Hide unlinking link if the user has no password and can't set it (fixes #10775).

src/authentic2_auth_fc/auth_frontends.py

@@ -3,8 +3,11 @@ from django.template.loader import render_to_string
 from django.template import RequestContext
 from django.shortcuts import render
 
+from authentic2 import app_settings as a2_app_settings
+
 from . import app_settings
 
+
 class FcFrontend(object):
     def enabled(self):
         return app_settings.enable
@@ -27,7 +30,12 @@ class FcFrontend(object):
 
     def profile(self, request, *args, **kwargs):
         unlink = False
-        if not app_settings.create or app_settings.enable_unlink_when_create:
+        # We prevent unlinking if the user has no usable password and can't change it
+        # because we assume that the password is the unique other mean of authentication
+        # and unlinking would make the account unreachable.
+        if request.user.has_usable_password() or \
+                a2_app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:
+            # Hide the link to the unlinking view.
             unlink = True
         context_instance = kwargs.pop('context_instance', None) or RequestContext(request)
         return render_to_string('authentic2_auth_fc/linking.html',