Organization removal confirmation using name not password (#14738)
* Organization removal confirmation using name not password Gitea is asking for user password to confirm organization removal so this operation cannot be done in systems with SSO authentication (where no user passwords are used). This mod changes the way gitea confirms organization removal - user must enter organization name (not user password) to confirm operation (similar to repository removal confirmation). Author-Change-Id: IB#1107219 * Translation removed Translation removed from PR - will be restored using Crowdin after pull got merged. Fixes: 95ddcdd8bd8097a952894556d42641d5ec269288 Related: https://github.com/go-gitea/gitea/pull/14738 Author-Change-Id: IB#1107219
This commit is contained in:
parent
6cf97df9fd
commit
85e6e07346
3 changed files with 7 additions and 10 deletions
|
@ -386,6 +386,7 @@ password_uppercase_one = At least one uppercase character
|
|||
password_digit_one = At least one digit
|
||||
password_special_one = At least one special character (punctuation, brackets, quotes, etc.)
|
||||
enterred_invalid_repo_name = The repository name you entered is incorrect.
|
||||
enterred_invalid_org_name = The organization name you entered is incorrect.
|
||||
enterred_invalid_owner_name = The new owner name is not valid.
|
||||
enterred_invalid_password = The password you entered is incorrect.
|
||||
user_not_exist = The user does not exist.
|
||||
|
|
|
@ -145,12 +145,9 @@ func SettingsDelete(ctx *context.Context) {
|
|||
|
||||
org := ctx.Org.Organization
|
||||
if ctx.Req.Method == "POST" {
|
||||
if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
|
||||
if models.IsErrUserNotExist(err) {
|
||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsDelete, nil)
|
||||
} else {
|
||||
ctx.ServerError("UserSignIn", err)
|
||||
}
|
||||
if org.Name != ctx.Query("org_name") {
|
||||
ctx.Data["Err_OrgName"] = true
|
||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_org_name"), tplSettingsDelete, nil)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -15,10 +15,9 @@
|
|||
</div>
|
||||
<form class="ui form ignore-dirty" id="delete-form" action="{{.Link}}" method="post">
|
||||
{{.CsrfTokenHtml}}
|
||||
<input class="fake" type="password">
|
||||
<div class="inline required field {{if .Err_Password}}error{{end}}">
|
||||
<label for="password">{{.i18n.Tr "password"}}</label>
|
||||
<input id="password" name="password" type="password" autocomplete="off" autofocus required>
|
||||
<div class="inline required field {{if .Err_OrgName}}error{{end}}">
|
||||
<label for="org_name">{{.i18n.Tr "org.org_name_holder"}}</label>
|
||||
<input id="org_name" name="org_name" value="" autocomplete="off" autofocus required>
|
||||
</div>
|
||||
<div class="ui red button delete-button" data-type="form" data-form="#delete-form">
|
||||
{{.i18n.Tr "org.settings.confirm_delete_account"}}
|
||||
|
|
Reference in a new issue