Sudo mode: Require password re-entry for sensitive actions (optional)
|Assignee:||Jean-Philippe Lang||% Done:|
|Category:||Accounts / authentication|
This patch adds a so-called sudo mode as a safe-guard against damage done through hijacked sessions, be it remotely or through physical access to a computer with an existing open Redmine session. A similar feature has been implemented for example by GitHub.
Sudo mode will require the user to re-enter his password before any potentially dangerous action is carried out (see below for full list). Once the correct password was entered, the original action will be performed and sudo mode will stay active for at least 15 minutes. Every time another action requiring sudo permissions is invoked, this interval will be reset, so more administrative work can be done without further interruptions. This behaviour is similar to what Unix
Full list of things guarded by the patch:
- editing of account data (my/account) and email addresses
- displaying the API key, reset of rss / API keys
- editing of Project memberships
- global settings, plugin settings
- user, group, role, auth source management
- project deletion
Since actions requiring this additional authentication step are declared in controllers using a simple class method, sudo mode might also easily be used by plugins to protect their own potentially destructive actions.
This feature was developed for Planio and we think it would be very nice to have that in Redmine.
Renamed sudo mode test.
#3 Updated by Jean-Philippe Lang almost 4 years ago
This would be a nice addition for 3.1.0 indeed but this feature may not be wanted for all Redmine instances. I think we should let people decide whether or not this feature is enabled. The configuration file would be a good place to have this setting (obviously it should not be possible to turn it on/off from the web interface).
#4 Updated by Jean-Philippe Lang almost 4 years ago
- Tracker changed from Patch to Feature
- Subject changed from [Feature] Require password re-entry for sensitive actions (sudo mode) to Sudo mode: Require password re-entry for sensitive actions (optional)
- Status changed from New to Closed
- Assignee set to Jean-Philippe Lang
- Resolution set to Fixed
The patch and a few changes are committed.