Disabling the posibility of multiple account cancelations for the sam…

…e cancel_token
taigaio · Oct 15, 2014 · be8d171 · be8d171
1 parent 63364f4
commit be8d171
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/taiga/users/api.py b/taiga/users/api.py
@@ -274,9 +274,13 @@ def cancel(self, request, pk=None):
             max_age_cancel_account = getattr(settings, "MAX_AGE_CANCEL_ACCOUNT", None)
             user = get_user_for_token(serializer.data["cancel_token"], "cancel_account",
                 max_age=max_age_cancel_account)
+
         except exc.NotAuthenticated:
             raise exc.WrongArguments(_("Invalid, are you sure the token is correct?"))
 
+        if not user.is_active:
+            raise exc.WrongArguments(_("Invalid, are you sure the token is correct?"))
+
         user.cancel()
         return Response(status=status.HTTP_204_NO_CONTENT)