aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/user.ex
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/user.ex')
-rw-r--r--lib/pleroma/user.ex29
1 files changed, 22 insertions, 7 deletions
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 694f1f110..6b556e8e1 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -1839,13 +1839,28 @@ defmodule Pleroma.User do
end
def admin_api_update(user, params) do
- user
- |> cast(params, [
- :is_moderator,
- :is_admin,
- :show_role
- ])
- |> update_and_set_cache()
+ changeset =
+ cast(user, params, [
+ :is_moderator,
+ :is_admin,
+ :show_role
+ ])
+
+ with {:ok, updated_user} <- update_and_set_cache(changeset) do
+ if user.is_admin && !updated_user.is_admin do
+ # Tokens & authorizations containing any admin scopes must be revoked (revoking all).
+ # This is an extra safety measure (tokens' admin scopes won't be accepted for non-admins).
+ global_sign_out(user)
+ end
+
+ {:ok, updated_user}
+ end
+ end
+
+ @doc "Signs user out of all applications"
+ def global_sign_out(user) do
+ OAuth.Authorization.delete_user_authorizations(user)
+ OAuth.Token.delete_user_tokens(user)
end
def mascot_update(user, url) do
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-25 14:50:26 +0000