diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-12-07 17:49:53 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-12-07 17:49:53 +0300 |
| commit | 1770602747ae95d95d12c5601f99ced8699e8947 (patch) | |
| tree | 7c7a910a65e1d72791c3a9a4a988ad1a377ebd82 /lib/pleroma/user.ex | |
| parent | 40e1817f707c3c2ef253009c7363cd81b11322a6 (diff) | |
| download | pleroma-1770602747ae95d95d12c5601f99ced8699e8947.tar.gz | |
[#1427] Extra check that admin OAuth scope is used by admin. Adjusted tests.
Diffstat (limited to 'lib/pleroma/user.ex')
| -rw-r--r-- | lib/pleroma/user.ex | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 7b8222ce1..1006b5bf9 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1736,7 +1736,8 @@ defmodule Pleroma.User do with {:ok, updated_user} <- update_and_set_cache(changeset) do if user.is_admin && !updated_user.is_admin do - # Tokens & authorizations containing any admin scopes must be revoked (revoking all) + # Tokens & authorizations containing any admin scopes must be revoked (revoking all). + # This is an extra safety measure (tokens' admin scopes won't be accepted for non-admins). global_sign_out(user) end |