#Improve check password on profile delete #267
Conversation
profiles/serializers.py
Outdated
| def validate_for_delete(self, data): | ||
| password = data.get("password") | ||
| if not password: | ||
| raise serializers.ValidationError("Password is required") |
There was a problem hiding this comment.
just write required=True in the serializer field, and there will be no need to make it 'manually'.
profiles/views.py
Outdated
| serializer = self.get_serializer(instance) | ||
| if serializer.validate_for_delete(request_data): | ||
| instance.is_deleted = True | ||
| instance.save() |
There was a problem hiding this comment.
def perform_destroy(self, instance):
instance.is_deleted = True
instance.save()↑ woudn't it be enough?
There was a problem hiding this comment.
The serializer is not engaging in this case.
profiles/views.py
Outdated
| instance.save() | ||
| request_data = {"password": self.request.data.get("password")} | ||
| serializer = self.get_serializer(instance) | ||
| if serializer.validate_for_delete(request_data): |
There was a problem hiding this comment.
Why do we manually call the validation method?
Write the validation method. Use it on serializer field. DRF will care about the rest.
profiles/views.py
Outdated
| instance.is_deleted = True | ||
| instance.save() | ||
| serializer = self.get_serializer(data=self.request.data) | ||
| if serializer.is_valid(raise_exception=True): |
There was a problem hiding this comment.
There is no need do put it into if. Just call serializer.is_valid(raise_exception=True), if will raise exception and return 400 BAD REQUEST in case of validation issues anyway.
| raise serializers.ValidationError("Password is required") | ||
| user = self.context["request"].user | ||
| if not user.check_password(password): | ||
| raise serializers.ValidationError("Invalid password") |
There was a problem hiding this comment.
This is not exactly correct. There should be a field name, + probably validation error should not be a string, but a list of strings (with one string in the list).
There was a problem hiding this comment.
This code is outdated. Here is how code looks like now:
if not user.check_password(password):
raise serializers.ValidationError({"password": "Invalid password"})
There was a problem hiding this comment.
Replaced with field validation.
Check password on profile delete was improved. Password validation moved to serializer.