3d01febcf7
Require the user to re-enter their password before they can view, create, update, or delete their API keys. This works by tracking the timestamp of the user's last password re-entry in a `last_authenticated_at` session cookie, and redirecting the user to a password confirmation page if they haven't re-entered their password in the last hour. This is modeled after Github's Sudo mode.
18 lines
628 B
Plaintext
18 lines
628 B
Plaintext
<% page_title "Confirm password" %>
|
|
<%= render "secondary_links" %>
|
|
|
|
<div id="c-sessions">
|
|
<div id="a-confirm-password">
|
|
<h1>Confirm password</h1>
|
|
|
|
<p>You must re-enter your password to continue.</p>
|
|
|
|
<%= simple_form_for(:session, url: session_path) do |f| %>
|
|
<%= f.input :url, as: :hidden, input_html: { value: params[:url] } %>
|
|
<%= f.input :name, as: :hidden, input_html: { value: CurrentUser.user.name } %>
|
|
<%= f.input :password, hint: link_to("Forgot password?", password_reset_path), input_html: { autocomplete: "password" } %>
|
|
<%= f.submit "Continue" %>
|
|
<% end %>
|
|
</div>
|
|
</div>
|