WeblateOrg / weblate

Web based localization tool with tight version control integration.
https://weblate.org/
GNU General Public License v3.0
4.59k stars 1.02k forks source link

Allow account deletion even when email authentication is disabled #12799

Open dumbmoron opened 2 weeks ago

dumbmoron commented 2 weeks ago

Describe the problem

Currently, if a Weblate instance has email authentication disabled (social_core.backends.email.EmailAuth is not defined in AUTHENTICATION_BACKENDS, and a different backend - e.g. a OAuth2 provider - is used), the delete user page returns a 404.

Describe the solution you would like

The user would be able to delete their account even if they have no password set (for example, they could be asked to verify the request by logging in with whatever method they used to log in for this session, or the deletion page could skip the verification entirely and simply delete the user's account).

Describe alternatives you have considered

Admins can still delete users manually upon request, but this is impractical.

github-actions[bot] commented 5 days ago

This issue has been added to the backlog. It is not scheduled on the Weblate roadmap, but it eventually might be implemented.

In case you need this feature soon, please consider helping or push it by funding the development.

nijel commented 5 days ago

The removal currently fails with 404 because it is using email backend to verify the current user:

https://github.com/WeblateOrg/weblate/blob/abb803d0a24cf37ef91f825f04fbf1b3f0f46a73/weblate/accounts/views.py#L479