Remove activation keys upon logout of retired user.

2018-05-01 17:20:46 -04:00
parent 95d5b13714
commit b74d720442
2 changed files with 12 additions and 5 deletions
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
@@ -50,6 +50,7 @@ from openedx.core.lib.token_utils import JwtBuilder
 from student.models import (
    CourseEnrollmentAllowed,
    PendingEmailChange,
+    Registration,
    SocialLink,
    UserProfile,
    get_retired_username_by_username,
@@ -1104,6 +1105,8 @@ class TestDeactivateLogout(RetirementTestCase):
            uid='xyz@gmail.com'
        )

+        Registration().register(self.test_user)
+
        self.url = reverse('deactivate_logout')

    def build_post(self, password):
@@ -1123,6 +1126,7 @@ class TestDeactivateLogout(RetirementTestCase):
        self.assertEqual(get_retired_email_by_email(self.test_user.email), updated_user.email)
        self.assertFalse(updated_user.has_usable_password())
        self.assertEqual(list(UserSocialAuth.objects.filter(user=self.test_user)), [])
+        self.assertEqual(list(Registration.objects.filter(user=self.test_user)), [])
        self.assertEqual(len(UserRetirementStatus.objects.filter(user_id=self.test_user.id)), 1)
        # make sure the user cannot log in
        self.assertFalse(self.client.login(username=self.test_user.username, password=self.test_password))
--- a/openedx/core/djangoapps/user_api/accounts/views.py
+++ b/openedx/core/djangoapps/user_api/accounts/views.py
@@ -40,6 +40,7 @@ from openedx.core.lib.api.parsers import MergePatchParser
 from student.models import (
    CourseEnrollmentAllowed,
    PendingEmailChange,
+    Registration,
    User,
    UserProfile,
    get_potentially_retired_user_by_username,
@@ -400,16 +401,18 @@ class DeactivateLogoutView(APIView):
            if verify_user_password_response.status_code != status.HTTP_204_NO_CONTENT:
                return verify_user_password_response
            with transaction.atomic():
-                # 1. Unlink LMS social auth accounts
+                # Unlink LMS social auth accounts
                UserSocialAuth.objects.filter(user_id=request.user.id).delete()
-                # 2. Change LMS password & email
+                # Change LMS password & email
                request.user.email = get_retired_email_by_email(request.user.email)
                request.user.save()
                _set_unusable_password(request.user)
-                # 3. Unlink social accounts & change password on each IDA, still to be implemented
-                # 4. Add user to retirement queue
+                # TODO: Unlink social accounts & change password on each IDA.
+                # Remove the activation keys sent by email to the user for account activation.
+                Registration.objects.filter(user=request.user).delete()
+                # Add user to retirement queue.
                UserRetirementStatus.create_retirement(request.user)
-                # 5. Log the user out
+                # Log the user out.
                logout(request)
            return Response(status=status.HTTP_204_NO_CONTENT)
        except KeyError: