Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

User and organization settings need to be password-protected

See original GitHub issue

For certain operations, the backend will check the last time the user password was entered. If more than 5 minutes have elapsed since the last time the password was entered, the backend will inform the frontend it needs to ask the user to enter the password again before the operation can be fulfilled.

Those operations are:

Regular users wanting to modify or add to any personal data field in their profiles (/u/USERNAME/profile)
Regular users wanting to modify their API keys (/u/USERNAME/your_apps)
Org admin users wanting to modify the organization profile (/user/USERNAME/organization/settings)
Org admin users wanting to modify the organization auth page (/user/USERNAME/organization/auth)
Org admin users wanting to modify the organization user page (/user/USERNAME/organization)
Org admin users wanting to modify the organization group page (/user/USERNAME/organization/groups)
Org admin users wanting to send a notification (/user/USERNAME/organization/notifications)

Issue Analytics

State:
Created 5 years ago
Comments:23 (20 by maintainers)

Top GitHub Comments

2reactions

ivanmalagoncommented, May 22, 2018

Acceptance

Password-protected actions list

✅ Regular users wanting to modify or add to any personal data field in their profiles.
✅ Org admin users wanting to modify the organization profile.
✅ Org admin users regenerating API Keys for all your organization users (Button inside organization settings)
✅ Org admin users wanting to modify the organization auth page.
✅ Org admin users wanting to send a notification
✅ Org admin users adding users or deleting users from a group.
✅ Org admin users deleting a group.
✅ Org admin users creating a new organization user.
✅ Org admin users deleting or modifying organization users.
✅ Org admin regenerating all API Keys of an organization user.

🇯🇲

2reactions

jesusbotellacommented, May 7, 2018

I have done a first approach to the solution, here I show you the whole flow in a GIF. Please let me know what you think:

modalconfirmpassword

Top Results From Across the Web

Protect a document with a password - Microsoft Support

Protect a document with a password · On the Word menu, click Preferences. · Under Personal Settings, click Security Security Preferences button ....

Require passwords for managed mobile devices

As an administrator, you can protect your organization's data by requiring users to set a screen lock or password on managed mobile devices....

How To Create A Secure Password Policy For Your ...

Find out how to create a secure password policy and manifest a culture of security, from setting basic requirements to implementing ...

Successful Password Policies for Organizations - 9 Security Tips

Establishing a Secure & Successful Password Policy Framework for Organizations - Nine Tips from a Cyber Security Managed Services Provider | Passphrases, ...

Chapter 8-Protecting Your System: User Access Security, from ...

"It would have been very clear to me that I had no business in a file if my password wouldn't get me in."...