Require password re-entry for sensitive actions (#19851).

Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@14333 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2015-06-19 18:41:10 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2015-06-19 18:41:10 +0000
commit: d6f389658b9e83d7a5d74c57fc46a203a5a88591 (patch)
tree: 534fd5f3520833e1c1c2bb2105971ce86008b991 /app/controllers/my_controller.rb
parent: 3811ff5d95bd848f457c9d29a162ce83f12fe3ac (diff)
download: redmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.tar.gz
redmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index 982541db1..1f744a936 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -20,6 +20,9 @@ class MyController < ApplicationController
   # let user change user's password when user has to
   skip_before_filter :check_password_change, :only => :password
 
+  require_sudo_mode :account, only: :post
+  require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
+
   helper :issues
   helper :users
   helper :custom_fields
@@ -123,6 +126,10 @@ class MyController < ApplicationController
     redirect_to my_account_path
   end
 
+  def show_api_key
+    @user = User.current
+  end
+
   # Create a new API key
   def reset_api_key
     if request.post?
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2015-06-19 18:41:10 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2015-06-19 18:41:10 +0000
commit	d6f389658b9e83d7a5d74c57fc46a203a5a88591 (patch)
tree	534fd5f3520833e1c1c2bb2105971ce86008b991 /app/controllers/my_controller.rb
parent	3811ff5d95bd848f457c9d29a162ce83f12fe3ac (diff)
download	redmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.tar.gz redmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.zip