Implement Deactivate user endpoint on Connect #356
Conversation
pxwxnvermx
changed the title
commcare_connect/users/views.py
Outdated
| @csrf_exempt | ||
| @api_view(["POST"]) | ||
| @authentication_classes([OAuth2Authentication]) | ||
| def user_deactivate(request): |
There was a problem hiding this comment.
is mobile supposed to call this or does connectid do it?
There was a problem hiding this comment.
This is called by mobile.
There was a problem hiding this comment.
I think it would be safer and better if this were called by connectid. That way we don't need to rely on mobile, and as soon as a user account is deactivated we can be sure no new data will flow in
There was a problem hiding this comment.
Yeah, that makes sense. We need to think about the Authentication between Connect and ConnectID for making requests to this API.
There was a problem hiding this comment.
Sravan made a good point against this on the spec. Let's chat about this offline and make a decision
commcare_connect/users/urls.py
Outdated
| @@ -21,4 +22,5 @@ | |||
| path("accept_invite/<slug:invite_id>/", view=accept_invite, name="accept_invite"), | |||
| path("demo_users/", view=demo_user_tokens, name="demo_users"), | |||
| path("sms_status_callback/", SMSStatusCallbackView.as_view(), name="sms_status_callback"), | |||
| path("user_suspend/", user_deactivate, name="user_suspend"), | |||
There was a problem hiding this comment.
nit user_suspend -> suspend_user. user_deactivate -> deactivate_user
| @csrf_exempt | ||
| @api_view(["POST"]) | ||
| @authentication_classes([OAuth2Authentication]) | ||
| def deactivate_user(request): |
There was a problem hiding this comment.
It would be a good practice to add a small note here as to where this is used.
Ticket