Avoid people to unlink their OAuth2 account without having a local password

author: Frédéric Guillot <fred@miniflux.net> 2018-04-29 17:04:23 -0700
committer: Frédéric Guillot <fred@miniflux.net> 2018-04-29 17:04:43 -0700
commit: b166ceaea72dc6db77467621ffc270fbdccb6566 (patch)
tree: d0e9c96cf6e4255196332bc9bae07e79b88a83c8 /ui/oauth2_unlink.go
parent: f49b42f70f902d4da1e0fa4080e99164b331b716 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/ui/oauth2_unlink.go b/ui/oauth2_unlink.go
index e67c6fe..4421092 100644
--- a/ui/oauth2_unlink.go
+++ b/ui/oauth2_unlink.go
@@ -33,13 +33,25 @@ func (c *Controller) OAuth2Unlink(w http.ResponseWriter, r *http.Request) {
 	}
 
 	ctx := context.New(r)
+	sess := session.New(c.store, ctx)
+
+	hasPassword, err := c.store.HasPassword(ctx.UserID())
+	if err != nil {
+		html.ServerError(w, err)
+		return
+	}
+
+	if !hasPassword {
+		sess.NewFlashErrorMessage(c.translator.GetLanguage(ctx.UserLanguage()).Get("You must define a password otherwise you won't be able to login again."))
+		response.Redirect(w, r, route.Path(c.router, "settings"))
+		return
+	}
+
 	if err := c.store.RemoveExtraField(ctx.UserID(), authProvider.GetUserExtraKey()); err != nil {
 		html.ServerError(w, err)
 		return
 	}
 
-	sess := session.New(c.store, ctx)
 	sess.NewFlashMessage(c.translator.GetLanguage(ctx.UserLanguage()).Get("Your external account is now dissociated!"))
 	response.Redirect(w, r, route.Path(c.router, "settings"))
-	return
 }
author	Frédéric Guillot <fred@miniflux.net>	2018-04-29 17:04:23 -0700
committer	Frédéric Guillot <fred@miniflux.net>	2018-04-29 17:04:43 -0700
commit	b166ceaea72dc6db77467621ffc270fbdccb6566 (patch)
tree	d0e9c96cf6e4255196332bc9bae07e79b88a83c8 /ui/oauth2_unlink.go
parent	f49b42f70f902d4da1e0fa4080e99164b331b716 (diff)