Disabling the posibility of multiple account cancelations for the same cancel_token

2014-10-15 13:16:37 +02:00 · 2014-10-15 13:16:37 +02:00 · be8d1719d3
parent 63364f4304
commit be8d1719d3
1 changed files with 4 additions and 0 deletions
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@ -274,9 +274,13 @@ class UsersViewSet(ModelCrudViewSet):
            max_age_cancel_account = getattr(settings, "MAX_AGE_CANCEL_ACCOUNT", None)
            user = get_user_for_token(serializer.data["cancel_token"], "cancel_account",
                max_age=max_age_cancel_account)
+
        except exc.NotAuthenticated:
            raise exc.WrongArguments(_("Invalid, are you sure the token is correct?"))

+        if not user.is_active:
+            raise exc.WrongArguments(_("Invalid, are you sure the token is correct?"))
+
        user.cancel()
        return Response(status=status.HTTP_204_NO_CONTENT)