Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.

static/partials/user-admin.html

@@ -128,8 +128,6 @@
               <div class="panel-body">
                 <form class="form-change col-md-6" id="changeEmailForm" name="changeEmailForm" ng-submit="changeEmail()"
                       ng-show="!awaitingConfirmation && !registering">
-                  <input type="password" class="form-control" placeholder="Your current password" ng-model="cuser.current_password" required
-                         ng-pattern="/^.{8,}$/">
                   <input type="email" class="form-control" placeholder="Your new e-mail address" ng-model="cuser.email" required>
                   <button class="btn btn-primary" ng-disabled="changeEmailForm.$invalid || cuser.email == user.email" type="submit">Change E-mail Address</button>
                 </form>
@@ -153,8 +151,6 @@
               <div ng-show="!updatingUser" class="panel-body">
                 <form class="form-change col-md-6" id="changePasswordForm" name="changePasswordForm" ng-submit="changePassword()"
                       ng-show="!awaitingConfirmation && !registering">
-                  <input type="password" class="form-control" placeholder="Your current password" ng-model="cuser.current_password" required
-                         ng-pattern="/^.{8,}$/">
                   <input type="password" class="form-control" placeholder="Your new password" ng-model="cuser.password" required
                          ng-pattern="/^.{8,}$/">
                   <input type="password" class="form-control" placeholder="Verify your new password" ng-model="cuser.repeatPassword"