Add extra routes to :users_manage_credentials privilege
This commit is contained in:
parent
b53cf7d4b3
commit
2d7ea263a1
2 changed files with 64 additions and 8 deletions
|
@ -233,8 +233,6 @@ defmodule Pleroma.Web.Router do
|
||||||
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through([:admin_api, :require_admin])
|
pipe_through([:admin_api, :require_admin])
|
||||||
|
|
||||||
put("/users/disable_mfa", AdminAPIController, :disable_mfa)
|
|
||||||
|
|
||||||
get("/users/:nickname/permission_group", AdminAPIController, :right_get)
|
get("/users/:nickname/permission_group", AdminAPIController, :right_get)
|
||||||
get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
|
get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
|
||||||
|
|
||||||
|
@ -265,16 +263,10 @@ defmodule Pleroma.Web.Router do
|
||||||
post("/relay", RelayController, :follow)
|
post("/relay", RelayController, :follow)
|
||||||
delete("/relay", RelayController, :unfollow)
|
delete("/relay", RelayController, :unfollow)
|
||||||
|
|
||||||
patch("/users/force_password_reset", AdminAPIController, :force_password_reset)
|
|
||||||
get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials)
|
|
||||||
|
|
||||||
get("/instance_document/:name", InstanceDocumentController, :show)
|
get("/instance_document/:name", InstanceDocumentController, :show)
|
||||||
patch("/instance_document/:name", InstanceDocumentController, :update)
|
patch("/instance_document/:name", InstanceDocumentController, :update)
|
||||||
delete("/instance_document/:name", InstanceDocumentController, :delete)
|
delete("/instance_document/:name", InstanceDocumentController, :delete)
|
||||||
|
|
||||||
patch("/users/confirm_email", AdminAPIController, :confirm_email)
|
|
||||||
patch("/users/resend_confirmation_email", AdminAPIController, :resend_confirmation_email)
|
|
||||||
|
|
||||||
get("/config", ConfigController, :show)
|
get("/config", ConfigController, :show)
|
||||||
post("/config", ConfigController, :update)
|
post("/config", ConfigController, :update)
|
||||||
get("/config/descriptions", ConfigController, :descriptions)
|
get("/config/descriptions", ConfigController, :descriptions)
|
||||||
|
@ -319,7 +311,12 @@ defmodule Pleroma.Web.Router do
|
||||||
pipe_through(:require_privileged_role_users_manage_credentials)
|
pipe_through(:require_privileged_role_users_manage_credentials)
|
||||||
|
|
||||||
get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
|
get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
|
||||||
|
get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials)
|
||||||
patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
|
patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
|
||||||
|
put("/users/disable_mfa", AdminAPIController, :disable_mfa)
|
||||||
|
patch("/users/force_password_reset", AdminAPIController, :force_password_reset)
|
||||||
|
patch("/users/confirm_email", AdminAPIController, :confirm_email)
|
||||||
|
patch("/users/resend_confirmation_email", AdminAPIController, :resend_confirmation_email)
|
||||||
end
|
end
|
||||||
|
|
||||||
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
# AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
|
||||||
|
|
|
@ -352,6 +352,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
describe "PUT disable_mfa" do
|
describe "PUT disable_mfa" do
|
||||||
test "returns 200 and disable 2fa", %{conn: conn} do
|
test "returns 200 and disable 2fa", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:users_manage_credentials])
|
||||||
|
|
||||||
user =
|
user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
multi_factor_authentication_settings: %MFA.Settings{
|
multi_factor_authentication_settings: %MFA.Settings{
|
||||||
|
@ -373,6 +375,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns 404 if user not found", %{conn: conn} do
|
test "returns 404 if user not found", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:users_manage_credentials])
|
||||||
|
|
||||||
response =
|
response =
|
||||||
conn
|
conn
|
||||||
|> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"})
|
|> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"})
|
||||||
|
@ -380,6 +384,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
assert response == %{"error" => "Not found"}
|
assert response == %{"error" => "Not found"}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :users_manage_credentials", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"})
|
||||||
|
|
||||||
|
assert json_response(response, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/restart" do
|
describe "GET /api/pleroma/admin/restart" do
|
||||||
|
@ -785,6 +799,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
describe "GET /users/:nickname/credentials" do
|
describe "GET /users/:nickname/credentials" do
|
||||||
test "gets the user credentials", %{conn: conn} do
|
test "gets the user credentials", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:users_manage_credentials])
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials")
|
conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials")
|
||||||
|
|
||||||
|
@ -793,6 +808,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns 403 if requested by a non-admin" do
|
test "returns 403 if requested by a non-admin" do
|
||||||
|
clear_config([:instance, :admin_privileges], [:users_manage_credentials])
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
|
@ -802,6 +818,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
assert json_response(conn, :forbidden)
|
assert json_response(conn, :forbidden)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :users_manage_credentials", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> get("/api/pleroma/admin/users/nickname/credentials")
|
||||||
|
|
||||||
|
assert json_response(response, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "PATCH /users/:nickname/credentials" do
|
describe "PATCH /users/:nickname/credentials" do
|
||||||
|
@ -896,6 +922,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
describe "PATCH /users/:nickname/force_password_reset" do
|
describe "PATCH /users/:nickname/force_password_reset" do
|
||||||
test "sets password_reset_pending to true", %{conn: conn} do
|
test "sets password_reset_pending to true", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:users_manage_credentials])
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
assert user.password_reset_pending == false
|
assert user.password_reset_pending == false
|
||||||
|
|
||||||
|
@ -908,10 +935,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|
|
||||||
assert User.get_by_id(user.id).password_reset_pending == true
|
assert User.get_by_id(user.id).password_reset_pending == true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :users_manage_credentials", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> patch("/api/pleroma/admin/users/force_password_reset", %{nickname: "nickname"})
|
||||||
|
|
||||||
|
assert json_response(response, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "PATCH /confirm_email" do
|
describe "PATCH /confirm_email" do
|
||||||
test "it confirms emails of two users", %{conn: conn, admin: admin} do
|
test "it confirms emails of two users", %{conn: conn, admin: admin} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:users_manage_credentials])
|
||||||
[first_user, second_user] = insert_pair(:user, is_confirmed: false)
|
[first_user, second_user] = insert_pair(:user, is_confirmed: false)
|
||||||
|
|
||||||
refute first_user.is_confirmed
|
refute first_user.is_confirmed
|
||||||
|
@ -938,10 +976,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||||
"@#{admin.nickname} confirmed email for users: @#{first_user.nickname}, @#{second_user.nickname}"
|
"@#{admin.nickname} confirmed email for users: @#{first_user.nickname}, @#{second_user.nickname}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :users_manage_credentials", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> patch("/api/pleroma/admin/users/confirm_email", %{nicknames: ["nickname"]})
|
||||||
|
|
||||||
|
assert json_response(response, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "PATCH /resend_confirmation_email" do
|
describe "PATCH /resend_confirmation_email" do
|
||||||
test "it resend emails for two users", %{conn: conn, admin: admin} do
|
test "it resend emails for two users", %{conn: conn, admin: admin} do
|
||||||
|
clear_config([:instance, :admin_privileges], [:users_manage_credentials])
|
||||||
[first_user, second_user] = insert_pair(:user, is_confirmed: false)
|
[first_user, second_user] = insert_pair(:user, is_confirmed: false)
|
||||||
|
|
||||||
ret_conn =
|
ret_conn =
|
||||||
|
@ -967,6 +1016,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||||
|> Swoosh.Email.put_private(:hackney_options, ssl_options: [versions: [:"tlsv1.2"]])
|
|> Swoosh.Email.put_private(:hackney_options, ssl_options: [versions: [:"tlsv1.2"]])
|
||||||
|> assert_email_sent()
|
|> assert_email_sent()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it requires privileged role :users_manage_credentials", %{conn: conn} do
|
||||||
|
clear_config([:instance, :admin_privileges], [])
|
||||||
|
|
||||||
|
response =
|
||||||
|
conn
|
||||||
|
|> patch("/api/pleroma/admin/users/resend_confirmation_email", %{nicknames: ["nickname"]})
|
||||||
|
|
||||||
|
assert json_response(response, :forbidden)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "/api/pleroma/admin/stats" do
|
describe "/api/pleroma/admin/stats" do
|
||||||
|
|
Loading…
Reference in a new issue