Fix #1521 -- External authenticated users cannot delete events (#1523)

* Remove check password for event deletion, instead require recent login. * Reauthenticate for backends using authentication_url. * Require recent login for data shredder and prompt slug instead of password. * Fix tests for recent login required on event delete and data shred. * Pull request remarks for recent login required for event delete and data shred. * Remove unused imported check_password.
2026-05-04 15:04:03 +00:00 · 2019-12-16 10:45:01 +01:00
parent 28242e52aa
commit 82feca6e38
10 changed files with 45 additions and 41 deletions
--- a/src/pretix/base/forms/auth.py
+++ b/src/pretix/base/forms/auth.py
@@ -198,6 +198,7 @@ class ReauthForm(forms.Form):
        self.request = request
        self.user = user
        self.backend = backend
+        self.backend.url = backend.authentication_url(self.request)
        super().__init__(*args, **kwargs)
        for k, f in backend.login_form_fields.items():
            self.fields[k] = f