From 9b225db7d86289fb9d9c51f62e6ec29f6c07f60d Mon Sep 17 00:00:00 2001
From: Ivan Tashkinov <ivantashkinov@gmail.com>
Date: Tue, 14 Jul 2020 11:58:41 +0300
Subject: [#1940] Applied rate limit for requests with bad `admin_token`. Added
 doc warnings on `admin_token` setting.

---
 config/description.exs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/description.exs b/config/description.exs
index 84dcdb87e..8ec4b712f 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -2008,13 +2008,15 @@ config :pleroma, :config_description, [
     label: "Pleroma Admin Token",
     type: :group,
     description:
-      "Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the `admin_token` parameter",
+      "Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the `admin_token` parameter (risky; use HTTP Basic Auth or OAuth-based authentication if possible)",
     children: [
       %{
         key: :admin_token,
         type: :string,
         description: "Admin token",
-        suggestions: ["We recommend a secure random string or UUID"]
+        suggestions: [
+          "We recommend NOT setting the value do to increased security risk; if set, use a secure random long string or UUID (and change it as often as possible)"
+        ]
       }
     ]
   },
-- 
cgit v1.2.3