commit: f98ee9402fcafff362ab2446f386214d7a5c41c7
parent: a3da8a56b6a49be273e47026badfcd1c100abd6a
Author: kaniini <nenolod@gmail.com>
Date: Wed, 19 Dec 2018 00:12:39 +0000
Merge branch 'userless-admin' into 'develop'
Add a way to use the admin api without a user.
See merge request pleroma/pleroma!576
Diffstat:
4 files changed, 78 insertions(+), 2 deletions(-)
diff --git a/config/config.md b/config/config.md
@@ -174,4 +174,17 @@ Kocaptcha is a very simple captcha service with a single API endpoint,
the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint
`https://captcha.kotobank.ch` is hosted by the developer.
-* `endpoint`: the kocaptcha endpoint to use-
\ No newline at end of file
+* `endpoint`: the kocaptcha endpoint to use
+
+## :admin_token
+
+Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the 'admin_token' parameter. Example:
+
+```
+config :pleroma, :admin_token, "somerandomtoken"
+```
+
+You can then do
+```
+curl "http://localhost:4000/api/pleroma/admin/invite_token?admin_token=somerandomtoken"
+```
diff --git a/lib/pleroma/plugs/admin_secret_authentication_plug.ex b/lib/pleroma/plugs/admin_secret_authentication_plug.ex
@@ -0,0 +1,25 @@
+defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
+ import Plug.Conn
+ alias Pleroma.User
+
+ def init(options) do
+ options
+ end
+
+ def secret_token do
+ Pleroma.Config.get(:admin_token)
+ end
+
+ def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
+
+ def call(%{params: %{"admin_token" => admin_token}} = conn, _) do
+ if secret_token() && admin_token == secret_token() do
+ conn
+ |> assign(:user, %User{info: %{is_admin: true}})
+ else
+ conn
+ end
+ end
+
+ def call(conn, _), do: conn
+end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -38,6 +38,7 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Plugs.SessionAuthenticationPlug)
plug(Pleroma.Plugs.LegacyAuthenticationPlug)
plug(Pleroma.Plugs.AuthenticationPlug)
+ plug(Pleroma.Plugs.AdminSecretAuthenticationPlug)
plug(Pleroma.Plugs.UserEnabledPlug)
plug(Pleroma.Plugs.SetUserSessionIdPlug)
plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
diff --git a/test/plugs/admin_secret_authentication_plug_test.exs b/test/plugs/admin_secret_authentication_plug_test.exs
@@ -0,0 +1,38 @@
+defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
+ use Pleroma.Web.ConnCase, async: true
+ import Pleroma.Factory
+
+ alias Pleroma.Plugs.AdminSecretAuthenticationPlug
+
+ test "does nothing if a user is assigned", %{conn: conn} do
+ user = insert(:user)
+
+ conn =
+ conn
+ |> assign(:user, user)
+
+ ret_conn =
+ conn
+ |> AdminSecretAuthenticationPlug.call(%{})
+
+ assert conn == ret_conn
+ end
+
+ test "with secret set and given in the 'admin_token' parameter, it assigns an admin user", %{
+ conn: conn
+ } do
+ Pleroma.Config.put(:admin_token, "password123")
+
+ conn =
+ %{conn | params: %{"admin_token" => "wrong_password"}}
+ |> AdminSecretAuthenticationPlug.call(%{})
+
+ refute conn.assigns[:user]
+
+ conn =
+ %{conn | params: %{"admin_token" => "password123"}}
+ |> AdminSecretAuthenticationPlug.call(%{})
+
+ assert conn.assigns[:user].info.is_admin
+ end
+end
