From 9b807267ac1b940bc700df22f9db0377d99f9e0d Mon Sep 17 00:00:00 2001 From: Marius Balteanu Date: Wed, 13 Aug 2025 05:59:53 +0000 Subject: [PATCH] Add sudo-mode to all 2fa actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sudo-mode window should ensure this does not impede users currently setting up 2fa things, but adds protection when not in 2fa activation/deactivation mode. (#43083). Patch by Felix Schäfer (user:felix). git-svn-id: https://svn.redmine.org/redmine/trunk@23918 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/twofa_backup_codes_controller.rb | 2 +- app/controllers/twofa_controller.rb | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/twofa_backup_codes_controller.rb b/app/controllers/twofa_backup_codes_controller.rb index e330fad1b..923b9671b 100644 --- a/app/controllers/twofa_backup_codes_controller.rb +++ b/app/controllers/twofa_backup_codes_controller.rb @@ -26,7 +26,7 @@ class TwofaBackupCodesController < ApplicationController before_action :twofa_setup - require_sudo_mode :init + require_sudo_mode :init, :confirm, :create, :show def init if @twofa.send_code(controller: 'twofa_backup_codes', action: 'create') diff --git a/app/controllers/twofa_controller.rb b/app/controllers/twofa_controller.rb index 7049110e7..3023caa9b 100644 --- a/app/controllers/twofa_controller.rb +++ b/app/controllers/twofa_controller.rb @@ -27,7 +27,9 @@ class TwofaController < ApplicationController before_action :require_active_twofa - require_sudo_mode :activate_init, :deactivate_init + require_sudo_mode :select_scheme, + :activate_init, :activate_confirm, :activate, + :deactivate_init, :deactivate_confirm, :deactivate skip_before_action :check_twofa_activation, only: [:select_scheme, :activate_init, :activate_confirm, :activate]