Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.

static/js/controllers.js

@@ -1763,12 +1763,11 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
 
       // Reset the form.
       delete $scope.cuser['repeatEmail'];
-      delete $scope.cuser['current_password'];
 
       $scope.changeEmailForm.$setPristine();
     }, function(result) {
       $scope.updatingUser = false;
-      UIService.showFormError('#changeEmailForm', result);      
+      UIService.showFormError('#changeEmailForm', result);
     });
   };
 
@@ -1778,14 +1777,14 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
     $scope.updatingUser = true;
     $scope.changePasswordSuccess = false;
 
-    ApiService.changeUserDetails($scope.cuser).then(function() {
+    ApiService.changeUserDetails($scope.cuser).then(function(resp) {
+
       $scope.updatingUser = false;
       $scope.changePasswordSuccess = true;
 
       // Reset the form
       delete $scope.cuser['password']
       delete $scope.cuser['repeatPassword']
-      delete $scope.cuser['current_password'];
 
       $scope.changePasswordForm.$setPristine();