oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-08-01 17:38:37 +00:00
Code Wiki Activity

Avoid people to unlink their OAuth2 account without having a local password

Browse source
This commit is contained in:
Frédéric Guillot 2018-04-29 17:04:23 -07:00
parent f49b42f70f
commit b166ceaea7
5 changed files with 39 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
ui/oauth2_unlink.go
View file

@ -33,13 +33,25 @@ func (c *Controller) OAuth2Unlink(w http.ResponseWriter, r *http.Request) {
}
ctx := context.New(r)
sess := session.New(c.store, ctx)
hasPassword, err := c.store.HasPassword(ctx.UserID())
if err != nil {
html.ServerError(w, err)
return
}
if !hasPassword {
sess.NewFlashErrorMessage(c.translator.GetLanguage(ctx.UserLanguage()).Get("You must define a password otherwise you won't be able to login again."))
response.Redirect(w, r, route.Path(c.router, "settings"))
return
}
if err := c.store.RemoveExtraField(ctx.UserID(), authProvider.GetUserExtraKey()); err != nil {
html.ServerError(w, err)
return
}
sess := session.New(c.store, ctx)
sess.NewFlashMessage(c.translator.GetLanguage(ctx.UserLanguage()).Get("Your external account is now dissociated!"))
response.Redirect(w, r, route.Path(c.router, "settings"))
return
}