Organization removal confirmation using name not password (#14738)

* Organization removal confirmation using name not password Gitea is asking for user password to confirm organization removal so this operation cannot be done in systems with SSO authentication (where no user passwords are used). This mod changes the way gitea confirms organization removal - user must enter organization name (not user password) to confirm operation (similar to repository removal confirmation). Author-Change-Id: IB#1107219 * Translation removed Translation removed from PR - will be restored using Crowdin after pull got merged. Fixes: 95ddcdd8bd Related: https://github.com/go-gitea/gitea/pull/14738 Author-Change-Id: IB#1107219
2025-07-22 18:28:37 +00:00 · 2021-03-01 15:33:05 +01:00
parent 6cf97df9fd
commit 85e6e07346
3 changed files with 7 additions and 10 deletions
--- a/routers/org/setting.go
+++ b/routers/org/setting.go
@@ -145,12 +145,9 @@ func SettingsDelete(ctx *context.Context) {

 	org := ctx.Org.Organization
 	if ctx.Req.Method == "POST" {
-		if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {
-			if models.IsErrUserNotExist(err) {
-				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsDelete, nil)
-			} else {
-				ctx.ServerError("UserSignIn", err)
-			}
+		if org.Name != ctx.Query("org_name") {
+			ctx.Data["Err_OrgName"] = true
+			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_org_name"), tplSettingsDelete, nil)
 			return
 		}