From 1a8bc26e52745909d6fc9ca7d04098d0dd247cfa Mon Sep 17 00:00:00 2001 From: Moon Man Date: Wed, 5 Sep 2018 00:21:44 -0400 Subject: auth against sha512-crypt password hashes, upgrade to pbkdf2 --- lib/pleroma/plugs/authentication_plug.ex | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 86a514541..616d31df4 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -14,7 +14,17 @@ defmodule Pleroma.Plugs.AuthenticationPlug do {:ok, user} <- opts[:fetcher].(username), false <- !!user.info["deactivated"], saved_user_id <- get_session(conn, :user_id), + legacy_password <- String.starts_with?(user.password_hash, "$6$"), + update_legacy_password <- + !(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false), {:ok, verified_user} <- verify(user, password, saved_user_id) do + if legacy_password and update_legacy_password do + User.reset_password(verified_user, %{ + :password => password, + :password_confirmation => password + }) + end + conn |> assign(:user, verified_user) |> put_session(:user_id, verified_user.id) @@ -34,7 +44,18 @@ defmodule Pleroma.Plugs.AuthenticationPlug do end defp verify(user, password, _user_id) do - if Pbkdf2.checkpw(password, user.password_hash) do + is_legacy = String.starts_with?(user.password_hash, "$6$") + + valid = + cond do + is_legacy -> + :crypt.crypt(password, user.password_hash) == user.password_hash + + true -> + Pbkdf2.checkpw(password, user.password_hash) + end + + if valid do {:ok, user} else :error -- cgit v1.2.3 From 8b020e03a699beb24d054108cf027b3fbbab2267 Mon Sep 17 00:00:00 2001 From: Moon Man Date: Wed, 5 Sep 2018 01:37:48 -0400 Subject: change cond to if else --- lib/pleroma/plugs/authentication_plug.ex | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 616d31df4..ffecb403d 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -44,15 +44,11 @@ defmodule Pleroma.Plugs.AuthenticationPlug do end defp verify(user, password, _user_id) do - is_legacy = String.starts_with?(user.password_hash, "$6$") - valid = - cond do - is_legacy -> - :crypt.crypt(password, user.password_hash) == user.password_hash - - true -> - Pbkdf2.checkpw(password, user.password_hash) + if String.starts_with?(user.password_hash, "$6$") do + :crypt.crypt(password, user.password_hash) == user.password_hash + else + Pbkdf2.checkpw(password, user.password_hash) end if valid do -- cgit v1.2.3 From 42bd985e6654a4af55df622753c3f0664e5c6bae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:30:05 +0200 Subject: Add BasicAuthDecoderPlug --- lib/pleroma/plugs/basic_auth_decoder_plug.ex | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 lib/pleroma/plugs/basic_auth_decoder_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/basic_auth_decoder_plug.ex b/lib/pleroma/plugs/basic_auth_decoder_plug.ex new file mode 100644 index 000000000..fc8fcee98 --- /dev/null +++ b/lib/pleroma/plugs/basic_auth_decoder_plug.ex @@ -0,0 +1,21 @@ +defmodule Pleroma.Plugs.BasicAuthDecoderPlug do + import Plug.Conn + + def init(options) do + options + end + + def call(conn, opts) do + with ["Basic " <> header] <- get_req_header(conn, "authorization"), + {:ok, userinfo} <- Base.decode64(header), + [username, password] <- String.split(userinfo, ":", parts: 2) do + conn + |> assign(:auth_credentials, %{ + username: username, + password: password + }) + else + _ -> conn + end + end +end -- cgit v1.2.3 From faf53477488edfc6ba4268529f9945a494f30aee Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:44:38 +0200 Subject: Add UserFetcherPlug. --- lib/pleroma/plugs/user_fetcher_plug.ex | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 lib/pleroma/plugs/user_fetcher_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/user_fetcher_plug.ex b/lib/pleroma/plugs/user_fetcher_plug.ex new file mode 100644 index 000000000..9cbaaf40a --- /dev/null +++ b/lib/pleroma/plugs/user_fetcher_plug.ex @@ -0,0 +1,34 @@ +defmodule Pleroma.Plugs.UserFetcherPlug do + import Plug.Conn + alias Pleroma.Repo + alias Pleroma.User + + def init(options) do + options + end + + def call(conn, options) do + with %{auth_credentials: %{username: username}} <- conn.assigns, + {:ok, %User{} = user} <- user_fetcher(username) do + conn + |> assign(:auth_user, user) + else + _ -> conn + end + end + + defp user_fetcher(username_or_email) do + { + :ok, + cond do + # First, try logging in as if it was a name + user = Repo.get_by(User, %{nickname: username_or_email}) -> + user + + # If we get nil, we try using it as an email + user = Repo.get_by(User, %{email: username_or_email}) -> + user + end + } + end +end -- cgit v1.2.3 From 3cf17dc402ceab7f823edc263ad09af7013d0646 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:59:19 +0200 Subject: Add EnsureAuthenticatedPlug --- lib/pleroma/plugs/ensure_authenticated_plug.ex | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 lib/pleroma/plugs/ensure_authenticated_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/ensure_authenticated_plug.ex b/lib/pleroma/plugs/ensure_authenticated_plug.ex new file mode 100644 index 000000000..bca44eb2c --- /dev/null +++ b/lib/pleroma/plugs/ensure_authenticated_plug.ex @@ -0,0 +1,19 @@ +defmodule Pleroma.Plugs.EnsureAuthenticatedPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{}}} = conn, _) do + conn + end + + def call(conn, _) do + conn + |> put_resp_content_type("application/json") + |> send_resp(403, Jason.encode!(%{error: "Invalid credentials."})) + |> halt + end +end -- cgit v1.2.3 From a3f54fca4d67fd7938ae00752c2cd409b6cf15ae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:17:33 +0200 Subject: Add LegacyAuthenticationPlug --- lib/pleroma/plugs/legacy_authentication_plug.ex | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 lib/pleroma/plugs/legacy_authentication_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/legacy_authentication_plug.ex b/lib/pleroma/plugs/legacy_authentication_plug.ex new file mode 100644 index 000000000..48c0aba88 --- /dev/null +++ b/lib/pleroma/plugs/legacy_authentication_plug.ex @@ -0,0 +1,31 @@ +defmodule Pleroma.Plugs.LegacyAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn + + def call( + %{ + assigns: %{ + auth_user: %{password_hash: "$6$" <> _ = password_hash} = auth_user, + auth_credentials: %{password: password} + } + } = conn, + _ + ) do + if :crypt.crypt(password, password_hash) == password_hash do + conn + |> assign(:user, auth_user) + else + conn + end + end + + def call(conn, _) do + conn + end +end -- cgit v1.2.3 From 9a96c93be71a1347a0b4f709c89589e6bac8d4de Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:37:02 +0200 Subject: Add SessionAuthenticationPlug. --- lib/pleroma/plugs/session_authentication_plug.ex | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 lib/pleroma/plugs/session_authentication_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/session_authentication_plug.ex b/lib/pleroma/plugs/session_authentication_plug.ex new file mode 100644 index 000000000..904a27952 --- /dev/null +++ b/lib/pleroma/plugs/session_authentication_plug.ex @@ -0,0 +1,18 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(conn, _) do + with saved_user_id <- get_session(conn, :user_id), + %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do + conn + |> assign(:user, conn.assigns.auth_user) + else + _ -> conn + end + end +end -- cgit v1.2.3 From 32465b9939718f7bc6604594e0404340c3e02cc9 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:53:38 +0200 Subject: Simplify AuthenticationPlug --- lib/pleroma/plugs/authentication_plug.ex | 79 ++++++++------------------------ 1 file changed, 20 insertions(+), 59 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index ffecb403d..8706b32cd 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -9,71 +9,32 @@ defmodule Pleroma.Plugs.AuthenticationPlug do def call(%{assigns: %{user: %User{}}} = conn, _), do: conn - def call(conn, opts) do - with {:ok, username, password} <- decode_header(conn), - {:ok, user} <- opts[:fetcher].(username), - false <- !!user.info["deactivated"], - saved_user_id <- get_session(conn, :user_id), - legacy_password <- String.starts_with?(user.password_hash, "$6$"), - update_legacy_password <- - !(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false), - {:ok, verified_user} <- verify(user, password, saved_user_id) do - if legacy_password and update_legacy_password do - User.reset_password(verified_user, %{ - :password => password, - :password_confirmation => password - }) - end - + def call( + %{ + assigns: %{ + auth_user: %{password_hash: password_hash} = auth_user, + auth_credentials: %{password: password} + } + } = conn, + _ + ) do + if Pbkdf2.checkpw(password, password_hash) do conn - |> assign(:user, verified_user) - |> put_session(:user_id, verified_user.id) + |> assign(:user, auth_user) else - _ -> conn |> halt_or_continue(opts) + conn end end - # Short-circuit if we have a cookie with the id for the given user. - defp verify(%{id: id} = user, _password, id) do - {:ok, user} - end - - defp verify(nil, _password, _user_id) do + def call( + %{ + assigns: %{ + auth_credentials: %{password: password} + } + } = conn, + _ + ) do Pbkdf2.dummy_checkpw() - :error - end - - defp verify(user, password, _user_id) do - valid = - if String.starts_with?(user.password_hash, "$6$") do - :crypt.crypt(password, user.password_hash) == user.password_hash - else - Pbkdf2.checkpw(password, user.password_hash) - end - - if valid do - {:ok, user} - else - :error - end - end - - defp decode_header(conn) do - with ["Basic " <> header] <- get_req_header(conn, "authorization"), - {:ok, userinfo} <- Base.decode64(header), - [username, password] <- String.split(userinfo, ":", parts: 2) do - {:ok, username, password} - end - end - - defp halt_or_continue(conn, %{optional: true}) do - conn |> assign(:user, nil) - end - - defp halt_or_continue(conn, _) do conn - |> put_resp_content_type("application/json") - |> send_resp(403, Jason.encode!(%{error: "Invalid credentials."})) - |> halt end end -- cgit v1.2.3 From 12bc73dd2833a22cce6a22841d33c992b1eb31fc Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 19:06:28 +0200 Subject: Add EnsureUserKeyPlug, smaller fixes --- lib/pleroma/plugs/authentication_plug.ex | 2 ++ lib/pleroma/plugs/ensure_user_key_plug.ex | 14 ++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 lib/pleroma/plugs/ensure_user_key_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 8706b32cd..3ac301b97 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -37,4 +37,6 @@ defmodule Pleroma.Plugs.AuthenticationPlug do Pbkdf2.dummy_checkpw() conn end + + def call(conn, _), do: conn end diff --git a/lib/pleroma/plugs/ensure_user_key_plug.ex b/lib/pleroma/plugs/ensure_user_key_plug.ex new file mode 100644 index 000000000..05a567757 --- /dev/null +++ b/lib/pleroma/plugs/ensure_user_key_plug.ex @@ -0,0 +1,14 @@ +defmodule Pleroma.Plugs.EnsureUserKeyPlug do + import Plug.Conn + + def init(opts) do + opts + end + + def call(%{assigns: %{user: _}} = conn, _), do: conn + + def call(conn, _) do + conn + |> assign(:user, nil) + end +end -- cgit v1.2.3 From 636ad3e155d843ab7934438a05313abf1afb2a48 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 19:13:53 +0200 Subject: Add new plugs to router. --- lib/pleroma/web/router.ex | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b212a2909..7cd3c9908 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -9,47 +9,48 @@ defmodule Pleroma.Web.Router do @public Keyword.get(@instance, :public) @registrations_open Keyword.get(@instance, :registrations_open) - def user_fetcher(username_or_email) do - { - :ok, - cond do - # First, try logging in as if it was a name - user = Repo.get_by(User, %{nickname: username_or_email}) -> - user - - # If we get nil, we try using it as an email - user = Repo.get_by(User, %{email: username_or_email}) -> - user - end - } - end - pipeline :api do plug(:accepts, ["json"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :authenticated_api do plug(:accepts, ["json"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end pipeline :mastodon_html do plug(:accepts, ["html"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :pleroma_html do plug(:accepts, ["html"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :well_known do -- cgit v1.2.3 From 5ce1ebb1794205a58bedee314a7c787ceb362f37 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:42:42 +0200 Subject: Add SetUserSessionIdPlug. --- lib/pleroma/plugs/set_user_session_id_plug.ex | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 lib/pleroma/plugs/set_user_session_id_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/set_user_session_id_plug.ex b/lib/pleroma/plugs/set_user_session_id_plug.ex new file mode 100644 index 000000000..adc0a42b5 --- /dev/null +++ b/lib/pleroma/plugs/set_user_session_id_plug.ex @@ -0,0 +1,15 @@ +defmodule Pleroma.Plugs.SetUserSessionIdPlug do + import Plug.Conn + alias Pleroma.User + + def init(opts) do + opts + end + + def call(%{assigns: %{user: %User{id: id}}} = conn, _) do + conn + |> put_session(:user_id, id) + end + + def call(conn, _), do: conn +end -- cgit v1.2.3 From e601165426154e1c04594ae1c191249d3cd36535 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:53:53 +0200 Subject: Add UserEnabledPlug. --- lib/pleroma/plugs/user_enabled_plug.ex | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lib/pleroma/plugs/user_enabled_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/user_enabled_plug.ex b/lib/pleroma/plugs/user_enabled_plug.ex new file mode 100644 index 000000000..9c3285896 --- /dev/null +++ b/lib/pleroma/plugs/user_enabled_plug.ex @@ -0,0 +1,17 @@ +defmodule Pleroma.Plugs.UserEnabledPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{info: %{"deactivated" => true}}}} = conn, _) do + conn + |> assign(:user, nil) + end + + def call(conn, _) do + conn + end +end -- cgit v1.2.3 From 3aba585e7a2b4e1e7733ba6949951bd95469bdaa Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:57:56 +0200 Subject: Add Plugs to router. --- lib/pleroma/web/router.ex | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 7cd3c9908..e8a02a192 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -17,6 +17,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureUserKeyPlug) end @@ -28,6 +30,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end @@ -39,6 +43,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureUserKeyPlug) end -- cgit v1.2.3 From 44b094908c28b588438b4bf31c0a4751be47f48d Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:30:14 +0200 Subject: Update legacy passwords automatically. --- lib/pleroma/plugs/legacy_authentication_plug.ex | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/legacy_authentication_plug.ex b/lib/pleroma/plugs/legacy_authentication_plug.ex index 48c0aba88..d22c1a647 100644 --- a/lib/pleroma/plugs/legacy_authentication_plug.ex +++ b/lib/pleroma/plugs/legacy_authentication_plug.ex @@ -17,11 +17,15 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlug do } = conn, _ ) do - if :crypt.crypt(password, password_hash) == password_hash do + with ^password_hash <- :crypt.crypt(password, password_hash), + {:ok, user} <- + User.reset_password(auth_user, %{password: password, password_confirmation: password}) do conn - |> assign(:user, auth_user) + |> assign(:auth_user, user) + |> assign(:user, user) else - conn + _ -> + conn end end -- cgit v1.2.3 From 70163aec9b9efc455e499c72a181bc31d75b37f0 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:31:57 +0200 Subject: Add LegacyAuthenticationPlug to router. --- lib/pleroma/web/router.ex | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index e8a02a192..f3604d465 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -16,6 +16,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) @@ -29,6 +30,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) @@ -42,6 +44,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) -- cgit v1.2.3