Require to re-authenticate any time "important" or "destructive" actions are performed #8139
Labels
feature request
needs discussion
a product management/policy issue maintainers and users should discuss
What's the problem this feature will solve?
"Important" and "destructive" actions like adding and removing maintainers, generating API tokens, and changing passwords don't require the user to re-authenticate. This can be a risk for scenarios where users who are not the original intended user gain access to a browser with session auth cookies on them (e.g. cookie dropped on a public library computer, intended user leaves and forgets to explicitly log out, another user sits down and is already logged in). There's not much we can do to get around that outside of warning the user that they should be on a private computer when logging into PyPI.org.
Describe the solution you'd like
We should gate "important" or "destructive" actions with a re-authentication page if the user hasn't authenticated recently (say in the last 10-15 minutes). This includes:
Additional context
Several major services (e.g. GitHub, Bitbucket) implement this, so we should as well. Also, the feature request in #8033, which would allow for ~30 day authenticated sessions, is further motivation for gating these actions.
The text was updated successfully, but these errors were encountered: