Commit 8fba2299 authored by Emma's avatar Emma 🦉

require full authentication when editing user

parent 5fe7a611
Pipeline #56044152 passed with stage
in 51 seconds
......@@ -156,6 +156,7 @@ final class UserController extends AbstractController {
/**
* @IsGranted("ROLE_USER")
* @IsGranted("IS_AUTHENTICATED_FULLY")
* @IsGranted("edit_user", subject="user", statusCode=403)
*
* @param EntityManager $em
......
......@@ -6,6 +6,15 @@
{% block body %}
<h1 class="page-heading">{{ block('title') }}</h1>
{% if app.request.headers.has('Referer') and
is_granted('IS_AUTHENTICATED_REMEMBERED') and
not is_granted('IS_AUTHENTICATED_FULLY')
%}
<div class="alert alert--notice" role="alert">
<p>{{ 'flash.you_must_reauthenticate'|trans }}</p>
</div>
{% endif %}
<form action="{{ path('login_check') }}" method="POST" class="form form--login">
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
......
......@@ -139,6 +139,7 @@ flash:
wiki_page_deleted: The wiki page has been deleted.
editing_credentials_of_other_user: You are editing the credentials of another user. This can prevent them from logging in.
notifications_cleared: Your notifications have been cleared.
you_must_reauthenticate: You must reauthenticate to access this page.
forum:
moderators: Moderators
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment