Fix #1521 -- External authenticated users cannot delete events (#1523)

* Remove check password for event deletion, instead require recent login.

* Reauthenticate for backends using authentication_url.

* Require recent login for data shredder and prompt slug instead of password.

* Fix tests for recent login required on event delete and data shred.

* Pull request remarks for recent login required for event delete and data shred.

* Remove unused imported check_password.

src/pretix/control/templates/pretixcontrol/event/delete.html

@@ -24,12 +24,6 @@
                 {% endblocktrans %}
             </p>
             {% bootstrap_field form.slug layout="inline" %}
-            <p>
-                {% blocktrans trimmed with slug=request.event.slug %}
-                    Also, to make sure it's really you, please enter your user password here:
-                {% endblocktrans %}
-            </p>
-            {% bootstrap_field form.user_pw layout="inline" %}
 
             <div class="form-group submit-group">
                 <button type="submit" class="btn btn-danger btn-save">

src/pretix/control/templates/pretixcontrol/shredder/download.html

@@ -40,12 +40,12 @@
         <fieldset>
             <legend>{% trans "Step 3: Confirm deletion" %}</legend>
             <p>
-                {% blocktrans trimmed with event=request.event.name %}
+                {% blocktrans trimmed with event=request.event.name slug=request.event.slug %}
                 Please re-check that you are fully certain that you want to delete the selected categories of data from the event <strong>{{ event }}</strong>.
-                    In this case, please enter your user password here:
+                    To confirm you really want this, please type out the event's short name ("{{ slug }}") here:
                 {% endblocktrans %}
             </p>
-            <input type="password" class="form-control" name="password" required placeholder="{% trans "Your password" %}">
+            <input type="text" class="form-control" name="slug" required placeholder="{% trans "Event short name" %}">
         </fieldset>
         <input type="hidden" name="file" value="{{ file.pk }}">
         <div class="form-group submit-group">

src/pretix/control/templates/pretixcontrol/user/reauth.html

@@ -8,7 +8,11 @@
         {% csrf_token %}
         <h3>{% trans "Welcome back!" %}</h3>
         <p>
-            {% trans "We just want to make sure it's really you. Please re-enter your password to continue." %}
+            {% if form.backend.url %}
+                {% blocktrans trimmed with login_provider=form.backend.verbose_name %}We just want to make sure it's really you. Please re-authenticate with '{{ login_provider }}'.{% endblocktrans %}
+            {% else %}
+                {% trans "We just want to make sure it's really you. Please re-enter your password to continue." %}
+            {% endif %}
         </p>
         {% bootstrap_form form %}
         <input class="form-control" id="webauthn-response" name="webauthn"
@@ -23,9 +27,15 @@
             </small></p>
         {% endif %}
         <div class="form-group text-right flip">
-            <button type="submit" class="btn btn-primary btn-block">
-                {% trans "Continue" %}
-            </button>
+            {% if form.backend.url %}
+                <a href="{{ form.backend.url }}" class="btn btn-primary btn-block">
+                    {% trans "Continue" %}
+                </a>
+            {% else %}
+                <button type="submit" class="btn btn-primary btn-block">
+                    {% trans "Continue" %}
+                </button>
+            {% endif %}
             <a href="{% url "control:auth.logout" %}" class="btn btn-link btn-block">
                 {% trans "Log in as someone else" %}
             </a>