Ensure API requests with session auth check 2fa status #19550
Conversation
sgiehl
added
c: Security
|
@peterhashair This PR might look quite small, but it actually is quite impacting. If there is something wrong it could open up security issues. Would you in general mind to summarize what exactly you did on code reviews? Simply adding a green tick doesn't give a feeling if you only looked at the code or if you also tested possible scenarios where the code changes have an effect. You are still quite "new" to the product and might not yet be able to directly see the impact of certain code changes. So this might help to get a feeling if you thought of everything that should have been looked at. I could then give you feedback and you might be able to harden your knowledge over time. |
|
Good points there @sgiehl. @peterhashair for all reviews it would be good to leave a few sentences describing what you've tested and what you're giving the tick for, eg "I've run it locally, tested X and Y scenarios, etc". |
Description:
If API requests are sent using the currents session token_auth, the 2FA status of the session should be checked.
Review