do not allow unauthenticated access to unlink page (fixes #22405)
This commit is contained in:
parent
afa48159bb
commit
d8f8257987
|
@ -488,6 +488,8 @@ class UnlinkView(LoggerMixin, FormView):
|
|||
return kwargs
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.user.is_authenticated():
|
||||
raise PermissionDenied()
|
||||
# We prevent unlinking if the user has no usable password and can't change it
|
||||
# because we assume that the password is the unique other mean of authentication
|
||||
# and unlinking would make the account unreachable.
|
||||
|
|
Reference in New Issue