jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

api keys: require reauthentication when working with API keys.

Browse Source 
Require the user to re-enter their password before they can view,
create, update, or delete their API keys.

This works by tracking the timestamp of the user's last password
re-entry in a `last_authenticated_at` session cookie, and redirecting
the user to a password confirmation page if they haven't re-entered
their password in the last hour.

This is modeled after Github's Sudo mode.
This commit is contained in:
evazion
2021-02-15 00:09:12 -06:00
parent d99985160a
commit 3d01febcf7
7 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/sessions_controller.rb
View File

@@ -6,6 +6,9 @@ class SessionsController < ApplicationController
@user = User.new
end
def confirm_password
end
def create
name, password, url = params.fetch(:session, params).slice(:name, :password, :url).values
user = SessionLoader.new(request).login(name, password)