Skip to content

Sudo mode (poc to review)#23221

Closed
SebSept wants to merge 6 commits into
glpi-project:mainfrom
SebSept:sudo-mode
Closed

Sudo mode (poc to review)#23221
SebSept wants to merge 6 commits into
glpi-project:mainfrom
SebSept:sudo-mode

Conversation

@SebSept

@SebSept SebSept commented Feb 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

https://outline.teclib.com/doc/sudo-mode-admin-session-PWWDQgyg5l

Just a POC to review architecture

works will all kind of controllers (legacy (existing file), explicit Sf controller, generic controllers)).

Prerequisites for testing:

  • enable 2fa authentication (user preferences)

Protected routes:

@SebSept
refacto on Session::init()
fbaf3df 
No behavior change expected.
Still can be improved, just a step to make init() more readable.
@SebSept
fix - wrong url building (cannot use redirect param). - may be in ano…
fe04539 
…ther pr.

No behavior change expected.
Still can be improved, just a step to make init() more readable.
@SebSept
implement reAuthManager - used with a legacy route
3cffdaf 
sudo mode on /front/user.form.php , see src/Glpi/Http/Firewall.php:227
@SebSept
demo - apply reauth strategy on a sf controller
06280d0 
just for demo, no need to protect this page.
@SebSept
demo - apply reauth strategy on a generic controller call
ce2de13
@SebSept SebSept requested a review from cedric-anne February 24, 2026 11:01
cedric-anne
cedric-anne reviewed Feb 25, 2026
View reviewed changes

@cedric-anne cedric-anne left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic seems OK, but it would require to declare all routes that must be protected. I think it is preferable, as automatic protection may be too agressive, but it will requires a time-consuming audit/review to validate that all expected cases are covered.

Comment thread src/Glpi/Http/Firewall.php
Comment thread templates/pages/2fa/2fa_request.html.twig
cconard96
cconard96 reviewed Feb 26, 2026
View reviewed changes
Comment thread src/Glpi/Security/ReAuthManager.php
@SebSept SebSept mentioned this pull request Feb 26, 2026
Merged
4 tasks
@cedric-anne cedric-anne added this to the 12.0.0 milestone Mar 2, 2026
@SebSept SebSept requested a review from cedric-anne March 10, 2026 12:34
@SebSept SebSept marked this pull request as ready for review March 11, 2026 10:54
@SebSept SebSept marked this pull request as draft March 11, 2026 10:54
@SebSept

SebSept commented Mar 11, 2026

Copy link
Copy Markdown
Contributor Author

-> #23447

@SebSept SebSept closed this Mar 11, 2026
@cedric-anne cedric-anne removed this from the 12.0.0 milestone Mar 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cconard96 cconard96 cconard96 left review comments

@cedric-anne cedric-anne Awaiting requested review from cedric-anne

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SebSept @cconard96 @cedric-anne