[WIP] Require fully authenticated to change passwords

contao / core-bundle

[READ-ONLY] Contao Core Bundle

GNU Lesser General Public License v3.0

123 stars 58 forks source link

[WIP] Require fully authenticated to change passwords #1610

Closed leofeyer closed 6 years ago

leofeyer commented 6 years ago

This PR implements #1273.

[ ] Do we need the check in the "close account" module?
[ ] Do we really want to show the login module where the member could log in as a different user?

leofeyer commented 6 years ago

Do we need to be fully authenticated for the password change module? It requires to enter the current password anyway.

That's a very good point. And since it also requires to enter the password to close an account, we might not need the IS_AUTHENTICATED_FULLY check at all.

ausi commented 6 years ago

How does this work with two factor authentication?

aschempp commented 6 years ago

How does this work with two factor authentication?

We don't have two-factor authentication in the front end (yet)