Unverified Commit 1730f78f authored by Luc Didry's avatar Luc Didry
Browse files

Follow-up #300 — Allow account deletion only if using built-in authentication

parent 7d38cc48
......@@ -836,6 +836,9 @@ Warning: this message may already have been sent by one of the list's moderators
[%~ ELSIF report_entry == 'still_owner' ~%]
[%|loc(report_param.lists)%]You are the only owner of the following list(s): %1. Please give ownership to other people before deleting your account. You have been unsubscribed from all your lists though.[%END%]
[%~ ELSIF report_entry == 'no_classic_session' ~%]
[%|loc()%]You are not authorized to delete your account if you are not using the built-in authentication (i.e. you are using a LDAP authentication, a SSO system, etc.).[%END%]
[%~ END ~%]
[%~ END ~%]
......@@ -70,6 +70,7 @@
</form>
[% END %]
[% IF session.auth == 'classic' %]
<h4>[%|loc%]Deleting your account[%END%]</h4>
<p>
[%|loc%]Deleting your account will unsubscribe you from all your lists, remove your ownership of your lists and permanently delete your account.[%END%]
......@@ -85,6 +86,7 @@
<input class="MainMenuLinks" type="submit" name="action_delete_account" value="[%|loc%]Submit[%END%]" />
</fieldset>
</form>
[% END %]
</div>
......
......@@ -17182,6 +17182,20 @@ sub do_delete_account {
return 'pref';
}
 
unless ($session->{auth} eq 'classic') {
Sympa::WWW::Report::reject_report_web('user', 'no_classic_session',
{}, $param->{'action'});
wwslog('info', 'No classic session');
web_db_log(
{ 'parameters' => $email,
'target_email' => $email,
'status' => 'error',
'error_type' => "no_classic_session"
}
);
return 'pref';
}
my $next_action =
$session->confirm_action($in{'action'}, $in{'response_action'},
previous_action => 'pref');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment