Allow accessing the session via the actor

This is a bit sloppy (might come up with a better solution yet), but since most events provide access to the actor but not the request, this was the easiest/quickest way to allow extensions to access the session.

src/Core/User.php

@@ -30,6 +30,7 @@ use Flarum\Event\UserWasRegistered;
 use Flarum\Event\UserWasRenamed;
 use Flarum\Foundation\Application;
 use Illuminate\Contracts\Hashing\Hasher;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
 
 /**
  * @property int $id
@@ -76,6 +77,11 @@ class User extends AbstractModel
      */
     protected $permissions = null;
 
+    /**
+     * @var SessionInterface
+     */
+    protected $session;
+
     /**
      * An array of registered user preferences. Each preference is defined with
      * a key, and its value is an array containing the following keys:.
@@ -689,6 +695,22 @@ class User extends AbstractModel
         return ! $this->can($ability, $arguments);
     }
 
+    /**
+     * @return SessionInterface
+     */
+    public function getSession()
+    {
+        return $this->session;
+    }
+
+    /**
+     * @param SessionInterface $session
+     */
+    public function setSession(SessionInterface $session)
+    {
+        $this->session = $session;
+    }
+
     /**
      * Set the hasher with which to hash passwords.
      *

src/Http/Middleware/AuthenticateWithSession.php

@@ -28,6 +28,8 @@ class AuthenticateWithSession implements MiddlewareInterface
 
         $actor = $this->getActor($session);
 
+        $actor->setSession($session);
+
         $request = $request->withAttribute('actor', $actor);
 
         return $out ? $out($request, $response) : $response;