From be8d1719d3ff2990af1afdbff34b32f19879eeb6 Mon Sep 17 00:00:00 2001 From: Alejandro Alonso Date: Wed, 15 Oct 2014 13:16:37 +0200 Subject: [PATCH] Disabling the posibility of multiple account cancelations for the same cancel_token --- taiga/users/api.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/taiga/users/api.py b/taiga/users/api.py index 79c0373f..56bee9e7 100644 --- a/taiga/users/api.py +++ b/taiga/users/api.py @@ -274,9 +274,13 @@ class UsersViewSet(ModelCrudViewSet): max_age_cancel_account = getattr(settings, "MAX_AGE_CANCEL_ACCOUNT", None) user = get_user_for_token(serializer.data["cancel_token"], "cancel_account", max_age=max_age_cancel_account) + except exc.NotAuthenticated: raise exc.WrongArguments(_("Invalid, are you sure the token is correct?")) + if not user.is_active: + raise exc.WrongArguments(_("Invalid, are you sure the token is correct?")) + user.cancel() return Response(status=status.HTTP_204_NO_CONTENT)