Add a way to use the admin api without a user.

5 years ago · f3eb414e28
--- a/config/config.md
+++ b/config/config.md
@@ -174,4 +174,17 @@ Kocaptcha is a very simple captcha service with a single API endpoint,
 the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint
 `https://captcha.kotobank.ch` is hosted by the developer.

 * `endpoint`: the kocaptcha endpoint to use
 * `endpoint`: the kocaptcha endpoint to use

 ## :admin_token

 Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the 'admin_token' parameter. Example:

 ```
 config :pleroma, :admin_token, "somerandomtoken"
 ```

 You can then do
 ```
 curl "http://localhost:4000/api/pleroma/admin/invite_token?admin_token=somerandomtoken"
 ```
--- a/lib/pleroma/plugs/admin_secret_authentication_plug.ex
+++ b/lib/pleroma/plugs/admin_secret_authentication_plug.ex
@@ -0,0 +1,25 @@
 defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
  import Plug.Conn
  alias Pleroma.User

  def init(options) do
    options
  end

  def secret_token do
    Pleroma.Config.get(:admin_token)
  end

  def call(%{assigns: %{user: %User{}}} = conn, _), do: conn

  def call(%{params: %{"admin_token" => admin_token}} = conn, _) do
    if secret_token() && admin_token == secret_token() do
      conn
      |> assign(:user, %User{info: %{is_admin: true}})
    else
      conn
    end
  end

  def call(conn, _), do: conn
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -38,6 +38,7 @@ defmodule Pleroma.Web.Router do
    plug(Pleroma.Plugs.SessionAuthenticationPlug)
    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
    plug(Pleroma.Plugs.AuthenticationPlug)
    plug(Pleroma.Plugs.AdminSecretAuthenticationPlug)
    plug(Pleroma.Plugs.UserEnabledPlug)
    plug(Pleroma.Plugs.SetUserSessionIdPlug)
    plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
--- a/test/plugs/admin_secret_authentication_plug_test.exs
+++ b/test/plugs/admin_secret_authentication_plug_test.exs
@@ -0,0 +1,38 @@
 defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
  use Pleroma.Web.ConnCase, async: true
  import Pleroma.Factory

  alias Pleroma.Plugs.AdminSecretAuthenticationPlug

  test "does nothing if a user is assigned", %{conn: conn} do
    user = insert(:user)

    conn =
      conn
      |> assign(:user, user)

    ret_conn =
      conn
      |> AdminSecretAuthenticationPlug.call(%{})

    assert conn == ret_conn
  end

  test "with secret set and given in the 'admin_token' parameter, it assigns an admin user", %{
    conn: conn
  } do
    Pleroma.Config.put(:admin_token, "password123")

    conn =
      %{conn | params: %{"admin_token" => "wrong_password"}}
      |> AdminSecretAuthenticationPlug.call(%{})

    refute conn.assigns[:user]

    conn =
      %{conn | params: %{"admin_token" => "password123"}}
      |> AdminSecretAuthenticationPlug.call(%{})

    assert conn.assigns[:user].info.is_admin
  end
 end