Follow-up sympa-community#300 — Allow account deletion only if using …

…built-in authentication

default/mail_tt2/report.tt2

@@ -836,6 +836,9 @@ Warning: this message may already have been sent by one of the list's moderators
 [%~ ELSIF report_entry == 'still_owner' ~%]
   [%|loc(report_param.lists)%]You are the only owner of the following list(s): %1. Please give ownership to other people before deleting your account. You have been unsubscribed from all your lists though.[%END%]
 
+[%~ ELSIF report_entry == 'no_classic_session' ~%]
+  [%|loc()%]You are not authorized to delete your account if you are not using the built-in authentication (i.e. you are using a LDAP authentication, a SSO system, etc.).[%END%]
+
 [%~ END ~%]
 
 [%~ END ~%]

default/web_tt2/pref.tt2

@@ -70,6 +70,7 @@
 </form>
 [% END %]
 
+[% IF session.auth == 'classic' %]
 <h4>[%|loc%]Deleting your account[%END%]</h4>
 <p>
   [%|loc%]Deleting your account will unsubscribe you from all your lists, remove your ownership of your lists and permanently delete your account.[%END%]
@@ -85,6 +86,7 @@
     <input class="MainMenuLinks" type="submit" name="action_delete_account" value="[%|loc%]Submit[%END%]" />
   </fieldset>
 </form>
+[% END %]
 
 </div>
 

src/cgi/wwsympa.fcgi.in

@@ -17182,6 +17182,20 @@ sub do_delete_account {
         return 'pref';
     }
 
+    unless ($session->{auth} eq 'classic') {
+        Sympa::WWW::Report::reject_report_web('user', 'no_classic_session',
+            {}, $param->{'action'});
+        wwslog('info', 'No classic session');
+        web_db_log(
+            {   'parameters'   => $email,
+                'target_email' => $email,
+                'status'       => 'error',
+                'error_type'   => "no_classic_session"
+            }
+        );
+        return 'pref';
+    }
+
     my $next_action =
         $session->confirm_action($in{'action'}, $in{'response_action'},
         previous_action => 'pref');