From: Chocobozzz <me@florianbigard.com>
Date: Mon, 16 Apr 2018 08:48:17 +0000 (+0200)
Subject: Add auth documentation
X-Git-Tag: v1.0.0-beta.4~63
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=94ff4c2335ace54b36b2bca96f63226ee8f575b1;p=oweals%2Fpeertube.git

Add auth documentation
---

diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 5e96d789e..abe6b3ff7 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -88,6 +88,8 @@ usersRouter.get('/',
 )
 
 usersRouter.get('/:id',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_USERS),
   asyncMiddleware(usersGetValidator),
   getUser
 )
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index ee591d620..a3e415b94 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -308,6 +308,26 @@ describe('Test users API validators', function () {
     })
   })
 
+  describe('When getting a user', function () {
+    before(async function () {
+      const res = await getUsersList(server.url, server.accessToken)
+
+      userId = res.body.data[1].id
+    })
+
+    it('Should fail with an non authenticated user', async function () {
+      await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
+    })
+
+    it('Should fail with a non admin user', async function () {
+      await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
+    })
+
+    it('Should succeed with the correct params', async function () {
+      await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
+    })
+  })
+
   describe('When updating a user', function () {
 
     before(async function () {
diff --git a/support/doc/api/html/index.html b/support/doc/api/html/index.html
index 8b0990bf1..bf9430e79 100644
--- a/support/doc/api/html/index.html
+++ b/support/doc/api/html/index.html
@@ -19,6 +19,7 @@
         <nav id="nav" role="navigation">
           <h5>Topics</h5>
           <a href="#introduction">Introduction</a>
+          <a href="#authentication">Authentication</a>
           <h5>Operations</h5>
           <section>
             <a href="#tag-Accounts">Accounts</a>
@@ -279,6 +280,43 @@
               </div>
             </div>
           </div>
+          <!-- <h1 id="security" data-traverse-target="security">Security</h1> -->
+          <h1 id="authentication" data-traverse-target="authentication">Authentication</h1>
+          <div id="security-definition-OAuth2" class="panel">
+            <div class="doc-row">
+              <div class="doc-copy">
+                <h3 class="security-definition-title">
+                  <span class="security-name">OAuth2</span>
+                  <span class="swagger-security-definition-oauth2"></span>
+                </h3>
+                <section class="security-definition-description">
+                  <p>In the header:
+                    <em>Authorization: Bearer mytoken</em>
+                  </p>
+                </section>
+                <section class="swagger-security-definition-properties">
+                  <div class="prop-row security-definition-property">
+                    <div class="prop-name">
+                      <div class="prop-title security-definition-property-name">type</div>
+                    </div>
+                    <div class="prop-value security-definition-property-type"> oauth2 </div>
+                  </div>
+                  <div class="prop-row security-definition-property">
+                    <div class="prop-name">
+                      <div class="prop-title security-definition-property-name">flow</div>
+                    </div>
+                    <div class="prop-value security-definition-property-type"> password </div>
+                  </div>
+                  <div class="prop-row security-definition-property">
+                    <div class="prop-name">
+                      <div class="prop-title security-definition-property-name">tokenUrl</div>
+                    </div>
+                    <div class="prop-value security-definition-property-type"> https://peertube.example.com/api/v1/users/token </div>
+                  </div>
+                </section>
+              </div>
+            </div>
+          </div>
           <h1 id="tag-Accounts" class="swagger-summary-tag" data-traverse-target="tag-Accounts">Accounts</h1>
           <div id="operation--accounts--id--get" class="operation panel" data-traverse-target="operation--accounts--id--get">
             <!-- <section class="operation-tags row"> -->
@@ -697,6 +735,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1 id="tag-ServerFollowing" class="swagger-summary-tag" data-traverse-target="tag-ServerFollowing">ServerFollowing</h1>
           <div id="operation--server-following--host--delete" class="operation panel" data-traverse-target="operation--server-following--host--delete">
@@ -754,6 +814,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--server-followers-get" class="operation panel" data-traverse-target="operation--server-followers-get">
             <!-- <section class="operation-tags row"> -->
@@ -1150,6 +1232,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1 id="tag-User" class="swagger-summary-tag" data-traverse-target="tag-User">User</h1>
           <div id="operation--users-post" class="operation panel" data-traverse-target="operation--users-post">
@@ -1240,6 +1344,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users-get" class="operation panel" data-traverse-target="operation--users-get">
             <!-- <section class="operation-tags row"> -->
@@ -1429,6 +1555,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users--id--delete" class="operation panel" data-traverse-target="operation--users--id--delete">
             <!-- <section class="operation-tags row"> -->
@@ -1485,6 +1633,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users--id--get" class="operation panel" data-traverse-target="operation--users--id--get">
             <!-- <section class="operation-tags row"> -->
@@ -1636,6 +1806,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users--id--put" class="operation panel" data-traverse-target="operation--users--id--put">
             <!-- <section class="operation-tags row"> -->
@@ -1723,6 +1915,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users-me-get" class="operation panel" data-traverse-target="operation--users-me-get">
             <!-- <section class="operation-tags row"> -->
@@ -1870,6 +2084,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users-me-put" class="operation panel" data-traverse-target="operation--users-me-put">
             <!-- <section class="operation-tags row"> -->
@@ -1941,6 +2177,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users-me-video-quota-used-get" class="operation panel" data-traverse-target="operation--users-me-video-quota-used-get">
             <!-- <section class="operation-tags row"> -->
@@ -1997,6 +2255,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users-me-videos--videoId--rating-get" class="operation panel" data-traverse-target="operation--users-me-videos--videoId--rating-get">
             <!-- <section class="operation-tags row"> -->
@@ -2070,6 +2350,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users-me-videos-get" class="operation panel" data-traverse-target="operation--users-me-videos-get">
             <!-- <section class="operation-tags row"> -->
@@ -2219,6 +2521,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--users-register-post" class="operation panel" data-traverse-target="operation--users-register-post">
             <!-- <section class="operation-tags row"> -->
@@ -2362,6 +2686,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1 id="tag-Video" class="swagger-summary-tag" data-traverse-target="tag-Video">Video</h1>
           <div id="operation--videos-get" class="operation panel" data-traverse-target="operation--videos-get">
@@ -3164,6 +3510,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos--id--get" class="operation panel" data-traverse-target="operation--videos--id--get">
             <!-- <section class="operation-tags row"> -->
@@ -3331,6 +3699,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos--id--description-get" class="operation panel" data-traverse-target="operation--videos--id--description-get">
             <!-- <section class="operation-tags row"> -->
@@ -3715,6 +4105,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1 id="tag-VideoAbuse" class="swagger-summary-tag" data-traverse-target="tag-VideoAbuse">VideoAbuse</h1>
           <div id="operation--videos-abuse-get" class="operation panel" data-traverse-target="operation--videos-abuse-get">
@@ -3851,6 +4263,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos--id--abuse-post" class="operation panel" data-traverse-target="operation--videos--id--abuse-post">
             <!-- <section class="operation-tags row"> -->
@@ -3907,6 +4341,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1 id="tag-VideoBlacklist" class="swagger-summary-tag" data-traverse-target="tag-VideoBlacklist">VideoBlacklist</h1>
           <div id="operation--videos--videoId--blacklist-post" class="operation panel" data-traverse-target="operation--videos--videoId--blacklist-post">
@@ -3964,6 +4420,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos--videoId--blacklist-delete" class="operation panel" data-traverse-target="operation--videos--videoId--blacklist-delete">
             <!-- <section class="operation-tags row"> -->
@@ -4020,6 +4498,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos-blacklist-get" class="operation panel" data-traverse-target="operation--videos-blacklist-get">
             <!-- <section class="operation-tags row"> -->
@@ -4141,6 +4641,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1 id="tag-VideoChannel" class="swagger-summary-tag" data-traverse-target="tag-VideoChannel">VideoChannel</h1>
           <div id="operation--videos-channels-get" class="operation panel" data-traverse-target="operation--videos-channels-get">
@@ -4371,6 +4893,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos-channels--id--get" class="operation panel" data-traverse-target="operation--videos-channels--id--get">
             <!-- <section class="operation-tags row"> -->
@@ -4578,6 +5122,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos-channels--id--delete" class="operation panel" data-traverse-target="operation--videos-channels--id--delete">
             <!-- <section class="operation-tags row"> -->
@@ -4634,6 +5200,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos-accounts--accountId--channels-get" class="operation panel" data-traverse-target="operation--videos-accounts--accountId--channels-get">
             <!-- <section class="operation-tags row"> -->
@@ -5010,6 +5598,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos--videoId--comment-threads--threadId--get" class="operation panel" data-traverse-target="operation--videos--videoId--comment-threads--threadId--get">
             <!-- <section class="operation-tags row"> -->
@@ -5299,6 +5909,28 @@
                 </section>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <div id="operation--videos--videoId--comments--commentId--delete" class="operation panel" data-traverse-target="operation--videos--videoId--comments--commentId--delete">
             <!-- <section class="operation-tags row"> -->
@@ -5369,6 +6001,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1 id="tag-VideoRate" class="swagger-summary-tag" data-traverse-target="tag-VideoRate">VideoRate</h1>
           <div id="operation--videos--id--rate-put" class="operation panel" data-traverse-target="operation--videos--id--rate-put">
@@ -5426,6 +6080,28 @@
                 </h5>
               </div>
             </div>
+            <div class="doc-row">
+              <div class="doc-copy">
+                <section class="swagger-request-security">
+                  <table class="table">
+                    <thead>
+                      <tr>
+                        <th class="swagger-request-security-schema"></th>
+                        <th class="swagger-request-security-scopes"></th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      <tr>
+                        <td>
+                          <a href="#security-definition-OAuth2">OAuth2</a>
+                        </td>
+                        <td> </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </section>
+              </div>
+            </div>
           </div>
           <h1>Schema Definitions</h1>
           <div id="definition-VideoConstant" class="definition panel" data-traverse-target="definition-VideoConstant">
diff --git a/support/doc/api/html/stylesheets/foundation.css b/support/doc/api/html/stylesheets/foundation.css
index 6b6d08d7d..d86e324a7 100644
--- a/support/doc/api/html/stylesheets/foundation.css
+++ b/support/doc/api/html/stylesheets/foundation.css
@@ -2213,7 +2213,9 @@ table {
   width: 100%;
   margin-bottom: 1rem;
   border-radius: 0; }
-  thead, tbody, tfoot {
+  thead,
+  tbody,
+  tfoot {
     border: 1px solid #f1f1f1;
     background-color: #fefefe; }
   caption {
@@ -2225,13 +2227,18 @@ table {
   tfoot {
     background: #f1f1f1;
     color: #23241f; }
-  thead tr, tfoot tr {
+  thead tr,
+  tfoot tr {
     background: transparent; }
-  thead th, thead td, tfoot th, tfoot td {
+  thead th,
+  thead td,
+  tfoot th,
+  tfoot td {
     padding: 0.5263157895rem 0.6578947368rem 0.6578947368rem;
     font-weight: bold;
     text-align: left; }
-  tbody th, tbody td {
+  tbody th,
+  tbody td {
     padding: 0.5263157895rem 0.6578947368rem 0.6578947368rem; }
   tbody tr:nth-child(even) {
     border-bottom: 0;
diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml
index e5fe34a1d..c3efa512d 100644
--- a/support/doc/api/openapi.yaml
+++ b/support/doc/api/openapi.yaml
@@ -4,6 +4,14 @@ info:
   version: 1.0.0-beta
   description: Federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.
 host: peertube.example.com
+securityDefinitions:
+  OAuth2:
+    description: 'In the header: *Authorization: Bearer mytoken*'
+    type: oauth2
+    flow: password
+    # Not implemented yet
+    # authorizationUrl: https://example.com/oauth/authorize
+    tokenUrl: https://peertube.example.com/api/v1/users/token
 basePath: '/api/v1'
 schemes:
   - https
@@ -72,6 +80,8 @@ paths:
             $ref: '#/definitions/ServerConfig'
   /jobs:
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - Job
       consumes:
@@ -108,6 +118,8 @@ paths:
               $ref: '#/definitions/Job'
   '/server/following/{host}':
     delete:
+      security:
+        - OAuth2: [ ]
       tags:
         - ServerFollowing
       consumes:
@@ -186,6 +198,8 @@ paths:
             items:
               $ref: '#/definitions/Follow'
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - ServerFollowing
       consumes:
@@ -202,6 +216,8 @@ paths:
           description: successful operation
   /users:
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -221,6 +237,8 @@ paths:
           schema:
             $ref: '#/definitions/AddUserResponse'
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -252,6 +270,8 @@ paths:
               $ref: '#/definitions/User'
   '/users/{id}':
     delete:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -268,6 +288,8 @@ paths:
         '204':
           description: successful operation
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -286,6 +308,8 @@ paths:
           schema:
             $ref: '#/definitions/User'
     put:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -308,6 +332,8 @@ paths:
           description: successful operation
   /users/me:
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -322,6 +348,8 @@ paths:
             items:
               $ref: '#/definitions/User'
     put:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -339,6 +367,8 @@ paths:
           description: successful operation
   /users/me/video-quota-used:
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -353,6 +383,8 @@ paths:
             type: number
   '/users/me/videos/{videoId}/rating':
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -372,6 +404,8 @@ paths:
             $ref: '#/definitions/GetMeVideoRating'
   /users/me/videos:
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -420,6 +454,8 @@ paths:
           description: successful operation
   /users/me/avatar/pick:
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - User
       consumes:
@@ -560,6 +596,8 @@ paths:
               $ref: '#/definitions/Video'
   "/videos/{id}":
     put:
+      security:
+        - OAuth2: [ ]
       tags:
         - Video
       consumes:
@@ -645,6 +683,8 @@ paths:
           schema:
             $ref: '#/definitions/Video'
     delete:
+      security:
+        - OAuth2: [ ]
       tags:
         - Video
       consumes:
@@ -698,6 +738,8 @@ paths:
           description: successful operation
   /videos/upload:
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - Video
       consumes:
@@ -776,6 +818,8 @@ paths:
             $ref: '#/definitions/VideoUploadResponse'
   /videos/abuse:
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoAbuse
       consumes:
@@ -807,6 +851,8 @@ paths:
               $ref: '#/definitions/VideoAbuse'
   "/videos/{id}/abuse":
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoAbuse
       consumes:
@@ -824,6 +870,8 @@ paths:
           description: successful operation
   "/videos/{videoId}/blacklist":
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoBlacklist
       consumes:
@@ -840,6 +888,8 @@ paths:
         '204':
           description: successful operation
     delete:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoBlacklist
       consumes:
@@ -857,6 +907,8 @@ paths:
           description: successful operation
   /videos/blacklist:
     get:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoBlacklist
       consumes:
@@ -918,6 +970,8 @@ paths:
             items:
               $ref: '#/definitions/VideoChannel'
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoChannel
       consumes:
@@ -952,6 +1006,8 @@ paths:
           schema:
             $ref: '#/definitions/VideoChannel'
     put:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoChannel
       consumes:
@@ -972,6 +1028,8 @@ paths:
         '204':
           description: successful operation
     delete:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoChannel
       consumes:
@@ -1043,6 +1101,8 @@ paths:
           schema:
             $ref: '#/definitions/CommentThreadResponse'
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoComment
       consumes:
@@ -1086,6 +1146,8 @@ paths:
             $ref: '#/definitions/VideoCommentThreadTree'
   "/videos/{videoId}/comments/{commentId}":
     post:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoComment
       consumes:
@@ -1109,6 +1171,8 @@ paths:
           schema:
             $ref: '#/definitions/CommentThreadPostResponse'
     delete:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoComment
       consumes:
@@ -1131,6 +1195,8 @@ paths:
           description: successful operation
   "/videos/{id}/rate":
     put:
+      security:
+        - OAuth2: [ ]
       tags:
         - VideoRate
       consumes: