fix: don't use authentication on org & server deletion

app/controllers/organizations_controller.rb

@@ -43,10 +43,11 @@ class OrganizationsController < ApplicationController
   end
 
   def destroy
-    unless current_user.authenticate(params[:password])
+    if params[:confirm_text].blank? || params[:confirm_text].downcase.strip != organization.name.downcase.strip
       respond_to do |wants|
-        wants.html { redirect_to organization_delete_path(@organization), alert: "The password you entered was not valid. Please check and try again." }
-        wants.json { render json: { alert: "The password you entered was invalid. Please check and try again." } }
+        alert_text = "The text you entered does not match the organization name. Please check and try again."
+        wants.html { redirect_to organization_delete_path(@organization), alert: alert_text }
+        wants.json { render json: { alert: alert_text } }
       end
       return
     end

app/controllers/servers_controller.rb

@@ -65,17 +65,15 @@ class ServersController < ApplicationController
   end
 
   def destroy
-    unless current_user.authenticate(params[:password])
+    if params[:confirm_text].blank? || params[:confirm_text].downcase.strip != @server.name.downcase.strip
       respond_to do |wants|
-        wants.html do
-          redirect_to [:delete, organization, @server], alert: "The password you entered was not valid. Please check and try again."
-        end
-        wants.json do
-          render json: { alert: "The password you entere was invalid. Please check and try again" }
-        end
+        alert_text = "The text you entered does not match the server name. Please check and try again."
+        wants.html { redirect_to organization_delete_path(@organization), alert: alert_text }
+        wants.json { render json: { alert: alert_text } }
       end
       return
     end
+
     @server.soft_destroy
     redirect_to_with_json organization_root_path(organization), notice: "#{@server.name} has been deleted successfully"
   end

app/views/organizations/delete.html.haml

@@ -13,12 +13,11 @@
     all its mail servers & data will be deleted from our systems.
   .dangerZone
     %p.pageContent__text.u-margin
-      To continue to delete this organization, please enter your password in the field below and press
+      To continue to delete this organization, please enter the name of the organization in the field below and press
       continue. <b class='u-red'>There will be no other confirmations.</b>
     = form_tag [organization, :delete], :method => :delete, :remote => true do
       = hidden_field_tag 'return_to', params[:return_to]
       %p.u-margin
-        = password_field_tag "password", '', :class => 'input input--text input--danger'
+        = text_field_tag "confirm_text", '', :class => 'input input--text input--danger'
       .buttonSet.u-center
         = submit_tag "Delete this organization, mail servers and all messages", :class => 'button button--danger js-form-submit'
-

app/views/servers/delete.html.haml

@@ -10,12 +10,11 @@
     immediately.
   .dangerZone
     %p.pageContent__text.u-margin
-      To continue to remove this server, please enter your password in the field below and press
+      To continue to remove this server, please enter the server name in the field below and press
       continue. <b class='u-red'>There will be no other confirmations.</b>
     = form_tag [organization, @server], :remote => true, :method => :delete do
       = hidden_field_tag 'return_to', params[:return_to]
       %p.u-margin
-        = password_field_tag "password", '', :class => 'input input--text input--danger'
+        = text_field_tag "confirm_text", '', :class => 'input input--text input--danger'
       .buttonSet.u-center
         = submit_tag "Delete this mail server and all messages", :class => 'button button--danger'
-