diff --git a/config/config.exs b/config/config.exs index 6fd7044e3..778e6bf21 100644 --- a/config/config.exs +++ b/config/config.exs @@ -263,7 +263,8 @@ :user_tag, :user_activation, :user_invite, - :report_handle + :report_handle, + :user_read ], moderator_privileges: [], max_endorsed_users: 20, diff --git a/config/description.exs b/config/description.exs index d0364340e..6d8cacace 100644 --- a/config/description.exs +++ b/config/description.exs @@ -970,7 +970,8 @@ :user_tag, :user_activation, :user_invite, - :report_handle + :report_handle, + :user_read ], description: "What extra priviledges to allow admins (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" @@ -985,7 +986,8 @@ :user_tag, :user_activation, :user_invite, - :report_handle + :report_handle, + :user_read ], description: "What extra priviledges to allow moderators (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)" diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index dbcd6f399..68719c570 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -140,6 +140,11 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :report_handle) end + pipeline :require_privileged_role_user_read do + plug(:admin_api) + plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :user_read) + end + pipeline :pleroma_html do plug(:browser) plug(:authenticate) @@ -328,12 +333,17 @@ defmodule Pleroma.Web.Router do delete("/reports/:report_id/notes/:id", ReportController, :notes_delete) end - # AdminAPI: admins and mods (staff) can perform these actions + # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role) scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do - pipe_through(:admin_api) + pipe_through(:require_privileged_role_user_read) get("/users", UserController, :index) get("/users/:nickname", UserController, :show) + end + + # AdminAPI: admins and mods (staff) can perform these actions + scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through(:admin_api) get("/instances/:instance/statuses", InstanceController, :list_statuses) delete("/instances/:instance", InstanceController, :delete) diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index f221b9c51..a6e41c761 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -38,6 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do end test "with valid `admin_token` query parameter, skips OAuth scopes check" do + clear_config([:instance, :admin_privileges], [:user_read]) clear_config([:admin_token], "password123") user = insert(:user) @@ -47,50 +48,6 @@ test "with valid `admin_token` query parameter, skips OAuth scopes check" do assert json_response_and_validate_schema(conn, 200) end - test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope", - %{admin: admin} do - user = insert(:user) - url = "/api/pleroma/admin/users/#{user.nickname}" - - good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"]) - good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"]) - good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"]) - - bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"]) - bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"]) - bad_token3 = nil - - for good_token <- [good_token1, good_token2, good_token3] do - conn = - build_conn() - |> assign(:user, admin) - |> assign(:token, good_token) - |> get(url) - - assert json_response_and_validate_schema(conn, 200) - end - - for good_token <- [good_token1, good_token2, good_token3] do - conn = - build_conn() - |> assign(:user, nil) - |> assign(:token, good_token) - |> get(url) - - assert json_response(conn, :forbidden) - end - - for bad_token <- [bad_token1, bad_token2, bad_token3] do - conn = - build_conn() - |> assign(:user, admin) - |> assign(:token, bad_token) - |> get(url) - - assert json_response_and_validate_schema(conn, :forbidden) - end - end - describe "DELETE /api/pleroma/admin/users" do test "single user", %{admin: admin, conn: conn} do clear_config([:instance, :federating], true) @@ -321,7 +278,19 @@ test "Multiple user creation works in transaction", %{conn: conn} do end end - describe "/api/pleroma/admin/users/:nickname" do + describe "GET /api/pleroma/admin/users/:nickname" do + setup do + clear_config([:instance, :admin_privileges], [:user_read]) + end + + test "returns 403 if not privileged with :user_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/users/user.nickname") + + assert json_response(conn, :forbidden) + end + test "Show", %{conn: conn} do user = insert(:user) @@ -337,6 +306,50 @@ test "when the user doesn't exist", %{conn: conn} do assert %{"error" => "Not found"} == json_response_and_validate_schema(conn, 404) end + + test "requires admin:read:accounts or broader scope", + %{admin: admin} do + user = insert(:user) + url = "/api/pleroma/admin/users/#{user.nickname}" + + good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"]) + good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"]) + good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"]) + + bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"]) + bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"]) + bad_token3 = nil + + for good_token <- [good_token1, good_token2, good_token3] do + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, good_token) + |> get(url) + + assert json_response_and_validate_schema(conn, 200) + end + + for good_token <- [good_token1, good_token2, good_token3] do + conn = + build_conn() + |> assign(:user, nil) + |> assign(:token, good_token) + |> get(url) + + assert json_response(conn, :forbidden) + end + + for bad_token <- [bad_token1, bad_token2, bad_token3] do + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, bad_token) + |> get(url) + + assert json_response_and_validate_schema(conn, :forbidden) + end + end end describe "/api/pleroma/admin/users/follow" do @@ -392,6 +405,18 @@ test "allows to force-unfollow another user", %{admin: admin, conn: conn} do end describe "GET /api/pleroma/admin/users" do + setup do + clear_config([:instance, :admin_privileges], [:user_read]) + end + + test "returns 403 if not privileged with :user_read", %{conn: conn} do + clear_config([:instance, :admin_privileges], []) + + conn = get(conn, "/api/pleroma/admin/users?page=1") + + assert json_response(conn, :forbidden) + end + test "renders users array for the first page", %{conn: conn, admin: admin} do user = insert(:user, local: false, tags: ["foo", "bar"]) user2 = insert(:user, is_approved: false, registration_reason: "I'm a chill dude")