ita-social-projects · Lvyshnevska · Oct 13, 2023 · Oct 12, 2023 · Oct 12, 2023 · Oct 12, 2023
diff --git a/authentication/serializers.py b/authentication/serializers.py
@@ -1,12 +1,10 @@
 from collections import defaultdict
 
-from django.conf import settings
-from django.contrib.auth import authenticate, get_user_model
+from django.contrib.auth import get_user_model
 from django.core.exceptions import ValidationError
 from djoser.serializers import (
     UserCreatePasswordRetypeSerializer,
     UserSerializer,
-    TokenCreateSerializer,
 )
 from rest_framework import serializers
 from rest_framework.validators import UniqueValidator

diff --git a/profiles/serializers.py b/profiles/serializers.py
@@ -205,6 +205,16 @@ class Meta:
         read_only_fields = ("person",)
 
 
+class ProfileDeleteSerializer(serializers.Serializer):
+    password = serializers.CharField(write_only=True, required=True)
+
+    def validate_password(self, data):
+        user = self.context["request"].user
+        if not user.check_password(data):
+            raise serializers.ValidationError("Invalid password")
+        return data
+
+
 class ProfileSensitiveDataROSerializer(serializers.ModelSerializer):
     email = serializers.ReadOnlyField(source="person.email")
 

diff --git a/profiles/tests/test_crud_profile.py b/profiles/tests/test_crud_profile.py
@@ -397,6 +397,10 @@ def test_delete_profile_authorized_with_wrong_password(self):
             data={"password": "Test5678"},
         )
         self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code)
+        self.assertEqual(
+            {"password": ["Invalid password"]},
+            response.json(),
+        )
 
     def test_delete_profile_authorized_without_password(self):
         self.client.force_authenticate(self.user)
@@ -408,6 +412,10 @@ def test_delete_profile_authorized_without_password(self):
             )
         )
         self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code)
+        self.assertEqual(
+            {"password": ["This field is required."]},
+            response.json(),
+        )
 
     def test_delete_profile_of_other_user_authorized(self):
         self.user.set_password("Test1234")

diff --git a/profiles/views.py b/profiles/views.py
@@ -1,6 +1,5 @@
 import django_filters
 from django.shortcuts import get_object_or_404
-from django.contrib.auth.hashers import check_password
 from rest_framework import status
 from rest_framework.generics import (
     CreateAPIView,
@@ -34,6 +33,7 @@
     ProfileDetailSerializer,
     ProfileOwnerDetailViewSerializer,
     ProfileOwnerDetailEditSerializer,
+    ProfileDeleteSerializer,
     CategorySerializer,
     ActivitySerializer,
     RegionSerializer,
@@ -172,20 +172,14 @@ def get_serializer_class(self):
                 if get_contacts
                 else ProfileDetailSerializer
             )
+        elif self.request.method == "DELETE":
+            return ProfileDeleteSerializer
         else:
             return ProfileOwnerDetailEditSerializer
 
-    def destroy(self, request, *args, **kwargs):
-        instance = self.get_object()
-        user = self.request.user
-        password = self.request.data.get("password")
-        if not password or not check_password(password, user.password):
-            return Response(status=status.HTTP_400_BAD_REQUEST)
-        else:
-            self.perform_destroy(instance)
-            return Response(status=status.HTTP_204_NO_CONTENT)
-
     def perform_destroy(self, instance):
+        serializer = self.get_serializer(data=self.request.data)
+        serializer.is_valid(raise_exception=True)
         instance.is_deleted = True
         instance.save()