change password, delete account

diff --git a/src/api/serializers.py b/src/api/serializers.py
index 8c00892..6806e91 100644 (file)
--- a/src/api/serializers.py
+++ b/src/api/serializers.py
@@ -46,3 +46,30 @@ class RefreshTokenSerializer(serializers.Serializer):
 
 class RequestConfirmSerializer(serializers.Serializer):
     email = serializers.CharField()
+
+
+class DeleteAccountSerializer(serializers.Serializer):
+    password =serializers.CharField(
+        style={'input_type': 'password'}
+    )
+
+    def validate_password(self, value):
+        u = self.context['user']
+        if not u.check_password(value):
+            raise serializers.ValidationError("Password incorrect.")
+        return value
+
+
+class PasswordSerializer(serializers.Serializer):
+    old_password = serializers.CharField(
+        style={'input_type': 'password'}
+    )
+    new_password = serializers.CharField(
+        style={'input_type': 'password'}
+    )
+
+    def validate_old_password(self, value):
+        u = self.context['user']
+        if not u.check_password(value):
+            raise serializers.ValidationError("Password incorrect.")
+        return value

diff --git a/src/api/urls.py b/src/api/urls.py
index 5b1942c..c12384c 100644 (file)
--- a/src/api/urls.py
+++ b/src/api/urls.py
@@ -15,6 +15,9 @@ urlpatterns1 = [
     path('requestConfirm/', csrf_exempt(views.RequestConfirmView.as_view())),
     path('login/', csrf_exempt(views.Login2View.as_view())),
     path('me/', views.UserView.as_view()),
+    path('deleteAccount/', views.DeleteAccountView.as_view()),
+    path('password/', views.PasswordView.as_view()),
+
     path('', include('catalogue.api.urls2')),
     path('', include('social.api.urls2')),
     path('', include('bookmarks.api.urls')),

diff --git a/src/api/views.py b/src/api/views.py
index 011161e..5a77bd8 100644 (file)
--- a/src/api/views.py
+++ b/src/api/views.py
@@ -334,3 +334,36 @@ class RequestConfirmView(APIView):
         UserConfirmation.request(user)
         return Response({})
 
+
+class DeleteAccountView(GenericAPIView):
+    permission_classes = [IsAuthenticated]
+    serializer_class = serializers.DeleteAccountSerializer
+
+    def post(self, request):
+        u = request.user
+        serializer = self.get_serializer(
+            data=request.data,
+            context={'user': u}
+        )
+        serializer.is_valid(raise_exception=True)
+        d = serializer.validated_data
+        u.is_active = False
+        u.save()
+        return Response({})
+
+
+class PasswordView(GenericAPIView):
+    permission_classes = [IsAuthenticated]
+    serializer_class = serializers.PasswordSerializer
+
+    def post(self, request):
+        u = request.user
+        serializer = self.get_serializer(
+            data=request.data,
+            context={'user': u}
+        )
+        serializer.is_valid(raise_exception=True)
+        d = serializer.validated_data
+        u.set_password(d['new_password'])
+        u.save()
+        return Response({})