def view_profile(user_id): user = User.find_by_id(user_id) if not User.check_follow_relation(current_user._id, user_id): request.form.follow = "Follow" else: request.form.follow = "Un Follow" return render_template("user/personal_page.html", user=user)
def profile(user_id): form = ProfileForm() form_pw = ChangePasswordForm() if request.method == 'POST': user_obj = User(session["phone_number"]) user_data = User.find_by_id(user_id) if form.name.data is not None: if user_obj.update_info(name=form.name.data, family_name=form.family_name.data, email=form.email.data, birthday=form.birthday_day.data, company=form.company.data, gender=form.gender.data, bio=form.bio.data): flash("Profile view updated.") return redirect( url_for('users.profile', user_id=user_data["_id"])) else: return redirect(url_for('users.profile', user_id=user_data["_id"])) return render_template("user/profile.html", form=form, form_pw=form_pw)
def new_post_pv(): form = NewMessage() if request.method == 'POST': subject = form.subject.data to = form.to.data content = form.content.data if to.isalnum(): user = User.find_one(to) user_email = user["email"] else: user = User.find_by_email(to) user_email = user["email"] if user_email: Post(user_email=current_user.email, subject=subject, content=content, type_publication="private").insert_by_type( to=user_email, user_email=user_email, _type='private') user = User.find_by_email(current_user.email) flash("Message sent to {0}".format(to)) return redirect(url_for('messages.inbox', user_id=user["_id"])) flash("There is no user with this email or phone number.") return redirect(url_for('messages.new_post_pv')) return render_template("message/new_pv.html", form=form)
def post(self): data = self.parser.parse_args() current_user = None if data.get('username') and data.get('email'): return { 'message': 'Use username or email not both at the same time to sign in' }, 400 elif data.get('username'): current_user = User.find_by_username(data['username']) elif data.get('email'): current_user = User.find_by_email(data['email']) if current_user is None: return {'message': "User does not exist"}, 404 if User.verify_hash(data['password'], current_user.password): access_token = create_access_token( identity=(data.get('username') or data.get('email'))) refresh_token = create_refresh_token( identity=(data.get('username') or data.get('email'))) return { 'message': f'Logged in as {current_user.username}', 'access_token': access_token, 'refresh_token': refresh_token }, 200, { 'Set-Cookie': 'access_token_cookie=' + access_token } else: return {'message': 'Wrong credentials'}, 400
def testUpdateUserPassword(self): u = User.add("user1","passwd",'*****@*****.**') self.assertTrue(User.isValidLogin("user1","passwd")) u.updateUserPassword("newpasswd") u.save() self.assertFalse(User.isValidLogin("user1","passwd")) self.assertTrue(User.isValidLogin("user1","newpasswd"))
def put(self, id): """ Edit user data """ parser.replace_argument('password', required=False) parser.replace_argument('username', required=False) data = parser.parse_args() user = User.find_by_id(id) if not user: return {"messages": "User not found"}, 404 username = data.get('username', None) if username and User.find_by_username(username): return {'message': f'User {username} already exists'}, 400 for key, value in data.items(): if data[key] is not None: setattr(user, key, value) try: # Saving user in DB and Generating Access and Refresh token user.save() return { 'payload': { 'user': user.to_json(), } }, 200 except: return {'message': 'Error while editing the user'}, 500
def replay(author): form = NewMessage() if request.method == 'POST': subject = form.subject.data content = form.content.data to = form.to.data if to.isalnum(): user = User.find_one(to) user_email = user["email"] else: user = User.find_by_email(to) user_email = user["email"] if user and user_email != current_user.email: Post(user_email=current_user.email, subject=subject, content=content, type_publication="private").insert_by_type( to=user_email, user_email=user_email) user = User.find_by_email(current_user.email) flash("Message sent to {0}".format(to)) return redirect(url_for('posts.inbox', user_id=user["_id"])) else: flash("Wrong user.") return redirect(url_for('messages.inbox', user_id=user["_id"])) form.to.data = author return render_template("message/new_pv.html", form=form)
def admin_send_message(): if request.method == 'POST': mode = request.form["radio"] if mode == 'one': email = request.form["user_email"] user = User.find_by_email(email) if user: subject = request.form["title"] content = request.form["content"] Post("admin", subject, content).admin_insert_post_by_type( current_user, email, 'private') posts = Post.admin_sent_posts() flash("Message sent to {0}".format(email)) return render_template("admin/home.html", posts=posts) else: flash( "The user you choose by {} does not exist.".format(email)) return render_template("admin/send_message.html") elif mode == 'all': subject = request.form["title"] content = request.form["content"] users = User.admin_find_all_users() new_post = Post("admin", subject, content) new_post.admin_insert_post(current_user, 'private') for user in users: Post.connect(user.email, new_post._id, 'private') posts = Post.admin_sent_posts() flash("Post sent to all.") return render_template("admin/home.html", posts=posts) return render_template("admin/send_message.html")
def testUsersCreation(self): u = User.add("user1","passwd",'*****@*****.**') U = User.objects.filter(username = "******").get() self.assertEqual(u, U) u2 = User.add("user2", 'passwd','*****@*****.**') U = User.objects.filter(username = "******").get() self.assertEqual(u2, U)
def search(word): word_ = word.strip() if "@" in word_: flash("Can not find any user by email address.") return redirect(url_for('users.home')) elif " " in word_: name_family = word_.split(" ") if len(name_family) == 2: name, family = name_family users = User.search_by_name_family(name=name, family=family) return render_template("user/result.html", users=users) elif len(name_family) == 3: name, mid_name, family = name_family users1 = User.search_by_name_family(name=name + mid_name, family=family) users2 = User.search_by_name_family(name=name, family=mid_name + family) users = users1 + users2 return render_template("user/result.html", users=users) elif " " not in word_: users = User.search_by_name_family(name=word_, family=word_) return render_template("user/result.html", users=users) flash("Could not find any user {}".format(word_)) return redirect(url_for('users.home'))
def post(self): parser.replace_argument('password', required=True, help='password cannot be blank') data = parser.parse_args() username = data['username'] # Searching user by username current_user = User.find_by_username(username) # user does not exists if not current_user: return {'message': f'User {username} doesn\'t exist'}, 400 # user exists, comparing password and hash if User.verify_hash(data['password'], current_user.password): # generating access token and refresh token access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) return { 'payload': { 'user': current_user.to_json(), 'access_token': access_token, 'refresh_token': refresh_token } }, 200 else: return {'message': 'Wrong credentials'}, 400
def testUpdateUserPassword(self): u = User.add("user1", "passwd", '*****@*****.**') self.assertTrue(User.isValidLogin("user1", "passwd")) u.updateUserPassword("newpasswd") u.save() self.assertFalse(User.isValidLogin("user1", "passwd")) self.assertTrue(User.isValidLogin("user1", "newpasswd"))
def login(): form = LoginForm() if request.method == 'POST': phone_number = form.phone_number.data password = form.password.data user_obj = User(phone_number) if user_obj: if user_obj.verify_password(password): flash("Log in successful.") # if user["email"]: # session["email"] = user["email"] # else: user_data = User.find_by_phone_number(user_obj.phone_number) session["phone_number"] = user_data["phone_number"] print(user_data["_id"]) # return render_template("user/home.html", loged_in=True) return redirect(url_for('users.home', user_id=user_data["_id"])) else: flash("The password is wrong.") return render_template("user/login.html", form=form) else: flash("The user does not exist.") return redirect(url_for('users.register')) return render_template('user/login.html', form=form)
def testUsersCreation(self): u = User.add("user1", "passwd", '*****@*****.**') U = User.objects.filter(username="******").get() self.assertEqual(u, U) u2 = User.add("user2", 'passwd', '*****@*****.**') U = User.objects.filter(username="******").get() self.assertEqual(u2, U)
def SignUpAPI(request): if request.method == 'POST': # POST METHOD: Aca valido la informacion de creacion de usuario # Obtengo los parametros del JSON enviado params = api.json_to_dict(request.body) information = {} # Si los parametros son invalidos if params is None: # ERROR PARAMETROS INVALIDOS api.set_error(information,6,_("Invalid parameters")) return api.render_to_json(information); # Obtengo la informacon ingresada information['username'] = params.get('username', '') password = params.get('password', '') vpassword = params.get('vpassword', '') information['email'] = params.get('email', '') information['name'] = params.get('name', '') information['lastname'] = params.get('lastname', '') information['country'] = params.get('country', '') # NO ERROR! api.set_error(information,0) leave_open = params.get('remember',None) # Valido los datos. if not User.isValidUsername(information['username']): # ERROR NOMBRE DE USUARIO INVALIDO api.set_error(information,1,_("Invalid username")) elif not User.isValidPassword(password): # Marco el error de password invaludo # ERROR CLAVE INVALIDA api.set_error(information,2,_("Invalid password")) elif password != vpassword: # Marco el error de passwords distintas # ERROR CLAVES NO SON IDENTICAS api.set_error(information,3,_("Passwords don't match")) elif not User.isValidEmail(information['email']): # Marco el error de password invaludo # ERROR EMAIL INVALIDO api.set_error(information,4,_('Invalid mail')) else: user = User.add(information['username'],password,information['email'],information['name'], information['lastname']); if user == None: # Marco el error de usuario ya existente # ERROR USUARIO YA EXISTE api.set_error(information,5,_("Username already exists")) if information['error-code'] != 0: # Hubo un error al crear el usuario. Envio el diccionario en formato json return api.render_to_json(information); else: # Se creo un usuario, redirijo pero seteo la cookie para identificar response = api.render_to_json(information) Crypt.set_secure_cookie(response,'user_id',information['username'],expires=True) # Expira al cerrar el navegador return response else: return HttpResponseNotAllowed(['POST'])
def change_pw(): form_pw = ChangePasswordForm() if request.method == 'POST': user_obj = User(session["phone_number"]) # user_data = user_obj.find_by_id(session["phone_number"]) if form_pw.current_password.data is not None and form_pw.new_password.data is not None: if user_obj.verify_password(form_pw.current_password.data): if form_pw.new_password.data == form_pw.confirm_password.data: user_obj.change_password(form_pw.new_password.data) flash("Your password changed.") return redirect(url_for('users.change_pw')) else: flash("Confirm password does not matched.") return redirect(url_for('users.change_pw')) else: flash('Your current password is wrong.') return redirect(url_for('users.change_pw')) return render_template('user/change_pw.html', form_pw=form_pw)
def testUpdateUserLastName(self): User.add("user1", "passwd", '*****@*****.**', 'User1', 'One') u = User.getByUsername("user1") self.assertEqual(u.lastname, 'One') u.updateUserLastname('Two') u.save() u = User.getByUsername("user1") self.assertEqual(u.lastname, 'Two')
def testUpdateUserEmail(self): User.add("user1", "passwd", '*****@*****.**', 'User1', 'One') u = User.getByUsername("user1") self.assertEqual(u.email, '*****@*****.**') u.updateUserEmail('*****@*****.**') u.save() u = User.getByUsername("user1") self.assertEqual(u.email, '*****@*****.**')
def testUpdateUserEmail(self): User.add("user1","passwd",'*****@*****.**','User1','One') u = User.getByUsername("user1") self.assertEqual(u.email, '*****@*****.**') u.updateUserEmail('*****@*****.**') u.save() u = User.getByUsername("user1") self.assertEqual(u.email, '*****@*****.**')
def testUpdateUserLastName(self): User.add("user1","passwd",'*****@*****.**','User1','One') u = User.getByUsername("user1") self.assertEqual(u.lastname, 'One') u.updateUserLastname('Two') u.save() u = User.getByUsername("user1") self.assertEqual(u.lastname, 'Two')
def testMembEventQueryEmptyEvent(self): u = User.add('ringoStarr', '1234', '*****@*****.**') u2 = User.add('paulMcCartney', '1234', '*****@*****.**') e = Event.add("Concert", "body", 'hads', 'lol', "2013-09-10", "2013-09-12") memberships = EventMembership.getByEvent(5) self.assertEqual(memberships, []) memberships = EventMembership.getByEvent(10) self.assertEqual(memberships, [])
def PasswordRecoverAPI(request): information = {} cookie = request.get_signed_cookie(key='lpwd_ok', default=None) if request.method == 'GET': # GET METHOD: Si la cookie ya esta seteada, informo que ya esta en "tramite" el cambio de clave # si no esta seteada, leo los parametros, los valido. # En caso de ser parametos validos, seteo la cookie, envio el mail de recuperacion y informo el exito if cookie is None: information['recover-cookie'] = False return api.render_to_json(information) else: information['username'] = cookie.split('|')[0] information['email'] = cookie.split('|')[1] information['recover-cookie'] = True return api.render_to_json(information) elif request.method == 'POST': # POST METHOD: Si la cookie ya esta seteada, informo que ya esta en "tramite" el cambio de clave # si no esta seteada, informo lo contrario. if cookie != None: api.set_error(information,1,_("We have already send a password recovery email for your username.")) return api.render_to_json(information) else: params = api.json_to_dict(request.body) if params is None: # ERROR PARAMETROS INVALIDOS api.set_error(information,6,_('Invalid parameters')) return api.render_to_json(information); information['username'] = params.get('username', None) if not User.isValidUsername(information['username']): api.set_error(information,2,_('Invalid username')) return api.render_to_json(information) else: user = User.getByUsername(information['username']) if user is None: api.set_error(information,3,_("You haven't start the password recovery process")) return api.render_to_json(information) else: information['email'] = user.email; api.set_error(information,0) response = api.render_to_json(information) Crypt.set_secure_cookie(response,'lpwd_ok',information['username']+ '|' + information['email'] , expires=False, time=7200) api.sendRecoveryEmail(user); return response return render_to_response('passwd_recover.html',information,RequestContext(request)) else: return HttpResponseNotAllowed(['POST','GET'])
def testDeletingUserAfterLoginAndChangingDataGivesErrorCode3(self): response = self.client.post(self.live_server_url + '/api/signin', '{"username":"******", "password":"******"}', content_type='application/json') User.getByUsername('user1').delete() response = self.client.post( self.url + '/user1', '{"username":"******", "email":"*****@*****.**" ,"password":"******","vpassword":"******"}', content_type='application/json') info = json.loads(response.content) self.assertEqual(info['error-code'], 3)
def setUp(self): utils.init_test_database() self.new_user = User(username=TEST_USER['username'], password=User.generate_hash( TEST_USER['password']), name=TEST_USER['name'], surname=TEST_USER['surname'], email=TEST_USER['email']) self.new_user.save_to_db() self.revoken_token = RevokedTokenModel(id=1, jti='some string')
def testPasswordValidation(self): self.assertTrue(User.isValidPassword('abcdef12345_ghijk678')) #Normal characters self.assertTrue(User.isValidPassword('abcdef12345-ghijk678')) #Normal characters self.assertTrue(User.isValidPassword('abcdef1_345_ghijk678')) #Two Undercords self.assertTrue(User.isValidPassword('abcdef1-345-ghijk678')) #Two cords self.assertTrue(User.isValidPassword('123')) #ThreeChars self.assertTrue(User.isValidPassword('12345678901234567890')) #TwentyChars self.assertTrue(User.isValidPassword('randomchars++=?')) #Rare Characters self.assertFalse(User.isValidPassword('')) #Empty self.assertFalse(User.isValidPassword('12')) #TwoChars self.assertFalse(User.isValidPassword('123456789012345678901')) #TwentyOneChars
def setUp(self): utils.init_test_database() self.app = app.test_client() self.app.testing = True self.new_user = User(username=TEST_USER['username'], password=User.generate_hash( TEST_USER['password']), name=TEST_USER['name'], surname=TEST_USER['surname'], email=TEST_USER['email']) self.new_user.save_to_db()
def login(): if current_user.is_authenticated == True: return redirect(url_for('users.home', user_id=current_user._id)) form = LoginForm() if form.validate_on_submit(): phone_number = form.phone_number.data password = form.password.data remember_me = form.remember_me.data if '@' in phone_number and phone_number == Admin.find_admin_email( phone_number)["email"]: admin_data = Admin.find_admin_email(phone_number) if admin_data: admin = Admin.classify(name=admin_data["name"], family=admin_data["family"], email=admin_data["email"], password=admin_data["password"], permission=admin_data["permission"], _id=admin_data["_id"]) if admin.check_pw(password): session["email"] = admin.email login_user(user=admin, remember=remember_me) return redirect(url_for('admins.admin_home')) user_data = User.find_one(phone_number) if not user_data: flash('User does not exists.') return redirect(url_for('auth.register')) user = User.classify1(user_data) # check user account time # if user.account_time == 'None': # return redirect(url_for('payments.new_account', user_id=user._id)) # elif user.account_time if user.valid_phone_number(phone_number): if Utils.check_password(user.password, password): flash("Log in successful.") login_user(user, remember_me) if user.name == 'none': return redirect(url_for("users.info", user_id=user._id)) else: return redirect(url_for('users.home', user_id=user._id)) else: flash("Your password was wrong.") return redirect(url_for('auth.login')) else: flash("The user does not exist.") return redirect(url_for('auth.login')) return render_template('auth/login.html', form=form)
def SignInAPI(request): if request.method == 'POST': # POST METHOD: Aca valido la informacion de inicio de sesion params = api.json_to_dict(request.body) information = {} # Si los parametros son invalidos if params is None: api.set_error(information, 6, _("Invalid parameters")) return api.render_to_json(information) information['username'] = params.get('username', '') password = params.get('password', '') remember = params.get('remember', False) valid = User.isValidLogin(information['username'], password) if not valid: # ERROR NOMBRE DE USUARIO INEXISTENTE O CONTRASENA INCORRECTA api.set_error( information, 1, _("Username does not exist or password is incorrect")) return api.render_to_json(information) else: # NO HUBO ERRORES! user = User.getByUsername(information['username']) api.set_error(information, 0) response = api.render_to_json(information) if not remember: Crypt.set_secure_cookie( response, 'user_id', information['username'], expires=True) # Expira al cerrar el navegador if user.permission == 'AD': Crypt.set_secure_cookie( response, 'user_admin', information['username'] + 'AD', expires=True) # Expira al cerrar el navegador else: Crypt.set_secure_cookie(response, 'user_id', information['username'], expires=False) # No expira la cookie if user.permission == 'AD': Crypt.set_secure_cookie( response, 'user_admin', information['username'] + 'admin', expires=False) # Expira al cerrar el navegador return response else: return HttpResponseNotAllowed(['POST'])
def register(): form = RegisterForm() if request.method == 'POST': phone_number = form.phone_number.data upline_phone_number = form.upline_phone_number.data password = form.password.data password_c = form.password_c.data if not User.valid_phone_number(phone_number): if User.valid_phone_number(upline_phone_number): if password == password_c: new_user = User( phone_number=phone_number, upline_phone_number=upline_phone_number, password=Utils.set_password(password), ) new_user.register() new_user.connect_to_upline() return redirect(url_for('users.info', user_id=new_user._id)) else: flash("User exists with this phone number.") return redirect(url_for('register')) return render_template('user/register.html', form=form)
def info(): if current_user.name == 'none': form = ProfileForm() if request.method == 'POST': email = form.email.data name = form.name.data family = form.family_name.data gender = form.gender.data company = form.company.data birthday = form.birthday_day.data brtd = birthday.split('/') if len(brtd) is not 3: flash("Make sure Date Time is in correct format:\nYYYY/MM/DD") return redirect(url_for(url_for('users.info'))) if User.find_by_email(email): flash("This someone email address registered.") return redirect(url_for('users.info')) birthday = "-".join(brtd) current_user.profile(name, family, gender, company, email, birthday) # if user.account_time == 'None': # return redirect(url_for('payments.new_account', user_id=user._id)) return redirect(url_for('users.home')) return render_template('user/profile.html', form=form) return redirect(url_for('users.view_profile'))
def test_delete_user(self): with db_session: user = User(**self.user) response = self.test_app.delete('/v1/users/{}'.format(user.id)) self.assertEqual(response.status_code, 200)
def EventsByUserAPI(request): if request.method == 'GET': userPk = request.GET.get('pk') try: user = User.getByPk(userPk) memberships = EventMembership.objects.filter(user=user) except: returnData = {} returnData['error_code'] = 2 # User Not Found! returnData['error_description'] = _("User not found") return render_to_json(returnData) if memberships.count() == 0: return render_to_json([]) retVal = [] for membership in memberships: data = Event.objects.filter(pk=membership.event.pk) retVal.append({ "eventHead": data[0].head, "eventBody": data[0].body, "eventGame": data[0].game, "eventDate": str(data[0].date), "eventPk": data[0].pk, "membershipTeamName": membership.teamName, "membershipPaid": membership.paid }) response = HttpResponse(json.dumps(retVal), content_type='application/json') return response
def EventsByUserAPI(request): if request.method == 'GET': userPk = request.GET.get('pk') try: user = User.getByPk(userPk) memberships = EventMembership.objects.filter(user=user) except: returnData = {} returnData['error_code'] = 2 # User Not Found! returnData['error_description'] = _("User not found") return render_to_json(returnData); if memberships.count() == 0: return render_to_json( [] ); retVal = [] for membership in memberships: data = Event.objects.filter(pk=membership.event.pk) retVal.append( {"eventHead" : data[0].head, "eventBody" : data[0].body, "eventGame" : data[0].game, "eventDate" : str(data[0].date), "eventPk" : data[0].pk, "membershipTeamName" : membership.teamName, "membershipPaid" : membership.paid} ) response = HttpResponse( json.dumps(retVal), content_type='application/json') return response
def test_user_data_model(self): self.assertEqual(TEST_USER['username'], self.new_user.username) self.assertTrue( User.verify_hash(TEST_USER['password'], self.new_user.password)) self.assertEqual(TEST_USER['name'], self.new_user.name) self.assertEqual(TEST_USER['surname'], self.new_user.surname) self.assertEqual(TEST_USER['email'], self.new_user.email)
def testUserValidation(self): User.add("user1", "passwd", '*****@*****.**') User.add("user2", "passwd2", '*****@*****.**') result = User.isValidLogin("user1", "passwd") self.assertEqual(result, True) result = User.isValidLogin("user1", "passwd2") self.assertEqual(result, False) result = User.isValidLogin("user2", "passwd") self.assertEqual(result, False) result = User.isValidLogin("user2", "passwd2") self.assertEqual(result, True) result = User.isValidLogin("user", "passwd5") self.assertEqual(result, False)
def testUserValidation(self): User.add("user1","passwd",'*****@*****.**') User.add("user2","passwd2",'*****@*****.**') result = User.isValidLogin("user1","passwd") self.assertEqual(result, True) result = User.isValidLogin("user1","passwd2") self.assertEqual(result, False) result = User.isValidLogin("user2","passwd") self.assertEqual(result, False) result = User.isValidLogin("user2","passwd2") self.assertEqual(result, True) result = User.isValidLogin("user","passwd5") self.assertEqual(result, False)
def view_subsets(): sub = User.find_sub(current_user._id) if isinstance(sub, list) and len(sub) > 0: return render_template("user/view_subsets.html", sub=sub, count=len(sub)) flash("You have not any subsets yet!") return redirect(url_for('users.home', name=current_user.name))
def insert_by_type(self, to, user_email, _type): user_node = User.find_by_email(self.user_email) new_post = Node("Post", user_email=self.user_email, subject=self.subject, content=self.content, to=to, type_publication=self.type_publication, publish_date=self.publish_date, _id=self._id) graph.create(new_post) rel1 = Relationship(user_node, "PUBLISHED", new_post, type=_type) graph.create(rel1) user = User.find_by_email(user_email) rel2 = Relationship(new_post, "MESSAGE", user, type=_type) graph.create(rel2)
def get(self, id): """ Return user """ user = User.find_by_id(id) if user: return {'payload': {'user': user.to_json()}} return {"messages": "User not found"}, 404
def testNotExistingUserGivesErrorCode4(self): response = self.client.post(self.url,'{"username":"******"}',content_type='application/json') cookie = response.cookies.get('lpwd_ok').value.split(':')[0] self.assertEqual(cookie,'user1|[email protected]') u = User.getByUsername('user1') u.delete() response = self.client.post(self.user1_url, '{"password":"******","vpassword":"******"}',content_type='application/json') dic = json.loads(response.content) self.assertEqual(dic['error-code'],4)
def PasswordRecoverFormAPI(request, username): if request.method == 'POST': # POST METHOD: Realizo la validacion de los datos ingresados y cambio la contrasenia information = {} params = api.json_to_dict(request.body) # Si los parametros son invalidos if params is None: api.set_error(information,6,_('Invalid parameters')) return api.render_to_json(information); cookie = request.get_signed_cookie(key='lpwd_ok', default=None) if cookie is None: api.set_error(information,1,_("You haven't start the password recovery process")) return api.render_to_json(information) else: information['username'] = cookie.split('|')[0] password = params.get('password', '') vpassword = params.get('vpassword', '') api.set_error(information,0) if not User.isValidPassword(password): # Marco el error de password invaludo api.set_error(information,2,_("Invalid password")) elif password != vpassword: # Marco el error de passwords distintas api.set_error(information,3,_("Passwords don't match")) else: user = User.getByUsername(information['username']) if user is None: # Marco el error de usuario inexistente api.set_error(information,4,_("Username does not exist")) if information['error-code'] != 0: # Hubo errores return api.render_to_json(information) else: # TODO OK!! user.updateUserPassword(password) response = api.render_to_json(information) response.delete_cookie('lpwd_ok') return response else: return HttpResponseNotAllowed(['POST'])