Feature #19851

Sudo mode: Require password re-entry for sensitive actions (optional)

Added by Jens Krämer about 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Accounts / authentication
Target version:3.1.0
Resolution:Fixed

Description

This patch adds a so-called sudo mode as a safe-guard against damage done through hijacked sessions, be it remotely or through physical access to a computer with an existing open Redmine session. A similar feature has been implemented for example by GitHub.

Sudo mode will require the user to re-enter his password before any potentially dangerous action is carried out (see below for full list). Once the correct password was entered, the original action will be performed and sudo mode will stay active for at least 15 minutes. Every time another action requiring sudo permissions is invoked, this interval will be reset, so more administrative work can be done without further interruptions. This behaviour is similar to what Unix sudo does.

Full list of things guarded by the patch:

  • editing of account data (my/account) and email addresses
  • displaying the API key, reset of rss / API keys
  • editing of Project memberships
  • global settings, plugin settings
  • user, group, role, auth source management
  • project deletion

Since actions requiring this additional authentication step are declared in controllers using a simple class method, sudo mode might also easily be used by plugins to protect their own potentially destructive actions.

This feature was developed for Planio and we think it would be very nice to have that in Redmine.

20150515_sudo_mode.diff Magnifier - patch against current trunk (r14266) (28.3 KB) Jens Krämer, 2015-05-15 10:52

Associated revisions

Revision 14333
Added by Jean-Philippe Lang about 3 years ago

Require password re-entry for sensitive actions (#19851).

Patch by Jens Krämer.

Revision 14334
Added by Jean-Philippe Lang about 3 years ago

Changed /my/show_api_key route to /my/api_key (#19851).

Revision 14335
Added by Jean-Philippe Lang about 3 years ago

Use existing label for password submission (#19851).

Revision 14336
Added by Jean-Philippe Lang about 3 years ago

Adds a configuration setting to enable sudo mode, disabled by default (#19851).

Revision 14337
Added by Jean-Philippe Lang about 3 years ago

Renamed sudo mode test.

Revision 14338
Added by Jean-Philippe Lang about 3 years ago

Don't use SudoMode.disable! to skip API requests (#19851).

Revision 14339
Added by Jean-Philippe Lang about 3 years ago

Fixed the sudo dialog when called from a dialog, eg. email addresses (#19851).

Revision 14340
Added by Jean-Philippe Lang about 3 years ago

Fixed r14339 for when closing the dialog by using the upper-right cross (#19851).

Revision 14341
Added by Jean-Philippe Lang about 3 years ago

Fixed wrong password rendering broken by r14339 (#19851).

Revision 14342
Added by Jean-Philippe Lang about 3 years ago

Adds french translation (#19851).

Revision 14343
Added by Jean-Philippe Lang about 3 years ago

Removed extra blank lines (#19851).

Revision 14344
Added by Jean-Philippe Lang about 3 years ago

Tests that submitted data is present in the sudo form (#19851).

Revision 14345
Added by Jean-Philippe Lang about 3 years ago

Adds a UI test (#19851).

Revision 14346
Added by Jean-Philippe Lang about 3 years ago

Removed extra blank lines (#19851).

Revision 14352
Added by Jean-Philippe Lang about 3 years ago

Adds translation strings (#19851).

Revision 14353
Added by Jean-Philippe Lang about 3 years ago

Make the sudo timeout configurable (#19851).

Revision 14354
Added by Jean-Philippe Lang about 3 years ago

Set a default timeout value (#19851).

Revision 14359
Added by Jean-Philippe Lang about 3 years ago

Fixed test error (#19851).

History

#1 Updated by Jan Niggemann (redmine.org team member) about 3 years ago

I like the idea, thank you for providing a patch!

#2 Updated by Toshi MARUYAMA about 3 years ago

  • Target version set to 3.1.0

#3 Updated by Jean-Philippe Lang about 3 years ago

This would be a nice addition for 3.1.0 indeed but this feature may not be wanted for all Redmine instances. I think we should let people decide whether or not this feature is enabled. The configuration file would be a good place to have this setting (obviously it should not be possible to turn it on/off from the web interface).

#4 Updated by Jean-Philippe Lang about 3 years ago

  • Tracker changed from Patch to Feature
  • Subject changed from [Feature] Require password re-entry for sensitive actions (sudo mode) to Sudo mode: Require password re-entry for sensitive actions (optional)
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

The patch and a few changes are committed.

Also available in: Atom PDF