Sudo Mode
Require password for critical operations
Compatible with Flarum v1.8.5
Latest release 1.1.0
298 downloads
released on Nov 19, 2022
Tags
Sudo Mode
This Flarum extension requires users to enter their password again before performing security critical operations. Sudo mode is then active for 1h before the password is required again.
This is mostly intended to protect admin accounts but some moderation actions are also protected.
API keys are not subject to sudo mode and can still perform any administrative action. Access Tokens are subject to sudo mode and can theoretically pass the gate but it probably doesn't make sense since those use cases won't know the password.
The following actions are protected by sudo mode:
- View admin panel info (list of extensions, PHP version, dashboard stats, etc.)
- Enable/disable extensions
- Edit settings
- Edit permissions
- Create/edit/delete group
- Create/edit/delete tag
- Edit user credentials, groups or delete user
- Any other action protected by
User::assertAdmin()
in a third-party extension
Once the UI for developer tokens is finalized in a future Flarum version, developer access tokens could be made to bypass sudo mode and at the same time creating new tokens could be protected by sudo mode.
It's possible that you may be unable to see some restricted content on the forum pages until you enable sudo mode by going to the admin panel. Please open an issue if you notice any place where this happens.
Installation
composer require clarkwinkelmann/flarum-ext-sudo-mode
If there is an error that makes you unable to access the admin panel, remove the extension with Composer: composer remove clarkwinkelmann/flarum-ext-sudo-mode
.
Support
This extension is under minimal maintenance.
It was developed for a client and released as open-source for the benefit of the community. I might publish simple bugfixes or compatibility updates for free.
You can contact me to sponsor additional features or updates.
Support is offered on a "best effort" basis through the Flarum community thread.
Links
Features
© 2024 Hyn by DaniĆ«l "Luceos" Klabbers. All rights reserved. · Extensions and extension information is provided by the respective (copyright holding) authors. · Extiverse is not affiliated to the Flarum project or Flarum foundation. · Images on Extiverse pages are from Unsplash.