User and organization settings need to be password-protected
See original GitHub issueFor certain operations, the backend will check the last time the user password was entered. If more than 5 minutes have elapsed since the last time the password was entered, the backend will inform the frontend it needs to ask the user to enter the password again before the operation can be fulfilled.
Those operations are:
-
Regular users wanting to modify or add to any personal data field in their profiles (
/u/USERNAME/profile
) -
Regular users wanting to modify their API keys (
/u/USERNAME/your_apps
) -
Org admin users wanting to modify the organization profile (
/user/USERNAME/organization/settings
) -
Org admin users wanting to modify the organization auth page (
/user/USERNAME/organization/auth
) -
Org admin users wanting to modify the organization user page (
/user/USERNAME/organization
) -
Org admin users wanting to modify the organization group page (
/user/USERNAME/organization/groups
) -
Org admin users wanting to send a notification (
/user/USERNAME/organization/notifications
)
Issue Analytics
- State:
- Created 5 years ago
- Comments:23 (20 by maintainers)
Top GitHub Comments
Acceptance
Password-protected actions list
✅ Regular users wanting to modify or add to any personal data field in their profiles.
✅ Org admin users wanting to modify the organization profile.
✅ Org admin users regenerating API Keys for all your organization users (Button inside organization settings)
✅ Org admin users wanting to modify the organization auth page.
✅ Org admin users wanting to send a notification
✅ Org admin users adding users or deleting users from a group.
✅ Org admin users deleting a group.
✅ Org admin users creating a new organization user.
✅ Org admin users deleting or modifying organization users.
✅ Org admin regenerating all API Keys of an organization user.
🇯🇲
I have done a first approach to the solution, here I show you the whole flow in a GIF. Please let me know what you think: