summaryrefslogtreecommitdiffstats
path: root/app/views/my
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2015-06-19 18:41:10 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2015-06-19 18:41:10 +0000
commitd6f389658b9e83d7a5d74c57fc46a203a5a88591 (patch)
tree534fd5f3520833e1c1c2bb2105971ce86008b991 /app/views/my
parent3811ff5d95bd848f457c9d29a162ce83f12fe3ac (diff)
downloadredmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.tar.gz
redmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.zip
Require password re-entry for sensitive actions (#19851).
Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@14333 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/views/my')
-rw-r--r--app/views/my/_sidebar.html.erb4
-rw-r--r--app/views/my/show_api_key.html.erb10
-rw-r--r--app/views/my/show_api_key.js.erb1
3 files changed, 13 insertions, 2 deletions
diff --git a/app/views/my/_sidebar.html.erb b/app/views/my/_sidebar.html.erb
index a35bcaf77..7f0aefa16 100644
--- a/app/views/my/_sidebar.html.erb
+++ b/app/views/my/_sidebar.html.erb
@@ -21,8 +21,8 @@
<% if Setting.rest_api_enabled? %>
<h4><%= l(:label_api_access_key) %></h4>
<div>
- <%= link_to_function(l(:button_show), "$('#api-access-key').toggle();")%>
- <pre id='api-access-key' class='autoscroll'><%= @user.api_key %></pre>
+ <%= link_to l(:button_show), {:action => 'show_api_key'}, :remote => true %>
+ <pre id='api-access-key' class='autoscroll'></pre>
</div>
<%= javascript_tag("$('#api-access-key').hide();") %>
<p>
diff --git a/app/views/my/show_api_key.html.erb b/app/views/my/show_api_key.html.erb
new file mode 100644
index 000000000..97665faff
--- /dev/null
+++ b/app/views/my/show_api_key.html.erb
@@ -0,0 +1,10 @@
+<h2><%= l :label_api_access_key %></h2>
+
+<div class="box">
+ <pre><%= @user.api_key %></pre>
+</div>
+
+<p><%= link_to l(:button_back), action: 'account' %></p>
+
+
+
diff --git a/app/views/my/show_api_key.js.erb b/app/views/my/show_api_key.js.erb
new file mode 100644
index 000000000..73b0ee029
--- /dev/null
+++ b/app/views/my/show_api_key.js.erb
@@ -0,0 +1 @@
+$('#api-access-key').html('<%= escape_javascript @user.api_key %>').toggle();