From 95ddcdd8bd8097a952894556d42641d5ec269288 Mon Sep 17 00:00:00 2001
From: Pawel Boguslawski <pawel.boguslawski@ib.pl>
Date: Thu, 18 Feb 2021 17:34:03 +0100
Subject: [PATCH] Organization removal confirmation using name not password

Gitea is asking for user password to confirm organization
removal so this operation cannot be done in systems with
SSO authentication (where no user passwords are used).

This mod changes the way gitea confirms organization
removal - user must enter organization name (not user
password) to confirm operation (similar to repository
removal confirmation).

Author-Change-Id: IB#1107219
---
 options/locale/locale_en-US.ini    | 1 +
 options/locale/locale_pl-PL.ini    | 1 +
 routers/org/setting.go             | 9 +++------
 templates/org/settings/delete.tmpl | 7 +++----
 4 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a4b677e43b..a34507657b 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -383,6 +383,7 @@ password_uppercase_one = At least one uppercase character
 password_digit_one = At least one digit
 password_special_one = At least one special character (punctuation, brackets, quotes, etc.)
 enterred_invalid_repo_name = The repository name you entered is incorrect.
+enterred_invalid_org_name = The organization name you entered is incorrect.
 enterred_invalid_owner_name = The new owner name is not valid.
 enterred_invalid_password = The password you entered is incorrect.
 user_not_exist = The user does not exist.
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index f96650e38a..65d0139f07 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -364,6 +364,7 @@ password_uppercase_one=Co najmniej jedna duża litera
 password_digit_one=Co najmniej jedna cyfra
 password_special_one=Co najmniej jeden znak specjalny (interpunkcja, nawiasy, cudzysłowy, itp.)
 enterred_invalid_repo_name=Wprowadzona nazwa repozytorium jest niepoprawna.
+enterred_invalid_org_name=Wprowadzona nazwa organizacji jest niepoprawna.
 enterred_invalid_owner_name=Nowa nazwa właściciela nie jest prawidłowa.
 enterred_invalid_password=Wprowadzone hasło jest nieprawidłowe.
 user_not_exist=Użytkownik nie istnieje.
diff --git a/routers/org/setting.go b/routers/org/setting.go
index ac12066258..a01b2c862a 100644
--- a/routers/org/setting.go
+++ b/routers/org/setting.go
@@ -145,12 +145,9 @@ func SettingsDelete(ctx *context.Context) {
 
 	org := ctx.Org.Organization
 	if ctx.Req.Method == "POST" {
-		if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
-			if models.IsErrUserNotExist(err) {
-				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsDelete, nil)
-			} else {
-				ctx.ServerError("UserSignIn", err)
-			}
+		if org.Name != ctx.Query("org_name") {
+			ctx.Data["Err_OrgName"] = true
+			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_org_name"), tplSettingsDelete, nil)
 			return
 		}
 
diff --git a/templates/org/settings/delete.tmpl b/templates/org/settings/delete.tmpl
index 9743d71cbf..d4911e74b8 100644
--- a/templates/org/settings/delete.tmpl
+++ b/templates/org/settings/delete.tmpl
@@ -15,10 +15,9 @@
 					</div>
 					<form class="ui form ignore-dirty" id="delete-form" action="{{.Link}}" method="post">
 						{{.CsrfTokenHtml}}
-						<input class="fake" type="password">
-						<div class="inline required field {{if .Err_Password}}error{{end}}">
-							<label for="password">{{.i18n.Tr "password"}}</label>
-							<input id="password" name="password" type="password" autocomplete="off" autofocus required>
+						<div class="inline required field {{if .Err_OrgName}}error{{end}}">
+							<label for="org_name">{{.i18n.Tr "org.org_name_holder"}}</label>
+							<input id="org_name" name="org_name" value="" autocomplete="off" autofocus required>
 						</div>
 						<div class="ui red button delete-button" data-type="form" data-form="#delete-form">
 							{{.i18n.Tr "org.settings.confirm_delete_account"}}