diff --git a/authentication/serializers.py b/authentication/serializers.py index 728ca1151..c656c5ad2 100644 --- a/authentication/serializers.py +++ b/authentication/serializers.py @@ -1,12 +1,10 @@ from collections import defaultdict -from django.conf import settings -from django.contrib.auth import authenticate, get_user_model +from django.contrib.auth import get_user_model from django.core.exceptions import ValidationError from djoser.serializers import ( UserCreatePasswordRetypeSerializer, UserSerializer, - TokenCreateSerializer, ) from rest_framework import serializers from rest_framework.validators import UniqueValidator diff --git a/profiles/serializers.py b/profiles/serializers.py index bee537e61..1f20af3aa 100644 --- a/profiles/serializers.py +++ b/profiles/serializers.py @@ -205,6 +205,16 @@ class Meta: read_only_fields = ("person",) +class ProfileDeleteSerializer(serializers.Serializer): + password = serializers.CharField(write_only=True, required=True) + + def validate_password(self, data): + user = self.context["request"].user + if not user.check_password(data): + raise serializers.ValidationError("Invalid password") + return data + + class ProfileSensitiveDataROSerializer(serializers.ModelSerializer): email = serializers.ReadOnlyField(source="person.email") diff --git a/profiles/tests/test_crud_profile.py b/profiles/tests/test_crud_profile.py index 5ffb1cc95..f268ff88b 100644 --- a/profiles/tests/test_crud_profile.py +++ b/profiles/tests/test_crud_profile.py @@ -397,6 +397,10 @@ def test_delete_profile_authorized_with_wrong_password(self): data={"password": "Test5678"}, ) self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code) + self.assertEqual( + {"password": ["Invalid password"]}, + response.json(), + ) def test_delete_profile_authorized_without_password(self): self.client.force_authenticate(self.user) @@ -408,6 +412,10 @@ def test_delete_profile_authorized_without_password(self): ) ) self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code) + self.assertEqual( + {"password": ["This field is required."]}, + response.json(), + ) def test_delete_profile_of_other_user_authorized(self): self.user.set_password("Test1234") diff --git a/profiles/views.py b/profiles/views.py index 9500bb21e..6b68d1b6d 100644 --- a/profiles/views.py +++ b/profiles/views.py @@ -1,6 +1,5 @@ import django_filters from django.shortcuts import get_object_or_404 -from django.contrib.auth.hashers import check_password from rest_framework import status from rest_framework.generics import ( CreateAPIView, @@ -34,6 +33,7 @@ ProfileDetailSerializer, ProfileOwnerDetailViewSerializer, ProfileOwnerDetailEditSerializer, + ProfileDeleteSerializer, CategorySerializer, ActivitySerializer, RegionSerializer, @@ -172,20 +172,14 @@ def get_serializer_class(self): if get_contacts else ProfileDetailSerializer ) + elif self.request.method == "DELETE": + return ProfileDeleteSerializer else: return ProfileOwnerDetailEditSerializer - def destroy(self, request, *args, **kwargs): - instance = self.get_object() - user = self.request.user - password = self.request.data.get("password") - if not password or not check_password(password, user.password): - return Response(status=status.HTTP_400_BAD_REQUEST) - else: - self.perform_destroy(instance) - return Response(status=status.HTTP_204_NO_CONTENT) - def perform_destroy(self, instance): + serializer = self.get_serializer(data=self.request.data) + serializer.is_valid(raise_exception=True) instance.is_deleted = True instance.save()