Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#Improve check password on profile delete #267

Merged
merged 8 commits into from
Oct 13, 2023

Conversation

Lvyshnevska
Copy link
Collaborator

Check password on profile delete was improved. Password validation moved to serializer.

@Lvyshnevska Lvyshnevska self-assigned this Oct 12, 2023
@Lvyshnevska Lvyshnevska linked an issue Oct 12, 2023 that may be closed by this pull request
def validate_for_delete(self, data):
password = data.get("password")
if not password:
raise serializers.ValidationError("Password is required")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just write required=True in the serializer field, and there will be no need to make it 'manually'.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

serializer = self.get_serializer(instance)
if serializer.validate_for_delete(request_data):
instance.is_deleted = True
instance.save()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

def perform_destroy(self, instance):
    instance.is_deleted = True
    instance.save()

↑ woudn't it be enough?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The serializer is not engaging in this case.

instance.save()
request_data = {"password": self.request.data.get("password")}
serializer = self.get_serializer(instance)
if serializer.validate_for_delete(request_data):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we manually call the validation method?

Write the validation method. Use it on serializer field. DRF will care about the rest.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

instance.is_deleted = True
instance.save()
serializer = self.get_serializer(data=self.request.data)
if serializer.is_valid(raise_exception=True):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no need do put it into if. Just call serializer.is_valid(raise_exception=True), if will raise exception and return 400 BAD REQUEST in case of validation issues anyway.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

raise serializers.ValidationError("Password is required")
user = self.context["request"].user
if not user.check_password(password):
raise serializers.ValidationError("Invalid password")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not exactly correct. There should be a field name, + probably validation error should not be a string, but a list of strings (with one string in the list).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code is outdated. Here is how code looks like now:
if not user.check_password(password):
raise serializers.ValidationError({"password": "Invalid password"})

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaced with field validation.

@Lvyshnevska Lvyshnevska merged commit a8d95ed into develop Oct 13, 2023
3 checks passed
@Lvyshnevska Lvyshnevska deleted the #ImproveCheckPasswordOnProfileDelete branch October 13, 2023 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add check password functionality when delete profile
3 participants