lastuser icon indicating copy to clipboard operation
lastuser copied to clipboard

Published 20 hours ago verified publisher icon hasgeek

Require password for certain features

Open jace opened this issue 11 years ago • 3 comments

Creating new applications, adding/deleting organizations and other such critical actions should require a password prompt. However, since Lastuser doesn't require a password to login if the account is linked to external ids, this should be amended too.

  1. When accessing a critical feature, ask for a password. Remember this for up to 15 minutes.
  2. If the user does not have a password, require them to set a password before they can proceed.
  3. Provide an option in the profile setting that requires a password at all times. This setting can be enabled only if they have at least one verified email address.

jace avatar Mar 13 '14 06:03 jace

UserSession introduced a sudo_enabled_at column with a has_sudo property and set_sudo method in 0b9b07bc29e5ba6cccaaed407c99e54367f7ea68 for #89.

jace avatar Mar 06 '17 13:03 jace

The has_sudo method from #89 is hardcoded to a 1 hour timedelta, not 15 minutes as per this ticket. We should revisit during implementation of this ticket.

jace avatar Mar 06 '17 13:03 jace

This was originally discussed in #5.

jace avatar Jul 17 '17 08:07 jace