From 2d078acd77305c073bff9cd402e7a83138cc9471 Mon Sep 17 00:00:00 2001
From: Radek Czajka <rczajka@rczajka.pl>
Date: Tue, 19 Aug 2025 12:41:09 +0200
Subject: [PATCH] change password, delete account

---
 src/api/serializers.py | 27 +++++++++++++++++++++++++++
 src/api/urls.py        |  3 +++
 src/api/views.py       | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+)

diff --git a/src/api/serializers.py b/src/api/serializers.py
index 8c008926d..6806e91d7 100644
--- a/src/api/serializers.py
+++ b/src/api/serializers.py
@@ -46,3 +46,30 @@ class RefreshTokenSerializer(serializers.Serializer):
 
 class RequestConfirmSerializer(serializers.Serializer):
     email = serializers.CharField()
+
+
+class DeleteAccountSerializer(serializers.Serializer):
+    password =serializers.CharField(
+        style={'input_type': 'password'}
+    )
+
+    def validate_password(self, value):
+        u = self.context['user']
+        if not u.check_password(value):
+            raise serializers.ValidationError("Password incorrect.")
+        return value
+
+
+class PasswordSerializer(serializers.Serializer):
+    old_password = serializers.CharField(
+        style={'input_type': 'password'}
+    )
+    new_password = serializers.CharField(
+        style={'input_type': 'password'}
+    )
+
+    def validate_old_password(self, value):
+        u = self.context['user']
+        if not u.check_password(value):
+            raise serializers.ValidationError("Password incorrect.")
+        return value
diff --git a/src/api/urls.py b/src/api/urls.py
index 5b1942c3a..c12384c03 100644
--- a/src/api/urls.py
+++ b/src/api/urls.py
@@ -15,6 +15,9 @@ urlpatterns1 = [
     path('requestConfirm/', csrf_exempt(views.RequestConfirmView.as_view())),
     path('login/', csrf_exempt(views.Login2View.as_view())),
     path('me/', views.UserView.as_view()),
+    path('deleteAccount/', views.DeleteAccountView.as_view()),
+    path('password/', views.PasswordView.as_view()),
+
     path('', include('catalogue.api.urls2')),
     path('', include('social.api.urls2')),
     path('', include('bookmarks.api.urls')),
diff --git a/src/api/views.py b/src/api/views.py
index 011161e52..5a77bd8fe 100644
--- a/src/api/views.py
+++ b/src/api/views.py
@@ -334,3 +334,36 @@ class RequestConfirmView(APIView):
         UserConfirmation.request(user)
         return Response({})
 
+
+class DeleteAccountView(GenericAPIView):
+    permission_classes = [IsAuthenticated]
+    serializer_class = serializers.DeleteAccountSerializer
+
+    def post(self, request):
+        u = request.user
+        serializer = self.get_serializer(
+            data=request.data,
+            context={'user': u}
+        )
+        serializer.is_valid(raise_exception=True)
+        d = serializer.validated_data
+        u.is_active = False
+        u.save()
+        return Response({})
+
+
+class PasswordView(GenericAPIView):
+    permission_classes = [IsAuthenticated]
+    serializer_class = serializers.PasswordSerializer
+
+    def post(self, request):
+        u = request.user
+        serializer = self.get_serializer(
+            data=request.data,
+            context={'user': u}
+        )
+        serializer.is_valid(raise_exception=True)
+        d = serializer.validated_data
+        u.set_password(d['new_password'])
+        u.save()
+        return Response({})
-- 
2.20.1