@mattab opened this Issue on October 11th 2018 Member

Before installing a new plugin (via Marketplace or direct upload), we should ask again the Super User to enter their password. Since a plugin can easily lead to RCE it is important to ensure that a Logged-in browser cannot be used to install custom plugins.

Similar to #2932

@tsteur commented on October 23rd 2018 Member

The feature to ask for password first will be also need in two factor authentication (https://github.com/matomo-org/matomo/issues/13325) and couple other features. So be good to build a general popover for this or screen or ... if possible

@tsteur commented on October 30th 2018 Member

FYI: Developed this as part of https://github.com/matomo-org/matomo/issues/13325 . It'll be pretty much as easy as doing this in the controller:

 $this->passwordVerify->requirePasswordVerifiedRecently(array('module' => 'TwoFactorAuth', 'action' => 'disableTwoFactorAuth', 'nonce' => $nonce);

It is not in a popup though. To be seen if it can be reused there or not.

@tsteur commented on April 22nd 2019 Member

FYI: Similar change was recently done here: https://github.com/matomo-org/matomo/pull/13342/files

@tsteur commented on April 22nd 2019 Member

For the install plugin page we can use in the installPlugin controller ...

  $params = array('module' => 'CorePluginsAdmin', 'action' => 'installPlugin', 'nonce' => $nonce);
        if ($this->passwordVerify->requirePasswordVerifiedRecently($params)) {
  // ... install plugin
        }

In the upload plugin popover, we need to add a new form field for the password and validate in the uploadPlugin controller using PasswordVerifier::isPasswordCorrect().

Powered by GitHub Issue Mirror