如何在Django Rest Framework中删除用户帐户？

Question

I am creating an application by combining Django Rest Framework and Angular.
Please let us know about the implementation of user deletion, because there are places that will not work.

I described in Djnago's views.py about the deletion view as follows.

class AuthInfoDeleteView(generics.DestroyAPIView):
    permission_classes = (permissions.IsAuthenticated,)
    serializer_class = AccountSerializer
    lookup_field = 'email'
    queryset = Account.objects.all()

    def get_object(self):
        try:
            instance = self.queryset.get(email=self.request.user)
            return instance
        except Account.DoesNotExist:
            raise Http404

email is stored in self.request.user .
In addition, I write in serializer.py as follows.

from django.contrib.auth import update_session_auth_hash
from rest_framework import serializers

from .models import Account, AccountManager


class AccountSerializer(serializers.ModelSerializer):
    password = serializers.CharField(write_only=True, required=False)

    class Meta:
        model = Account
        fields = ('id', 'username', 'email', 'profile', 'password', )

    def create(self, validated_data):
        return Account.objects.create_user(request_data=validated_data)

In this state, when sending a method of Angular to DELETE to the URL(/api/user/delete/) to which AuthInfoDeleteView is linked, the following error occurred.

Internal Server Error: /api/user/delete/
Traceback (most recent call last):
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
    response = get_response(request)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
    return view_func(*args, **kwargs)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/django/views/generic/base.py", line 68, in view
    return self.dispatch(request, *args, **kwargs)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/rest_framework/views.py", line 489, in dispatch
    response = self.handle_exception(exc)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/rest_framework/views.py", line 449, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/rest_framework/views.py", line 486, in dispatch
    response = handler(request, *args, **kwargs)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/rest_framework/generics.py", line 219, in delete
    return self.destroy(request, *args, **kwargs)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/rest_framework/mixins.py", line 93, in destroy
    self.perform_destroy(instance)
  File "/Users/user/anaconda/envs/auth_django_and_angular2/lib/python3.6/site-packages/rest_framework/mixins.py", line 97, in perform_destroy
    instance.delete()
TypeError: 'bool' object is not callable
[24/Jun/2017 14:04:42] "DELETE /api/user/delete/ HTTP/1.1" 500 15690

How can I properly delete accounts correctly?
I need your help.

Answer 1

Try editing your view like this,

try: 
    instance = self.queryset.get(email=self.request.user.email) 
    return instance 
except Account.DoesNotExist: 
    raise Http404

Answer 2

Why not disabling the account instead of deleting it?

That was my approach. In my view class (which I use for the extended UserProfile and inherits from RetrieveUpdateDestroyAPIView) I overwrite the destroy method like this:

def destroy(self, request, pk=None, **kwargs):

    request.user.is_active = False
    request.user.save()

    return Response(status=204)

I use Token authentication (using rest_auth) and after disabling the account, tokens are no longer valid (the response when trying to use them is "User inactive or deleted".

I think its best practice to disable accounts instead of deleting them.