synapse/changelog.d/10184.bugfix
Patrick Cloke 76f9c701c3
Always require users to re-authenticate for dangerous operations. (#10184)
Dangerous actions means deactivating an account, modifying an account
password, or adding a 3PID.

Other actions (deleting devices, uploading keys) can re-use the same UI
auth session if ui_auth.session_timeout is configured.
2021-06-16 11:07:28 -04:00

1 line
140 B
Text

Always require users to re-authenticate for dangerous operations: deactivating an account, modifying an account password, and adding 3PIDs.