From 3ce64d271b2b470bd6c9f7294946347dcdfed9b9 Mon Sep 17 00:00:00 2001
From: Inverle <inverle@proton.me>
Date: Thu, 31 Jul 2025 13:53:14 +0200
Subject: Implement sudo mode / reauthentication (#7753)

* Implement sudo mode / reauthentication

* i18n: fr

* generate flags

* Improvements

* Remove HMAC check
* Don't require reauth to access logs when signed in as admin
* Notify user of bad login via notification instead

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---
 config.default.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'config.default.php')

diff --git a/config.default.php b/config.default.php
index f42fdc215..c839c9a3c 100644
--- a/config.default.php
+++ b/config.default.php
@@ -59,6 +59,13 @@ return [
 	#		and in particular not protect `/FreshRSS/p/api/` if you would like to use the API (different login system).
 	'auth_type' => 'form',
 
+	# Whether reauthentication is required for performing sensitive actions e.g. promoting a user or applying an update
+	'reauth_required' => true,
+
+	# Time before asking for reauth
+	#    Default: 1200s (20 min)
+	'reauth_time' => 1200,
+
 	# When using http_auth, automatically register any unknown user
 	'http_auth_auto_register' => true,
 
-- 
cgit v1.2.3