From ce0d1704c6cc167c8bc891587952f78c55f979ad Mon Sep 17 00:00:00 2001
From: Pablo Polvorin <ppolvorin@process-one.net>
Date: Wed, 29 Jun 2016 00:22:28 -0300
Subject: Allow generation of oauth tokens from command line

Oauth tokens can be generated for commands (scopes) having admin|user|open
policy. Restricted commands are not available as those are only usable
from ejabberdctl command line.

Four new commands are available:

$ejabberdctl oauth_issue_token "stats;get_roster"
    Generates a token authorized to call both stats and get_roster
    commands.  Note scopes must be separated by semicolon.

$ejabberdctl oauth_list_tokens
    List tokens generated from the command line, with their scope
    and expirity time.

$ejabberdctl oauth_list_scopes
    List scopes available

$ejabberdctl oauth_revoke_token "Lbs7qdJfdKXOWzVrArgyckY055tE1xnt"
    Revokes the given token
---
 src/mod_http_api.erl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/mod_http_api.erl')

diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl
index aadf09974..595c121cd 100644
--- a/src/mod_http_api.erl
+++ b/src/mod_http_api.erl
@@ -157,8 +157,10 @@ check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call, _)
                 end;
             {oauth, Token, _} ->
                 case oauth_check_token(Call, Token) of
-                    {ok, User, Server} ->
+                    {ok, user, {User, Server}} ->
                         {ok, {User, Server, {oauth, Token}, Admin}};
+                    {ok, server_admin} ->  %% token whas generated using issue_token command line
+                        {ok, admin};
                     false ->
                         false
                 end;
-- 
cgit v1.2.3