Use HttpResponseNotFound

src/documents/tests/test_api_permissions.py

@@ -637,7 +637,7 @@ class TestApiUser(DirectoriesMixin, APITestCase):
         response = self.client.post(
             f"{self.ENDPOINT}{user1.pk}/deactivate_totp/",
         )
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
         regular_user = User.objects.create_user(username="regular_user")
         regular_user.user_permissions.add(

src/documents/tests/test_api_profile.py

@@ -378,4 +378,4 @@ class TestApiTOTPViews(APITestCase):
         response = self.client.delete(
             self.ENDPOINT,
         )
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)

src/paperless/views.py

@@ -15,6 +15,7 @@ from django.db.models.functions import Lower
 from django.http import HttpResponse
 from django.http import HttpResponseBadRequest
 from django.http import HttpResponseForbidden
+from django.http import HttpResponseNotFound
 from django.views.generic import View
 from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.authtoken.models import Token
@@ -124,7 +125,7 @@ class UserViewSet(ModelViewSet):
             delete_and_cleanup(request, authenticator)
             return Response(True)
         else:
-            return HttpResponseBadRequest("TOTP not found")
+            return HttpResponseNotFound("TOTP not found")
 
 
 class GroupViewSet(ModelViewSet):
@@ -238,7 +239,7 @@ class TOTPView(GenericAPIView):
             delete_and_cleanup(request, authenticator)
             return Response(True)
         else:
-            return HttpResponseBadRequest("TOTP not found")
+            return HttpResponseNotFound("TOTP not found")
 
 
 class GenerateAuthTokenView(GenericAPIView):