Open stsewd opened 1 month ago
I found this issue related to https://github.com/readthedocs/readthedocs-corporate/issues/969, that talks about requiring a verified email to perform some actions.
I notice that Stripe does this sometimes, and it makes sense. I'd probably set ACCOUNT_REAUTHENTICATION_TIMEOUT
to something like ~30 minutes, so folks can perform a few admin actions without getting multiple login prompts.
What's the problem this feature will solve?
Allauth has some cool feature that asks the user to re-authenticate when doing some operations, like changing email etc, this improves security for some actions that may be dangerous.
Describe the solution you'd like
Set
ACCOUNT_REAUTHENTICATION_REQUIRED
to true, and use thereauthentication_required
on some views that are important, like adding owners or deleting a project.