user, " <>
|
||||
"it does nothing" do
|
||||
%{conn: conn} = oauth_access(["read"])
|
||||
|
||||
ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
|
||||
|
||||
assert conn == ret_conn
|
||||
end
|
||||
|
||||
test "with :user assign set to a User record " <>
|
||||
"but :token assign not set or not a Token, " <>
|
||||
"it assigns :token to `nil`",
|
||||
%{conn: conn} do
|
||||
user = insert(:user)
|
||||
conn = assign(conn, :user, user)
|
||||
|
||||
ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
|
||||
|
||||
assert %{token: nil} = ret_conn.assigns
|
||||
|
||||
ret_conn2 =
|
||||
conn
|
||||
|> assign(:token, 1)
|
||||
|> EnsureUserTokenAssignsPlug.call(%{})
|
||||
|
||||
assert %{token: nil} = ret_conn2.assigns
|
||||
end
|
||||
|
||||
# Abnormal (unexpected) scenario
|
||||
test "with :user assign set to a User record " <>
|
||||
"but :token assign set to a Token NOT belonging to :user, " <>
|
||||
"it drops auth info" do
|
||||
%{conn: conn} = oauth_access(["read"])
|
||||
other_user = insert(:user)
|
||||
|
||||
conn = assign(conn, :user, other_user)
|
||||
|
||||
ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
|
||||
|
||||
assert %{user: nil, token: nil} = ret_conn.assigns
|
||||
end
|
||||
|
||||
test "if :user assign is not set to a User record, it sets :user and :token to nil", %{
|
||||
conn: conn
|
||||
} do
|
||||
ret_conn = EnsureUserTokenAssignsPlug.call(conn, %{})
|
||||
|
||||
assert %{user: nil, token: nil} = ret_conn.assigns
|
||||
|
||||
ret_conn2 =
|
||||
conn
|
||||
|> assign(:user, 1)
|
||||
|> EnsureUserTokenAssignsPlug.call(%{})
|
||||
|
||||
assert %{user: nil, token: nil} = ret_conn2.assigns
|
||||
end
|
||||
end
|
@ -1,82 +0,0 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.LegacyAuthenticationPlugTest do
|
||||
use Pleroma.Web.ConnCase
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.Plugs.LegacyAuthenticationPlug
|
||||
alias Pleroma.Web.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.Web.Plugs.PlugHelper
|
||||
|
||||
setup do
|
||||
user =
|
||||
insert(:user,
|
||||
password: "password",
|
||||
password_hash:
|
||||
"$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
|
||||
)
|
||||
|
||||
%{user: user}
|
||||
end
|
||||
|
||||
test "it does nothing if a user is assigned", %{conn: conn, user: user} do
|
||||
conn =
|
||||
conn
|
||||
|> assign(:auth_credentials, %{username: "dude", password: "password"})
|
||||
|> assign(:auth_user, user)
|
||||
|> assign(:user, %User{})
|
||||
|
||||
ret_conn =
|
||||
conn
|
||||
|> LegacyAuthenticationPlug.call(%{})
|
||||
|
||||
assert ret_conn == conn
|
||||
end
|
||||
|
||||
@tag :skip_on_mac
|
||||
test "if `auth_user` is present and password is correct, " <>
|
||||
"it authenticates the user, resets the password, marks OAuthScopesPlug as skipped",
|
||||
%{
|
||||
conn: conn,
|
||||
user: user
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> assign(:auth_credentials, %{username: "dude", password: "password"})
|
||||
|> assign(:auth_user, user)
|
||||
|
||||
conn = LegacyAuthenticationPlug.call(conn, %{})
|
||||
|
||||
assert conn.assigns.user.id == user.id
|
||||
assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
|
||||
end
|
||||
|
||||
@tag :skip_on_mac
|
||||
test "it does nothing if the password is wrong", %{
|
||||
conn: conn,
|
||||
user: user
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> assign(:auth_credentials, %{username: "dude", password: "wrong_password"})
|
||||
|> assign(:auth_user, user)
|
||||
|
||||
ret_conn =
|
||||
conn
|
||||
|> LegacyAuthenticationPlug.call(%{})
|
||||
|
||||
assert conn == ret_conn
|
||||
end
|
||||
|
||||
test "with no credentials or user it does nothing", %{conn: conn} do
|
||||
ret_conn =
|
||||
conn
|
||||
|> LegacyAuthenticationPlug.call(%{})
|
||||
|
||||
assert ret_conn == conn
|
||||
end
|
||||
end
|
@ -1,63 +0,0 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.Plugs.SessionAuthenticationPlugTest do
|
||||
use Pleroma.Web.ConnCase, async: true
|
||||
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.Plugs.SessionAuthenticationPlug
|
||||
|
||||
setup %{conn: conn} do
|
||||
session_opts = [
|
||||
store: :cookie,
|
||||
key: "_test",
|
||||
signing_salt: "cooldude"
|
||||
]
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> Plug.Session.call(Plug.Session.init(session_opts))
|
||||
|> fetch_session
|
||||
|> assign(:auth_user, %User{id: 1})
|
||||
|
||||
%{conn: conn}
|
||||
end
|
||||
|
||||
test "it does nothing if a user is assigned", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> assign(:user, %User{})
|
||||
|
||||
ret_conn =
|
||||
conn
|
||||
|> SessionAuthenticationPlug.call(%{})
|
||||
|
||||
assert ret_conn == conn
|
||||
end
|
||||
|
||||
test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{
|
||||
conn: conn
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> put_session(:user_id, conn.assigns.auth_user.id)
|
||||
|> SessionAuthenticationPlug.call(%{})
|
||||
|
||||
assert conn.assigns.user == conn.assigns.auth_user
|
||||
end
|
||||
|
||||
test "if the auth_user has a different id as the user_id in the session, it does nothing", %{
|
||||
conn: conn
|
||||
} do
|
||||
conn =
|
||||
conn
|
||||
|> put_session(:user_id, -1)
|
||||
|
||||
ret_conn =
|
||||
conn
|
||||
|> SessionAuthenticationPlug.call(%{})
|
||||
|
||||
assert ret_conn == conn
|
||||
end
|
||||
end
|
Loading…
Reference in new issue