New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require password confirmation before setting/removing superuser access. #13975
Conversation
Not sure if it's needed in |
cc @mattab |
Sounds good to me 👍 better API authentication will be done later in #6559 |
Closing |
Whoops forgot there was another change here |
…ssue where getSiteAccess is called w/ superuser when toggling superuser access.
4059dc6
to
f0c9e48
Compare
@tsteur removed the code to require password before showing token auth. UI tests may need to be fixed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Due to the not existing method confirming the password currently returns a 500 - internal server error
. Wondering if we should handle such issues in any way. Currently the popover is closed and nothing happens. Maybe it would be good to at least display an error message?
CC @tsteur to make sure the breaking API change is ok |
This breaking change should be fine 👍 |
Looks good and works 👍 . Also I think |
Adds the confirmation to listAllAPI.twig and to userSettings.twig. There is some code redundancy between the two which I couldn't find a good way of removing.
Fixes #13711