From 169c0e364c81ad623f0a3424e9c7e9c44b485db5 Mon Sep 17 00:00:00 2001 From: Alejandro Alonso Date: Mon, 13 Oct 2014 12:19:24 +0200 Subject: [PATCH 1/3] Launching cancel_account signal when needed --- taiga/users/api.py | 4 ++++ taiga/users/signals.py | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 taiga/users/signals.py diff --git a/taiga/users/api.py b/taiga/users/api.py index 74d50ddf..ef93e36d 100644 --- a/taiga/users/api.py +++ b/taiga/users/api.py @@ -44,6 +44,7 @@ from taiga.projects.serializers import StarredSerializer from . import models from . import serializers from . import permissions +from .signals import user_cancel_account as user_cancel_account_signal class MembersFilterBackend(BaseFilterBackend): @@ -282,5 +283,8 @@ class UsersViewSet(ModelCrudViewSet): def destroy(self, request, pk=None): user = self.get_object() self.check_permissions(request, "destroy", user) + stream = request.stream + request_data = stream is not None and stream.GET or None + user_cancel_account_signal.send(sender=user.__class__, user=user, request_data=request_data) user.cancel() return Response(status=status.HTTP_204_NO_CONTENT) diff --git a/taiga/users/signals.py b/taiga/users/signals.py new file mode 100644 index 00000000..e61cec01 --- /dev/null +++ b/taiga/users/signals.py @@ -0,0 +1,20 @@ +# Copyright (C) 2014 Andrey Antukh +# Copyright (C) 2014 Jesús Espino +# Copyright (C) 2014 David Barragán +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import django.dispatch + + +user_cancel_account = django.dispatch.Signal(providing_args=["user", "request_data"]) From 63364f430443ca995570748e8247e24a5bba02cd Mon Sep 17 00:00:00 2001 From: Alejandro Alonso Date: Tue, 14 Oct 2014 17:21:00 +0200 Subject: [PATCH 2/3] Fixing data sent by cancel account signal --- taiga/users/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/taiga/users/api.py b/taiga/users/api.py index ef93e36d..79c0373f 100644 --- a/taiga/users/api.py +++ b/taiga/users/api.py @@ -285,6 +285,6 @@ class UsersViewSet(ModelCrudViewSet): self.check_permissions(request, "destroy", user) stream = request.stream request_data = stream is not None and stream.GET or None - user_cancel_account_signal.send(sender=user.__class__, user=user, request_data=request_data) + user_cancel_account_signal.send(sender=user.__class__, user=user, request_data=request_data) user.cancel() return Response(status=status.HTTP_204_NO_CONTENT) From be8d1719d3ff2990af1afdbff34b32f19879eeb6 Mon Sep 17 00:00:00 2001 From: Alejandro Alonso Date: Wed, 15 Oct 2014 13:16:37 +0200 Subject: [PATCH 3/3] Disabling the posibility of multiple account cancelations for the same cancel_token --- taiga/users/api.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/taiga/users/api.py b/taiga/users/api.py index 79c0373f..56bee9e7 100644 --- a/taiga/users/api.py +++ b/taiga/users/api.py @@ -274,9 +274,13 @@ class UsersViewSet(ModelCrudViewSet): max_age_cancel_account = getattr(settings, "MAX_AGE_CANCEL_ACCOUNT", None) user = get_user_for_token(serializer.data["cancel_token"], "cancel_account", max_age=max_age_cancel_account) + except exc.NotAuthenticated: raise exc.WrongArguments(_("Invalid, are you sure the token is correct?")) + if not user.is_active: + raise exc.WrongArguments(_("Invalid, are you sure the token is correct?")) + user.cancel() return Response(status=status.HTTP_204_NO_CONTENT)