Skip to content
Browse files

Require two-factor authentication to enable admin mode.

This feature can be disabled with the new ini setting
`disable_admin_otp`.
  • Loading branch information...
1 parent 8dfd73b commit 1db68ce6b1d4efa0267661c581395b4a22fcea73 @spladug spladug committed Jul 22, 2012
View
1 install-reddit.sh
@@ -242,6 +242,7 @@ debug = true
disable_ads = true
disable_captcha = true
disable_ratelimit = true
+disable_require_admin_otp = true
page_cache_time = 0
View
1 r2/example.ini
@@ -66,6 +66,7 @@ CLOUDSEARCH_SUBREDDIT_DOC_API =
disable_ads = false
disable_captcha = false
disable_ratelimit = false
+disable_require_admin_otp = false
# -- important settings --
# the domain that this app serves itself up as
View
13 r2/r2/controllers/api.py
@@ -2705,11 +2705,22 @@ def POST_expando(self, link):
@validatedForm(VUser('password', default=''),
VModhash(),
+ VOneTimePassword("otp",
+ required=not g.disable_require_admin_otp),
+ remember=VBoolean("remember"),
dest=VDestination())
- def POST_adminon(self, form, jquery, dest):
+ def POST_adminon(self, form, jquery, remember, dest):
if form.has_errors('password', errors.WRONG_PASSWORD):
return
+ if form.has_errors("otp", errors.WRONG_PASSWORD,
+ errors.NO_OTP_SECRET,
+ errors.RATELIMIT):
+ return
+
+ if remember:
+ self.remember_otp(c.user)
+
self.enable_admin_mode(c.user)
form.redirect(dest)
View
1 r2/r2/lib/app_globals.py
@@ -114,6 +114,7 @@ class Globals(object):
's3_media_direct',
'disable_captcha',
'disable_ads',
+ 'disable_require_admin_otp',
'static_pre_gzipped',
'static_secure_pre_gzipped',
'trust_local_proxies',
View
9 r2/r2/public/static/css/reddit.css
@@ -5409,8 +5409,13 @@ tr.gold-accent + tr > td {
}
.adminpasswordform {
- margin-bottom: .5em;
- display: inline-block;
+ display: block;
+ margin: .5em auto 0 auto;
+}
+
+.adminpasswordform label {
+ display: block;
+ padding: .5em;
}
.content.api-help {
View
19 r2/r2/templates/passwordverificationform.html
@@ -43,6 +43,25 @@
${error_field("WRONG_PASSWORD", "password")}
</%utils:round_field>
+ <%utils:round_field title="${_('one-time password')}" description="${_('(required)')}" css_class="adminpasswordform">
+ <input type="text" name="otp" maxlength="6" tabindex="1" required pattern="[0-9]{6}" autocomplete="off"
+ % if c.otp_cached:
+ disabled
+ % endif
+ />
+ ${error_field("WRONG_PASSWORD", "otp")}
+ ${error_field("NO_OTP_SECRET", "otp")}
+ ${error_field("RATELIMIT", "otp")}
+
+ <label>
+ <input type="checkbox" name="remember" tabindex="1"
+ % if c.otp_cached:
+ disabled
+ checked
+ % endif
+ > ${_("remember this computer")}</label>
+ </%utils:round_field>
+
<p><button type="submit" class="btn" tabindex="1">${_('turn admin on')}</button></p>
<p class="status error"></p>
</div>

0 comments on commit 1db68ce

Please sign in to comment.
Something went wrong with that request. Please try again.