-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require password confirmation for more plugin operations. #17345
Conversation
Is it common for asking password as a URL parameter when we already have the token validation? Is it necessary? I can't remember using API like this. |
@flamisz if you grep through API files for 'passwordConfirmation', you'll find similar methods. It is an extra security precaution for sensitive settings and changes. Also just realized I forgot to the UI related changes, will move this back to a draft. |
…penEnd materializecss modal event handler instead of ready since ready no longer exists in used version
Added the UI changes. Also noticed we were using the old |
…ord confirmation.
@sgiehl this should be ready for another review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems to work as expected now. Some UI tests for TagManager and QueuedTracking are failing due to the new password confirmation. Might be good to fix them before merging
Description:
Adding requirement for password confirmation for: activating a plugin, deactivating a plugin, uninstalling a plugin. And for CorePluginsAdmin.setSystemSettings.
Review