squeegily/pleroma
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2994ddb8e8
pleroma/docs/development/authentication_authorization.md
Alexander Strizhakov e8107cc96a
pleroma installer and config versioning 
- added DynamicSupervisor, which starts Pleroma deps and restarts config dependent deps
- added pleroma installer, where user can configure database credentials
and pleroma config. Settings are saved into file and in database
- added versioning for in database config. New version is created from
changes which are passed to config update/delete endpoint. Every version
contains backup with all changes added through update. Versioning
supports rollbacks with N steps. With a rollback, all versions that
come after the version on which the rollback was made are deleted.
2021-03-21 10:47:59 +03:00

2.3 KiB
Raw Blame History

Authentication & Authorization

OAuth token-based authentication & authorization

  • Pleroma supports hierarchical OAuth scopes, just like Mastodon but with added granularity of admin scopes. For a reference, see Mastodon OAuth scopes.

  • It is important to either define OAuth scope restrictions or explicitly mark OAuth scope check as skipped, for every controller action. To define scopes, call plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: [...]}). To explicitly set OAuth scopes check skipped, call plug(:skip_plug, Pleroma.Web.Plugs.OAuthScopesPlug <when ...>).

  • In controllers, use Pleroma.Web, :controller will result in action/2 (see Pleroma.Web.controller/0 for definition) be called prior to actual controller action, and it'll perform security / privacy checks before passing control to actual controller action.

    For routes with :authenticated_api pipeline, authentication & authorization are expected, thus OAuthScopesPlug will be run unless explicitly skipped (also EnsureAuthenticatedPlug will be executed immediately before action even if there was an early run to give an early error, since OAuthScopesPlug supports :proceed_unauthenticated option, and other plugs may support similar options as well).

    For :api pipeline routes, it'll be verified whether OAuthScopesPlug was called or explicitly skipped, and if it was not then auth information will be dropped for request. Then EnsurePublicOrAuthenticatedPlug will be called to ensure that either the instance is not private or user is authenticated (unless explicitly skipped). Such automated checks help to prevent human errors and result in higher security / privacy for users.

Non-OAuth authentication

  • With non-OAuth authentication (HTTP Basic Authentication or HTTP header- or params-provided auth), OAuth scopes check is not performed for any action (since password is provided during the auth, requester is able to obtain a token with full permissions anyways); auth plugs invoke Pleroma.Helpers.AuthHelper.skip_oauth(conn) in this case.

Auth-related configuration, OAuth consumer mode etc.

See Authentication section of the configuration cheatsheet.