Allow re-using a UI auth validation for a period of time (#8970)

author: Patrick Cloke <clokep@users.noreply.github.com> 2020-12-18 07:33:57 -0500
committer: GitHub <noreply@github.com> 2020-12-18 07:33:57 -0500
commit: 5d4c330ed979b0d60efe5f80fd76de8f162263a1 (patch)
tree: 5aa8056a61519bf53d3c15b445d004a0cf269047 /docs
parent: Ensure that a URL exists in the content during push. (#8965) (diff)
download: synapse-5d4c330ed979b0d60efe5f80fd76de8f162263a1.tar.xz
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 75a01094d5..549c581a97 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -2068,6 +2068,21 @@ password_config:
       #
       #require_uppercase: true
 
+ui_auth:
+    # The number of milliseconds to allow a user-interactive authentication
+    # session to be active.
+    #
+    # This defaults to 0, meaning the user is queried for their credentials
+    # before every action, but this can be overridden to alow a single
+    # validation to be re-used.  This weakens the protections afforded by
+    # the user-interactive authentication process, by allowing for multiple
+    # (and potentially different) operations to use the same validation session.
+    #
+    # Uncomment below to allow for credential validation to last for 15
+    # seconds.
+    #
+    #session_timeout: 15000
+
 
 # Configuration for sending emails from Synapse.
 #
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-12-18 07:33:57 -0500
committer	GitHub <noreply@github.com>	2020-12-18 07:33:57 -0500
commit	5d4c330ed979b0d60efe5f80fd76de8f162263a1 (patch)
tree	5aa8056a61519bf53d3c15b445d004a0cf269047 /docs
parent	Ensure that a URL exists in the content during push. (#8965) (diff)
download	synapse-5d4c330ed979b0d60efe5f80fd76de8f162263a1.tar.xz