X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Fadmin_secret_authentication_plug.ex;h=49dea452d4fe9e092a4fd50f750bfc8a8da8e4e2;hb=6875ccb6bfcc5ae62db26d38c3d5eac4c6f8706a;hp=2c9348715363035b8d018b48522e1b9629019062;hpb=2791ce9a1ff2365ac7256f5e1dc2324dee2f82c9;p=akkoma
diff --git a/lib/pleroma/plugs/admin_secret_authentication_plug.ex b/lib/pleroma/plugs/admin_secret_authentication_plug.ex
index 2c9348715..49dea452d 100644
--- a/lib/pleroma/plugs/admin_secret_authentication_plug.ex
+++ b/lib/pleroma/plugs/admin_secret_authentication_plug.ex
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors
+# Copyright © 2017-2019 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
@@ -16,14 +16,28 @@ defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
- def call(%{params: %{"admin_token" => admin_token}} = conn, _) do
- if secret_token() && admin_token == secret_token() do
+ def call(conn, _) do
+ if secret_token() do
+ authenticate(conn)
+ else
conn
- |> assign(:user, %User{info: %{is_admin: true}})
+ end
+ end
+
+ def authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
+ if admin_token == secret_token() do
+ assign(conn, :user, %User{is_admin: true})
else
conn
end
end
- def call(conn, _), do: conn
+ def authenticate(conn) do
+ token = secret_token()
+
+ case get_req_header(conn, "x-admin-token") do
+ [^token] -> assign(conn, :user, %User{is_admin: true})
+ _ -> conn
+ end
+ end
end