Add a way to use the admin api without a user.
This commit is contained in:
parent
443d59baa0
commit
f3eb414e28
|
@ -174,4 +174,17 @@ Kocaptcha is a very simple captcha service with a single API endpoint,
|
||||||
the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint
|
the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint
|
||||||
`https://captcha.kotobank.ch` is hosted by the developer.
|
`https://captcha.kotobank.ch` is hosted by the developer.
|
||||||
|
|
||||||
* `endpoint`: the kocaptcha endpoint to use
|
* `endpoint`: the kocaptcha endpoint to use
|
||||||
|
|
||||||
|
## :admin_token
|
||||||
|
|
||||||
|
Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the 'admin_token' parameter. Example:
|
||||||
|
|
||||||
|
```
|
||||||
|
config :pleroma, :admin_token, "somerandomtoken"
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then do
|
||||||
|
```
|
||||||
|
curl "http://localhost:4000/api/pleroma/admin/invite_token?admin_token=somerandomtoken"
|
||||||
|
```
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
|
||||||
|
import Plug.Conn
|
||||||
|
alias Pleroma.User
|
||||||
|
|
||||||
|
def init(options) do
|
||||||
|
options
|
||||||
|
end
|
||||||
|
|
||||||
|
def secret_token do
|
||||||
|
Pleroma.Config.get(:admin_token)
|
||||||
|
end
|
||||||
|
|
||||||
|
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
|
||||||
|
|
||||||
|
def call(%{params: %{"admin_token" => admin_token}} = conn, _) do
|
||||||
|
if secret_token() && admin_token == secret_token() do
|
||||||
|
conn
|
||||||
|
|> assign(:user, %User{info: %{is_admin: true}})
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def call(conn, _), do: conn
|
||||||
|
end
|
|
@ -38,6 +38,7 @@ defmodule Pleroma.Web.Router do
|
||||||
plug(Pleroma.Plugs.SessionAuthenticationPlug)
|
plug(Pleroma.Plugs.SessionAuthenticationPlug)
|
||||||
plug(Pleroma.Plugs.LegacyAuthenticationPlug)
|
plug(Pleroma.Plugs.LegacyAuthenticationPlug)
|
||||||
plug(Pleroma.Plugs.AuthenticationPlug)
|
plug(Pleroma.Plugs.AuthenticationPlug)
|
||||||
|
plug(Pleroma.Plugs.AdminSecretAuthenticationPlug)
|
||||||
plug(Pleroma.Plugs.UserEnabledPlug)
|
plug(Pleroma.Plugs.UserEnabledPlug)
|
||||||
plug(Pleroma.Plugs.SetUserSessionIdPlug)
|
plug(Pleroma.Plugs.SetUserSessionIdPlug)
|
||||||
plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
|
plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
|
||||||
|
use Pleroma.Web.ConnCase, async: true
|
||||||
|
import Pleroma.Factory
|
||||||
|
|
||||||
|
alias Pleroma.Plugs.AdminSecretAuthenticationPlug
|
||||||
|
|
||||||
|
test "does nothing if a user is assigned", %{conn: conn} do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|
||||||
|
ret_conn =
|
||||||
|
conn
|
||||||
|
|> AdminSecretAuthenticationPlug.call(%{})
|
||||||
|
|
||||||
|
assert conn == ret_conn
|
||||||
|
end
|
||||||
|
|
||||||
|
test "with secret set and given in the 'admin_token' parameter, it assigns an admin user", %{
|
||||||
|
conn: conn
|
||||||
|
} do
|
||||||
|
Pleroma.Config.put(:admin_token, "password123")
|
||||||
|
|
||||||
|
conn =
|
||||||
|
%{conn | params: %{"admin_token" => "wrong_password"}}
|
||||||
|
|> AdminSecretAuthenticationPlug.call(%{})
|
||||||
|
|
||||||
|
refute conn.assigns[:user]
|
||||||
|
|
||||||
|
conn =
|
||||||
|
%{conn | params: %{"admin_token" => "password123"}}
|
||||||
|
|> AdminSecretAuthenticationPlug.call(%{})
|
||||||
|
|
||||||
|
assert conn.assigns[:user].info.is_admin
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue