projects / akkoma / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 95a22c1)
OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions
authorrinpatch <rin@patch.cx>
Wed, 17 Feb 2021 18:37:23 +0000 (21:37 +0300)
committerrinpatch <rin@patch.cx>
Wed, 17 Feb 2021 18:37:23 +0000 (21:37 +0300)
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.

16 files changed:
lib/pleroma/config.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/admin_api_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/chat_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/config_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/frontend_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/instance_document_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/invite_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/relay_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/report_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/status_controller.ex patch | blob | history
lib/pleroma/web/admin_api/controllers/user_controller.ex patch | blob | history
lib/pleroma/web/pleroma_api/controllers/emoji_file_controller.ex patch | blob | history
lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex patch | blob | history
lib/pleroma/web/plugs/o_auth_scopes_plug.ex patch | blob | history

diff --git a/lib/pleroma/config.ex b/lib/pleroma/config.ex
index b35491fdc3564cc855f6b22bbae28ffe44953dea..2e15a37193ada875eeb73746d30b2bc37e464a68 100644 (file)
--- a/lib/pleroma/config.ex
+++ b/lib/pleroma/config.ex
@@ -99,8 +99,4 @@ defmodule Pleroma.Config do
   def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], [])
 
   def oauth_consumer_enabled?, do: oauth_consumer_strategies() != []
-
-  def oauth_admin_scopes(scopes) when is_list(scopes) do
-    Enum.map(scopes, fn scope -> "admin:#{scope}" end)
-  end
 end
diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
index d581df4a282166ec84f980bc9e7fbf1ac38b5f83..839ac1a8d9185381f56cc84ff14122da63cfb899 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
@@ -25,13 +25,13 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read:accounts"], admin: true}
+    %{scopes: ["admin:read:accounts"]}
     when action in [:right_get, :show_user_credentials, :create_backup]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:accounts"], admin: true}
+    %{scopes: ["admin:write:accounts"]}
     when action in [
            :get_password_reset,
            :force_password_reset,
@@ -48,19 +48,19 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read:statuses"], admin: true}
+    %{scopes: ["admin:read:statuses"]}
     when action in [:list_user_statuses, :list_instance_statuses]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read:chats"], admin: true}
+    %{scopes: ["admin:read:chats"]}
     when action in [:list_user_chats]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read"], admin: true}
+    %{scopes: ["admin:read"]}
     when action in [
            :list_log,
            :stats,
@@ -70,7 +70,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write"], admin: true}
+    %{scopes: ["admin:write"]}
     when action in [
            :restart,
            :resend_confirmation_email,
diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex
index 3761a588a98c96024e72570cb59dca8dcd5bcd6f..ff20c8604360d2a33044df8e019da7b73958e6e3 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex
@@ -21,12 +21,12 @@ defmodule Pleroma.Web.AdminAPI.ChatController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read:chats"], admin: true} when action in [:show, :messages]
+    %{scopes: ["admin:read:chats"]} when action in [:show, :messages]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:chats"], admin: true} when action in [:delete_message]
+    %{scopes: ["admin:write:chats"]} when action in [:delete_message]
   )
 
   action_fallback(Pleroma.Web.AdminAPI.FallbackController)
diff --git a/lib/pleroma/web/admin_api/controllers/config_controller.ex b/lib/pleroma/web/admin_api/controllers/config_controller.ex
index 4ebf2a305c58c7ab142cb7133f67b5c213ba43e2..a718d7b8d7a1f32f1d502e3bc0f72c9fcd5d1be0 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/config_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/config_controller.ex
@@ -10,11 +10,11 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
   alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action == :update)
+  plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action == :update)
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read"], admin: true}
+    %{scopes: ["admin:read"]}
     when action in [:show, :descriptions]
   )
 
diff --git a/lib/pleroma/web/admin_api/controllers/frontend_controller.ex b/lib/pleroma/web/admin_api/controllers/frontend_controller.ex
index 20472a55ef371755300b92c856df8aec5f5f5505..722f51bd2e119183527ba053775db91ffd13b4fd 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/frontend_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/frontend_controller.ex
@@ -9,8 +9,8 @@ defmodule Pleroma.Web.AdminAPI.FrontendController do
   alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action == :install)
-  plug(OAuthScopesPlug, %{scopes: ["read"], admin: true} when action == :index)
+  plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action == :install)
+  plug(OAuthScopesPlug, %{scopes: ["admin:read"]} when action == :index)
   action_fallback(Pleroma.Web.AdminAPI.FallbackController)
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.FrontendOperation
diff --git a/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex
index ef00d341792b3e82c28aa21f1f9bd637e5bfed2d..a55857a0ed21a1c1d65e3217f6e01b8830ba5c6d 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex
@@ -15,8 +15,8 @@ defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.InstanceDocumentOperation
 
-  plug(OAuthScopesPlug, %{scopes: ["read"], admin: true} when action == :show)
-  plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action in [:update, :delete])
+  plug(OAuthScopesPlug, %{scopes: ["admin:read"]} when action == :show)
+  plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action in [:update, :delete])
 
   def show(conn, %{name: document_name}) do
     with {:ok, url} <- InstanceDocument.get(document_name),
diff --git a/lib/pleroma/web/admin_api/controllers/invite_controller.ex b/lib/pleroma/web/admin_api/controllers/invite_controller.ex
index 3f233a0c48a8e0fd2bb896bc499da070a6709996..727ebd846f52acb2028a75b6828e8c08e1a4cd66 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/invite_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/invite_controller.ex
@@ -14,11 +14,11 @@ defmodule Pleroma.Web.AdminAPI.InviteController do
   require Logger
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["read:invites"], admin: true} when action == :index)
+  plug(OAuthScopesPlug, %{scopes: ["admin:read:invites"]} when action == :index)
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:invites"], admin: true} when action in [:create, :revoke, :email]
+    %{scopes: ["admin:write:invites"]} when action in [:create, :revoke, :email]
   )
 
   action_fallback(Pleroma.Web.AdminAPI.FallbackController)
diff --git a/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex b/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex
index 3564738afdca14fe6cf3b6f3672396975704aad3..a6d7aaf54a49e28568ed9c69e7fbd1bb196dee45 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex
@@ -15,12 +15,12 @@ defmodule Pleroma.Web.AdminAPI.MediaProxyCacheController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read:media_proxy_caches"], admin: true} when action in [:index]
+    %{scopes: ["admin:read:media_proxy_caches"]} when action in [:index]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:media_proxy_caches"], admin: true} when action in [:purge, :delete]
+    %{scopes: ["admin:write:media_proxy_caches"]} when action in [:purge, :delete]
   )
 
   action_fallback(Pleroma.Web.AdminAPI.FallbackController)
diff --git a/lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex b/lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex
index 2bd2b3644ad78fabf040ec13642802f8067884f4..005fe67e2883a218127f5404a7b77f153c79ae5d 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex
@@ -17,7 +17,7 @@ defmodule Pleroma.Web.AdminAPI.OAuthAppController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write"], admin: true}
+    %{scopes: ["admin:write"]}
     when action in [:create, :index, :update, :delete]
   )
 
diff --git a/lib/pleroma/web/admin_api/controllers/relay_controller.ex b/lib/pleroma/web/admin_api/controllers/relay_controller.ex
index 18443e74eaca45a66dfaf838ca5abe01a05a8384..c6bd43feafa5e30391fc23c9644b92571b5b7ab7 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/relay_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/relay_controller.ex
@@ -15,11 +15,11 @@ defmodule Pleroma.Web.AdminAPI.RelayController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:follows"], admin: true}
+    %{scopes: ["admin:write:follows"]}
     when action in [:follow, :unfollow]
   )
 
-  plug(OAuthScopesPlug, %{scopes: ["read"], admin: true} when action == :index)
+  plug(OAuthScopesPlug, %{scopes: ["admin:read"]} when action == :index)
 
   action_fallback(Pleroma.Web.AdminAPI.FallbackController)
 
diff --git a/lib/pleroma/web/admin_api/controllers/report_controller.ex b/lib/pleroma/web/admin_api/controllers/report_controller.ex
index abc068a3fb445b3b5af570a30aca876ce5d6e462..d4a4935eec829bdb57fce6536ee720cef2ad7493 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/report_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/report_controller.ex
@@ -19,11 +19,11 @@ defmodule Pleroma.Web.AdminAPI.ReportController do
   require Logger
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["read:reports"], admin: true} when action in [:index, :show])
+  plug(OAuthScopesPlug, %{scopes: ["admin:read:reports"]} when action in [:index, :show])
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:reports"], admin: true}
+    %{scopes: ["admin:write:reports"]}
     when action in [:update, :notes_create, :notes_delete]
   )
 
diff --git a/lib/pleroma/web/admin_api/controllers/status_controller.ex b/lib/pleroma/web/admin_api/controllers/status_controller.ex
index 903badec0431aad5f5dc28bc645383a1a2413095..7058def82b8ab1f4397ef242746b1a980946e951 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/status_controller.ex
@@ -15,11 +15,11 @@ defmodule Pleroma.Web.AdminAPI.StatusController do
   require Logger
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["read:statuses"], admin: true} when action in [:index, :show])
+  plug(OAuthScopesPlug, %{scopes: ["admin:read:statuses"]} when action in [:index, :show])
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:statuses"], admin: true} when action in [:update, :delete]
+    %{scopes: ["admin:write:statuses"]} when action in [:update, :delete]
   )
 
   action_fallback(Pleroma.Web.AdminAPI.FallbackController)
diff --git a/lib/pleroma/web/admin_api/controllers/user_controller.ex b/lib/pleroma/web/admin_api/controllers/user_controller.ex
index a18b9f8d54c16d178dffacaa73817308408af284..65bc63cb9e66bb224e8390d6908d5f7d570c8592 100644 (file)
--- a/lib/pleroma/web/admin_api/controllers/user_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/user_controller.ex
@@ -21,13 +21,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["read:accounts"], admin: true}
+    %{scopes: ["admin:read:accounts"]}
     when action in [:list, :show]
   )
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:accounts"], admin: true}
+    %{scopes: ["admin:write:accounts"]}
     when action in [
            :delete,
            :create,
@@ -40,7 +40,7 @@ defmodule Pleroma.Web.AdminAPI.UserController do
 
   plug(
     OAuthScopesPlug,
-    %{scopes: ["write:follows"], admin: true}
+    %{scopes: ["admin:write:follows"]}
     when action in [:follow, :unfollow]
   )
 
diff --git a/lib/pleroma/web/pleroma_api/controllers/emoji_file_controller.ex b/lib/pleroma/web/pleroma_api/controllers/emoji_file_controller.ex
index 6a41bbab4bfe563b6f77402e9b63174b799c1b4b..204e81311f7adfc88f2edf2e9611780b85fdf85d 100644 (file)
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_file_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_file_controller.ex
@@ -12,7 +12,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileController do
 
   plug(
     Pleroma.Web.Plugs.OAuthScopesPlug,
-    %{scopes: ["write"], admin: true}
+    %{scopes: ["admin:write"]}
     when action in [
            :create,
            :update,
diff --git a/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex b/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex
index c696241f0343529d4f73002d39afeb377f2717f4..d0f677d3c5cfc1dfba99e3ffc719456639ce9ae4 100644 (file)
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex
@@ -11,7 +11,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackController do
 
   plug(
     Pleroma.Web.Plugs.OAuthScopesPlug,
-    %{scopes: ["write"], admin: true}
+    %{scopes: ["admin:write"]}
     when action in [
            :import_from_filesystem,
            :remote,
diff --git a/lib/pleroma/web/plugs/o_auth_scopes_plug.ex b/lib/pleroma/web/plugs/o_auth_scopes_plug.ex
index 0f32f70a6e7a52d799e3eceeecf9e0d3c80fea7a..f017c8bc7abd627bcb61a2042eedd1b13dc8b551 100644 (file)
--- a/lib/pleroma/web/plugs/o_auth_scopes_plug.ex
+++ b/lib/pleroma/web/plugs/o_auth_scopes_plug.ex
@@ -6,7 +6,6 @@ defmodule Pleroma.Web.Plugs.OAuthScopesPlug do
   import Plug.Conn
   import Pleroma.Web.Gettext
 
-  alias Pleroma.Config
   alias Pleroma.Helpers.AuthHelper
 
   use Pleroma.Web, :plug
@@ -18,7 +17,6 @@ defmodule Pleroma.Web.Plugs.OAuthScopesPlug do
     op = options[:op] || :|
     token = assigns[:token]
 
-    scopes = transform_scopes(scopes, options)
     matched_scopes = (token && filter_descendants(scopes, token.scopes)) || []
 
     cond do
@@ -57,13 +55,4 @@ defmodule Pleroma.Web.Plugs.OAuthScopesPlug do
       end
     )
   end
-
-  @doc "Transforms scopes by applying supported options (e.g. :admin)"
-  def transform_scopes(scopes, options) do
-    if options[:admin] do
-      Config.oauth_admin_scopes(scopes)
-    else
-      scopes
-    end
-  end
 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git