github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Standardize session confirmation prompt (#24212)

Browse Source 
Switches to using a dialog to confirm a session (i.e. sudo mode for
account changes where we want to be extra sure the current user is who
they say they are) to match what we do with passkeys.
This commit is contained in:
Penar Musaraj
2023-11-07 08:26:10 -08:00
committed by GitHub
parent dcaa719363
commit a1c1f7ce75
14 changed files with 249 additions and 358 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/users_controller.rb
View File

@ -1533,12 +1533,6 @@ class UsersController < ApplicationController
raise Discourse::NotFound
end
if params[:password].present?
if !confirm_secure_session
return render json: failed_json.merge(error: I18n.t("login.incorrect_password"))
end
end
if secure_session_confirmed?
totp_second_factors =
current_user
@ -1555,7 +1549,7 @@ class UsersController < ApplicationController
render json: success_json.merge(totps: totp_second_factors, security_keys: security_keys)
else
render json: success_json.merge(password_required: true)
render json: success_json.merge(unconfirmed_session: true)
end
end