Adding cancel account by token API

taiga/users/api.py

@@ -258,20 +258,25 @@ class UsersViewSet(ModelCrudViewSet):
 
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @list_route(methods=["POST"])
+    def cancel(self, request, pk=None):
+        """
+        Cancel an account via token
+        """
+        serializer = serializers.CancelAccountSerializer(data=request.DATA, many=False)
+        if not serializer.is_valid():
+            raise exc.WrongArguments(_("Invalid, are you sure the token is correct?"))
+
+        try:
+            user = models.User.objects.get(cancel_token=serializer.data["cancel_token"])
+        except models.User.DoesNotExist:
+            raise exc.WrongArguments(_("Invalid, are you sure the token is correct?"))
+
+        user.cancel()
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
     def destroy(self, request, pk=None):
         user = self.get_object()
         self.check_permissions(request, "destroy", user)
-        user.username = slugify_uniquely("deleted-user", models.User, slugfield="username")
+        user.cancel()
-        user.email = "{}@taiga.io".format(user.username)
-        user.is_active = False
-        user.full_name = "Deleted user"
-        user.color = ""
-        user.bio = ""
-        user.default_language = ""
-        user.default_timezone = ""
-        user.colorize_tags = True
-        user.token = None
-        user.github_id = None
-        user.set_unusable_password()
-        user.save()
         return Response(status=status.HTTP_204_NO_CONTENT)

taiga/users/models.py

@@ -156,6 +156,21 @@ class User(AbstractBaseUser, PermissionsMixin):
 
         super().save(*args, **kwargs)
 
+    def cancel(self):
+        self.username = slugify_uniquely("deleted-user", User, slugfield="username")
+        self.email = "{}@taiga.io".format(self.username)
+        self.is_active = False
+        self.full_name = "Deleted user"
+        self.color = ""
+        self.bio = ""
+        self.default_language = ""
+        self.default_timezone = ""
+        self.colorize_tags = True
+        self.token = None
+        self.github_id = None
+        self.set_unusable_password()
+        self.save()
+
 class Role(models.Model):
     name = models.CharField(max_length=200, null=False, blank=False,
                             verbose_name=_("name"))

tests/integration/test_users.py

@@ -113,3 +113,38 @@ def test_api_user_action_change_email_invalid_token(client):
 
     assert response.status_code == 400
     assert response.data['_error_message'] == 'Invalid, are you sure the token is correct and you didn\'t use it before?'
+
+
+def test_api_user_delete(client):
+    user = f.UserFactory.create()
+    url = reverse('users-detail', kwargs={"pk": user.pk})
+
+    client.login(user)
+    response = client.delete(url)
+
+    assert response.status_code == 204
+    user = models.User.objects.get(pk=user.id)
+    assert user.full_name == "Deleted user"
+
+
+def test_api_user_cancel_valid_token(client):
+    user = f.UserFactory.create()
+    url = reverse('users-cancel')
+    data = {"cancel_token": user.cancel_token}
+    client.login(user)
+    response = client.post(url, json.dumps(data), content_type="application/json")
+
+    assert response.status_code == 204
+    user = models.User.objects.get(pk=user.id)
+    assert user.full_name == "Deleted user"
+
+
+def test_api_user_cancel_invalid_token(client):
+    user = f.UserFactory.create()
+    url = reverse('users-cancel')
+    data = {"cancel_token": "invalid_cancel_token"}
+    client.login(user)
+    response = client.post(url, json.dumps(data), content_type="application/json")
+
+    assert response.status_code == 400
+    assert response.data['_error_message'] == "Invalid, are you sure the token is correct?"