@@ -16,7 +16,7 @@ This document contains notes and guidelines for Pleroma developers. | |||||
## [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) | ## [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) | ||||
* With HTTP Basic Auth, OAuth scopes check is _not_ performed for any action (since password is provided during the auth, requester is able to obtain a token with full permissions anyways). `Pleroma.Plugs.AuthenticationPlug` and `Pleroma.Plugs.LegacyAuthenticationPlug` both call `Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug(conn)` when password is provided. | |||||
* With HTTP Basic Auth, OAuth scopes check is _not_ performed for any action (since password is provided during the auth, requester is able to obtain a token with full permissions anyways). `Pleroma.Plugs.AuthenticationPlug` and `Pleroma.Web.Plugs.LegacyAuthenticationPlug` both call `Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug(conn)` when password is provided. | |||||
## Auth-related configuration, OAuth consumer mode etc. | ## Auth-related configuration, OAuth consumer mode etc. | ||||
@@ -2,7 +2,7 @@ | |||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> | # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> | ||||
# SPDX-License-Identifier: AGPL-3.0-only | # SPDX-License-Identifier: AGPL-3.0-only | ||||
defmodule Pleroma.Plugs.LegacyAuthenticationPlug do | |||||
defmodule Pleroma.Web.Plugs.LegacyAuthenticationPlug do | |||||
import Plug.Conn | import Plug.Conn | ||||
alias Pleroma.User | alias Pleroma.User | ||||
@@ -29,7 +29,7 @@ defmodule Pleroma.Web.Router do | |||||
plug(Pleroma.Plugs.BasicAuthDecoderPlug) | plug(Pleroma.Plugs.BasicAuthDecoderPlug) | ||||
plug(Pleroma.Web.Plugs.UserFetcherPlug) | plug(Pleroma.Web.Plugs.UserFetcherPlug) | ||||
plug(Pleroma.Web.Plugs.SessionAuthenticationPlug) | plug(Pleroma.Web.Plugs.SessionAuthenticationPlug) | ||||
plug(Pleroma.Plugs.LegacyAuthenticationPlug) | |||||
plug(Pleroma.Web.Plugs.LegacyAuthenticationPlug) | |||||
plug(Pleroma.Plugs.AuthenticationPlug) | plug(Pleroma.Plugs.AuthenticationPlug) | ||||
end | end | ||||
@@ -7,7 +7,7 @@ defmodule Pleroma.Web.Plugs.LegacyAuthenticationPlugTest do | |||||
import Pleroma.Factory | import Pleroma.Factory | ||||
alias Pleroma.Plugs.LegacyAuthenticationPlug | |||||
alias Pleroma.Web.Plugs.LegacyAuthenticationPlug | |||||
alias Pleroma.Web.Plugs.OAuthScopesPlug | alias Pleroma.Web.Plugs.OAuthScopesPlug | ||||
alias Pleroma.Web.Plugs.PlugHelper | alias Pleroma.Web.Plugs.PlugHelper | ||||
alias Pleroma.User | alias Pleroma.User | ||||