From c29ae7f3e471a745c02d93d77d0ef6a2a8a1db2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=BCdiger=20Diedrich?= <hallo@rdiedri.ch>
Date: Mon, 3 Jun 2024 20:39:12 +0200
Subject: [PATCH] make sure bbpassword is still in session otherwise relogin

---
 lib/something_erlang_web/user_auth.ex | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/something_erlang_web/user_auth.ex b/lib/something_erlang_web/user_auth.ex
index c1cf867..337e5b7 100644
--- a/lib/something_erlang_web/user_auth.ex
+++ b/lib/something_erlang_web/user_auth.ex
@@ -12,6 +12,7 @@ defmodule SomethingErlangWeb.UserAuth do
   @max_age 60 * 60 * 24 * 60
   @remember_me_cookie "_something_erlang_web_user_remember_me"
   @remember_me_options [sign: true, max_age: @max_age, same_site: "Lax"]
+  @bbpassword_options [sign: false, max_age: @max_age, same_site: "Lax"]
 
   @doc """
   Logs the user in.
@@ -38,7 +39,7 @@ defmodule SomethingErlangWeb.UserAuth do
   end
 
   defp put_hashcookie_in_session(conn, bbpassword) do
-    put_resp_cookie(conn, "bbpassword", bbpassword)
+    put_resp_cookie(conn, "bbpassword", bbpassword, @bbpassword_options)
   end
 
   defp maybe_write_remember_me_cookie(conn, token, %{"remember_me" => "true"}) do
@@ -185,7 +186,7 @@ defmodule SomethingErlangWeb.UserAuth do
 
   defp mount_current_user(session, socket) do
     case session do
-      %{"user_token" => user_token} ->
+      %{"user_token" => user_token, "bbpassword" => bbpw} when not is_nil(bbpw) ->
         Phoenix.Component.assign_new(socket, :current_user, fn ->
           Accounts.get_user_by_session_token(user_token)
         end)