jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

api keys: require reauthentication when working with API keys.

Browse Source 
Require the user to re-enter their password before they can view,
create, update, or delete their API keys.

This works by tracking the timestamp of the user's last password
re-entry in a `last_authenticated_at` session cookie, and redirecting
the user to a password confirmation page if they haven't re-entered
their password in the last hour.

This is modeled after Github's Sudo mode.
This commit is contained in:
evazion
2021-02-15 00:09:12 -06:00
parent d99985160a
commit 3d01febcf7
7 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/routes.rb
View File

@@ -225,6 +225,7 @@ Rails.application.routes.draw do
resources :robots, only: [:index]
resources :saved_searches, :except => [:show]
resource :session, only: [:new, :create, :destroy] do
get :confirm_password, on: :collection
get :sign_out, on: :collection
end
resource :source, :only => [:show]