Implement user deletion

django_backend/backend/frontend/urls.py

@@ -5,4 +5,5 @@ URLPATTERNS = [
     url(r'^state/', views.StateView.as_view()),
     url(r'^sshkey/', views.SSHPublicKeyView.as_view()),
     url(r'^deployments/', views.DeploymentView.as_view()),
+    url(r'^delete_user/', views.UserDeletionView.as_view()),
 ]

django_backend/backend/frontend/views.py

 import logging
 from django.shortcuts import get_object_or_404
 from django.core.exceptions import ObjectDoesNotExist
+from django.contrib.auth import logout
 from rest_framework import views, viewsets
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
@@ -128,3 +129,10 @@ class DeploymentView(views.APIView):
 
         deployment.save()
         return _api_state_response(request)
+
+class UserDeletionView(views.APIView):
+    def delete(self, request):
+        # this also logs out the user
+        request.user.remove()
+        logout(request)
+        return _api_state_response(request)

django_backend/backend/models.py

@@ -341,11 +341,11 @@ class User(AbstractUser):
     def remove(self):
         if self.user_type == 'oidcuser':
             self.deactivate()
-            LOGGER.info(self._msg('Deleting'))
 
-            # TODO: deleting the user brings problems:
+            # FIXME: deleting the user brings problems:
             # the deletion cascades down to DeploymentTask and DeploymentTaskItem
             # but these need to be conserved so all clients withdrawals can be tracked
+            LOGGER.info(self._msg('Deleting'))
             self.delete()
 
     def activate(self):