Add sudo-mode to all 2fa actions

The sudo-mode window should ensure this does not impede users currently setting up 2fa things, but adds protection when not in 2fa activation/deactivation mode. (#43083). Patch by Felix Schäfer (user:felix). git-svn-id: https://svn.redmine.org/redmine/trunk@23918 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-02-05 00:23:24 +00:00 · 2025-08-13 05:59:53 +00:00 · 2025-08-13 05:59:53 +00:00 · 9b807267ac
commit 9b807267ac
parent 2d1f1684a1
2 changed files with 4 additions and 2 deletions
--- a/app/controllers/twofa_backup_codes_controller.rb
+++ b/app/controllers/twofa_backup_codes_controller.rb
@ -26,7 +26,7 @@ class TwofaBackupCodesController < ApplicationController

  before_action :twofa_setup

-  require_sudo_mode :init
+  require_sudo_mode :init, :confirm, :create, :show

  def init
    if @twofa.send_code(controller: 'twofa_backup_codes', action: 'create')
--- a/app/controllers/twofa_controller.rb
+++ b/app/controllers/twofa_controller.rb
@ -27,7 +27,9 @@ class TwofaController < ApplicationController

  before_action :require_active_twofa

-  require_sudo_mode :activate_init, :deactivate_init
+  require_sudo_mode :select_scheme,
+                    :activate_init, :activate_confirm, :activate,
+                    :deactivate_init, :deactivate_confirm, :deactivate

  skip_before_action :check_twofa_activation, only: [:select_scheme, :activate_init, :activate_confirm, :activate]