mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-06 11:23:48 -05:00
1190e4541b
The original idea behind was to always ask users to re-enter their password any time: - we want them to be sure that they want to do what they’re about to do - we want to be sure it’s really the user trying to do the thing (and not someone malicious) In reality we: - removed this from the initial place it was added (a descendent of the ‘suspend service’ feature) - only ever added it to the ‘rename service’ feature So in reality it’s not a pattern we have persisted with. Arguably there are several things you can now do in the admin app without re-entering your password which are much more high consequence than changing the service name. Also, with browser autofill there’s a lot less chance that forcing someone to re-enter a password really gives much defence against an unatteneded laptop, for example. I also wonder whether we might get people to give better service names if we make the process of renaming the service less intimidating. So this commit removes the need to re-enter your password when renaming a service. Note that re-naming an organisation still has the same check, but I haven’t removed that too for the sake of keeping scope of the PR small.