Support authentication via `x-admin-token` HTTP header
This commit is contained in:
parent
06151776c0
commit
36686f5245
|
@ -30,6 +30,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Admin API: Return `total` when querying for reports
|
- Admin API: Return `total` when querying for reports
|
||||||
- Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
|
- Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
|
||||||
- Admin API: Return link alongside with token on password reset
|
- Admin API: Return link alongside with token on password reset
|
||||||
|
- Admin API: Support authentication via `x-admin-token` HTTP header
|
||||||
- Mastodon API: Add `pleroma.direct_conversation_id` to the status endpoint (`GET /api/v1/statuses/:id`)
|
- Mastodon API: Add `pleroma.direct_conversation_id` to the status endpoint (`GET /api/v1/statuses/:id`)
|
||||||
- Mastodon API: `pleroma.thread_muted` to the Status entity
|
- Mastodon API: `pleroma.thread_muted` to the Status entity
|
||||||
- Mastodon API: Mark the direct conversation as read for the author when they send a new direct message
|
- Mastodon API: Mark the direct conversation as read for the author when they send a new direct message
|
||||||
|
|
|
@ -656,7 +656,7 @@ Feel free to adjust the priv_dir and port number. Then you will have to create t
|
||||||
|
|
||||||
### :admin_token
|
### :admin_token
|
||||||
|
|
||||||
Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the 'admin_token' parameter. Example:
|
Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the `admin_token` parameter or `x-admin-token` HTTP header. Example:
|
||||||
|
|
||||||
```elixir
|
```elixir
|
||||||
config :pleroma, :admin_token, "somerandomtoken"
|
config :pleroma, :admin_token, "somerandomtoken"
|
||||||
|
@ -664,8 +664,14 @@ config :pleroma, :admin_token, "somerandomtoken"
|
||||||
|
|
||||||
You can then do
|
You can then do
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
curl "http://localhost:4000/api/pleroma/admin/invite_token?admin_token=somerandomtoken"
|
curl "http://localhost:4000/api/pleroma/admin/users/invites?admin_token=somerandomtoken"
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```shell
|
||||||
|
curl -H "X-Admin-Token: somerandomtoken" "http://localhost:4000/api/pleroma/admin/users/invites"
|
||||||
```
|
```
|
||||||
|
|
||||||
### :auth
|
### :auth
|
||||||
|
|
|
@ -16,14 +16,28 @@ def secret_token do
|
||||||
|
|
||||||
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
|
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
|
||||||
|
|
||||||
def call(%{params: %{"admin_token" => admin_token}} = conn, _) do
|
def call(conn, _) do
|
||||||
if secret_token() && admin_token == secret_token() do
|
if secret_token() do
|
||||||
conn
|
authenticate(conn)
|
||||||
|> assign(:user, %User{is_admin: true})
|
|
||||||
else
|
else
|
||||||
conn
|
conn
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def call(conn, _), do: conn
|
def authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
|
||||||
|
if admin_token == secret_token() do
|
||||||
|
assign(conn, :user, %User{is_admin: true})
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def authenticate(conn) do
|
||||||
|
token = secret_token()
|
||||||
|
|
||||||
|
case get_req_header(conn, "x-admin-token") do
|
||||||
|
[^token] -> assign(conn, :user, %User{is_admin: true})
|
||||||
|
_ -> conn
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -22,9 +22,8 @@ test "does nothing if a user is assigned", %{conn: conn} do
|
||||||
assert conn == ret_conn
|
assert conn == ret_conn
|
||||||
end
|
end
|
||||||
|
|
||||||
test "with secret set and given in the 'admin_token' parameter, it assigns an admin user", %{
|
describe "when secret set it assigns an admin user" do
|
||||||
conn: conn
|
test "with `admin_token` query parameter", %{conn: conn} do
|
||||||
} do
|
|
||||||
Pleroma.Config.put(:admin_token, "password123")
|
Pleroma.Config.put(:admin_token, "password123")
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
|
@ -39,4 +38,23 @@ test "with secret set and given in the 'admin_token' parameter, it assigns an ad
|
||||||
|
|
||||||
assert conn.assigns[:user].is_admin
|
assert conn.assigns[:user].is_admin
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "with `x-admin-token` HTTP header", %{conn: conn} do
|
||||||
|
Pleroma.Config.put(:admin_token, "☕️")
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("x-admin-token", "🥛")
|
||||||
|
|> AdminSecretAuthenticationPlug.call(%{})
|
||||||
|
|
||||||
|
refute conn.assigns[:user]
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header("x-admin-token", "☕️")
|
||||||
|
|> AdminSecretAuthenticationPlug.call(%{})
|
||||||
|
|
||||||
|
assert conn.assigns[:user].is_admin
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue