hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch '1940-admin-token-oauthless-auth' into 'develop'

Browse source 
[#1940] Reinstated OAuth-less `admin_token` authentication

Closes #1940

See merge request pleroma/pleroma!2760
This commit is contained in:
feld 2020-07-14 16:48:26 +00:00
commit 2909dc873b
21 changed files with 234 additions and 254 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/configuration/cheatsheet.md
View file

@ -814,6 +814,8 @@ or
curl -H "X-Admin-Token: somerandomtoken" "http://localhost:4000/api/pleroma/admin/users/invites"
```
Warning: it's discouraged to use this feature because of the associated security risk: static / rarely changed instance-wide token is much weaker compared to email-password pair of a real admin user; consider using HTTP Basic Auth or OAuth-based authentication instead.
### :auth
* `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator.