Require password re-entry for sensitive actions (#19851).

Patch by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@14333 e93f8b46-1217-0410-a6f0-8f06a7374b81

3 files changed, 13 insertions, 2 deletions

diff --git a/app/views/my/_sidebar.html.erb b/app/views/my/_sidebar.html.erb
index a35bcaf77..7f0aefa16 100644
--- a/app/views/my/_sidebar.html.erb
+++ b/app/views/my/_sidebar.html.erb
@@ -21,8 +21,8 @@
 <% if Setting.rest_api_enabled? %>
 <h4><%= l(:label_api_access_key) %></h4>
 <div>
-  <%= link_to_function(l(:button_show), "$('#api-access-key').toggle();")%>
-  <pre id='api-access-key' class='autoscroll'><%= @user.api_key %></pre>
+  <%= link_to l(:button_show), {:action => 'show_api_key'}, :remote => true %>
+  <pre id='api-access-key' class='autoscroll'></pre>
 </div>
 <%= javascript_tag("$('#api-access-key').hide();") %>
 <p>
diff --git a/app/views/my/show_api_key.html.erb b/app/views/my/show_api_key.html.erb
new file mode 100644
index 000000000..97665faff
--- /dev/null
+++ b/app/views/my/show_api_key.html.erb
@@ -0,0 +1,10 @@
+<h2><%= l :label_api_access_key %></h2>
+
+<div class="box">
+  <pre><%= @user.api_key %></pre>
+</div>
+
+<p><%= link_to l(:button_back), action: 'account' %></p>
+
+
+
diff --git a/app/views/my/show_api_key.js.erb b/app/views/my/show_api_key.js.erb
new file mode 100644
index 000000000..73b0ee029
--- /dev/null
+++ b/app/views/my/show_api_key.js.erb
@@ -0,0 +1 @@
+$('#api-access-key').html('<%= escape_javascript @user.api_key %>').toggle();