Organization removal confirmation using name not password (#14738)

* Organization removal confirmation using name not password

Gitea is asking for user password to confirm organization
removal so this operation cannot be done in systems with
SSO authentication (where no user passwords are used).

This mod changes the way gitea confirms organization
removal - user must enter organization name (not user
password) to confirm operation (similar to repository
removal confirmation).

Author-Change-Id: IB#1107219

* Translation removed

Translation removed from PR - will be restored using Crowdin
after pull got merged.

Fixes: 95ddcdd8bd
Related: https://github.com/go-gitea/gitea/pull/14738
Author-Change-Id: IB#1107219
This commit is contained in:
Paweł Bogusławski 2021-03-01 15:33:05 +01:00 committed by GitHub
parent 6cf97df9fd
commit 85e6e07346
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 10 deletions

View file

@ -386,6 +386,7 @@ password_uppercase_one = At least one uppercase character
password_digit_one = At least one digit password_digit_one = At least one digit
password_special_one = At least one special character (punctuation, brackets, quotes, etc.) password_special_one = At least one special character (punctuation, brackets, quotes, etc.)
enterred_invalid_repo_name = The repository name you entered is incorrect. enterred_invalid_repo_name = The repository name you entered is incorrect.
enterred_invalid_org_name = The organization name you entered is incorrect.
enterred_invalid_owner_name = The new owner name is not valid. enterred_invalid_owner_name = The new owner name is not valid.
enterred_invalid_password = The password you entered is incorrect. enterred_invalid_password = The password you entered is incorrect.
user_not_exist = The user does not exist. user_not_exist = The user does not exist.

View file

@ -145,12 +145,9 @@ func SettingsDelete(ctx *context.Context) {
org := ctx.Org.Organization org := ctx.Org.Organization
if ctx.Req.Method == "POST" { if ctx.Req.Method == "POST" {
if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil { if org.Name != ctx.Query("org_name") {
if models.IsErrUserNotExist(err) { ctx.Data["Err_OrgName"] = true
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsDelete, nil) ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_org_name"), tplSettingsDelete, nil)
} else {
ctx.ServerError("UserSignIn", err)
}
return return
} }

View file

@ -15,10 +15,9 @@
</div> </div>
<form class="ui form ignore-dirty" id="delete-form" action="{{.Link}}" method="post"> <form class="ui form ignore-dirty" id="delete-form" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}} {{.CsrfTokenHtml}}
<input class="fake" type="password"> <div class="inline required field {{if .Err_OrgName}}error{{end}}">
<div class="inline required field {{if .Err_Password}}error{{end}}"> <label for="org_name">{{.i18n.Tr "org.org_name_holder"}}</label>
<label for="password">{{.i18n.Tr "password"}}</label> <input id="org_name" name="org_name" value="" autocomplete="off" autofocus required>
<input id="password" name="password" type="password" autocomplete="off" autofocus required>
</div> </div>
<div class="ui red button delete-button" data-type="form" data-form="#delete-form"> <div class="ui red button delete-button" data-type="form" data-form="#delete-form">
{{.i18n.Tr "org.settings.confirm_delete_account"}} {{.i18n.Tr "org.settings.confirm_delete_account"}}