def view_profile(user_id):
user = User.find_by_id(user_id)
if not User.check_follow_relation(current_user._id, user_id):
request.form.follow = "Follow"
else:
request.form.follow = "Un Follow"
return render_template("user/personal_page.html", user=user)
def profile(user_id):
form = ProfileForm()
form_pw = ChangePasswordForm()
if request.method == 'POST':
user_obj = User(session["phone_number"])
user_data = User.find_by_id(user_id)
if form.name.data is not None:
if user_obj.update_info(name=form.name.data,
family_name=form.family_name.data,
email=form.email.data,
birthday=form.birthday_day.data,
company=form.company.data,
gender=form.gender.data,
bio=form.bio.data):
flash("Profile view updated.")
return redirect(
url_for('users.profile', user_id=user_data["_id"]))
else:
return redirect(url_for('users.profile', user_id=user_data["_id"]))
return render_template("user/profile.html", form=form, form_pw=form_pw)
def new_post_pv():
form = NewMessage()
if request.method == 'POST':
subject = form.subject.data
to = form.to.data
content = form.content.data
if to.isalnum():
user = User.find_one(to)
user_email = user["email"]
else:
user = User.find_by_email(to)
user_email = user["email"]
if user_email:
Post(user_email=current_user.email,
subject=subject,
content=content,
type_publication="private").insert_by_type(
to=user_email, user_email=user_email, _type='private')
user = User.find_by_email(current_user.email)
flash("Message sent to {0}".format(to))
return redirect(url_for('messages.inbox', user_id=user["_id"]))
flash("There is no user with this email or phone number.")
return redirect(url_for('messages.new_post_pv'))
return render_template("message/new_pv.html", form=form)
def post(self):
data = self.parser.parse_args()
current_user = None
if data.get('username') and data.get('email'):
return {
'message':
'Use username or email not both at the same time to sign in'
}, 400
elif data.get('username'):
current_user = User.find_by_username(data['username'])
elif data.get('email'):
current_user = User.find_by_email(data['email'])
if current_user is None:
return {'message': "User does not exist"}, 404
if User.verify_hash(data['password'], current_user.password):
access_token = create_access_token(
identity=(data.get('username') or data.get('email')))
refresh_token = create_refresh_token(
identity=(data.get('username') or data.get('email')))
return {
'message': f'Logged in as {current_user.username}',
'access_token': access_token,
'refresh_token': refresh_token
}, 200, {
'Set-Cookie': 'access_token_cookie=' + access_token
}
else:
return {'message': 'Wrong credentials'}, 400
def testUpdateUserPassword(self):
u = User.add("user1","passwd",'*****@*****.**')
self.assertTrue(User.isValidLogin("user1","passwd"))
u.updateUserPassword("newpasswd")
u.save()
self.assertFalse(User.isValidLogin("user1","passwd"))
self.assertTrue(User.isValidLogin("user1","newpasswd"))
def put(self, id):
"""
Edit user data
"""
parser.replace_argument('password', required=False)
parser.replace_argument('username', required=False)
data = parser.parse_args()
user = User.find_by_id(id)
if not user:
return {"messages": "User not found"}, 404
username = data.get('username', None)
if username and User.find_by_username(username):
return {'message': f'User {username} already exists'}, 400
for key, value in data.items():
if data[key] is not None:
setattr(user, key, value)
try:
# Saving user in DB and Generating Access and Refresh token
user.save()
return {
'payload': {
'user': user.to_json(),
}
}, 200
except:
return {'message': 'Error while editing the user'}, 500
def replay(author):
form = NewMessage()
if request.method == 'POST':
subject = form.subject.data
content = form.content.data
to = form.to.data
if to.isalnum():
user = User.find_one(to)
user_email = user["email"]
else:
user = User.find_by_email(to)
user_email = user["email"]
if user and user_email != current_user.email:
Post(user_email=current_user.email,
subject=subject,
content=content,
type_publication="private").insert_by_type(
to=user_email, user_email=user_email)
user = User.find_by_email(current_user.email)
flash("Message sent to {0}".format(to))
return redirect(url_for('posts.inbox', user_id=user["_id"]))
else:
flash("Wrong user.")
return redirect(url_for('messages.inbox', user_id=user["_id"]))
form.to.data = author
return render_template("message/new_pv.html", form=form)
def admin_send_message():
if request.method == 'POST':
mode = request.form["radio"]
if mode == 'one':
email = request.form["user_email"]
user = User.find_by_email(email)
if user:
subject = request.form["title"]
content = request.form["content"]
Post("admin", subject, content).admin_insert_post_by_type(
current_user, email, 'private')
posts = Post.admin_sent_posts()
flash("Message sent to {0}".format(email))
return render_template("admin/home.html", posts=posts)
else:
flash(
"The user you choose by {} does not exist.".format(email))
return render_template("admin/send_message.html")
elif mode == 'all':
subject = request.form["title"]
content = request.form["content"]
users = User.admin_find_all_users()
new_post = Post("admin", subject, content)
new_post.admin_insert_post(current_user, 'private')
for user in users:
Post.connect(user.email, new_post._id, 'private')
posts = Post.admin_sent_posts()
flash("Post sent to all.")
return render_template("admin/home.html", posts=posts)
return render_template("admin/send_message.html")
def testUsersCreation(self):
u = User.add("user1","passwd",'*****@*****.**')
U = User.objects.filter(username = "******").get()
self.assertEqual(u, U)
u2 = User.add("user2", 'passwd','*****@*****.**')
U = User.objects.filter(username = "******").get()
self.assertEqual(u2, U)
def search(word):
word_ = word.strip()
if "@" in word_:
flash("Can not find any user by email address.")
return redirect(url_for('users.home'))
elif " " in word_:
name_family = word_.split(" ")
if len(name_family) == 2:
name, family = name_family
users = User.search_by_name_family(name=name, family=family)
return render_template("user/result.html", users=users)
elif len(name_family) == 3:
name, mid_name, family = name_family
users1 = User.search_by_name_family(name=name + mid_name,
family=family)
users2 = User.search_by_name_family(name=name,
family=mid_name + family)
users = users1 + users2
return render_template("user/result.html", users=users)
elif " " not in word_:
users = User.search_by_name_family(name=word_, family=word_)
return render_template("user/result.html", users=users)
flash("Could not find any user {}".format(word_))
return redirect(url_for('users.home'))
def post(self):
parser.replace_argument('password',
required=True,
help='password cannot be blank')
data = parser.parse_args()
username = data['username']
# Searching user by username
current_user = User.find_by_username(username)
# user does not exists
if not current_user:
return {'message': f'User {username} doesn\'t exist'}, 400
# user exists, comparing password and hash
if User.verify_hash(data['password'], current_user.password):
# generating access token and refresh token
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
return {
'payload': {
'user': current_user.to_json(),
'access_token': access_token,
'refresh_token': refresh_token
}
}, 200
else:
return {'message': 'Wrong credentials'}, 400
def testUpdateUserPassword(self):
u = User.add("user1", "passwd", '*****@*****.**')
self.assertTrue(User.isValidLogin("user1", "passwd"))
u.updateUserPassword("newpasswd")
u.save()
self.assertFalse(User.isValidLogin("user1", "passwd"))
self.assertTrue(User.isValidLogin("user1", "newpasswd"))
def login():
form = LoginForm()
if request.method == 'POST':
phone_number = form.phone_number.data
password = form.password.data
user_obj = User(phone_number)
if user_obj:
if user_obj.verify_password(password):
flash("Log in successful.")
# if user["email"]:
# session["email"] = user["email"]
# else:
user_data = User.find_by_phone_number(user_obj.phone_number)
session["phone_number"] = user_data["phone_number"]
print(user_data["_id"])
# return render_template("user/home.html", loged_in=True)
return redirect(url_for('users.home',
user_id=user_data["_id"]))
else:
flash("The password is wrong.")
return render_template("user/login.html", form=form)
else:
flash("The user does not exist.")
return redirect(url_for('users.register'))
return render_template('user/login.html', form=form)
def testUsersCreation(self):
u = User.add("user1", "passwd", '*****@*****.**')
U = User.objects.filter(username="******").get()
self.assertEqual(u, U)
u2 = User.add("user2", 'passwd', '*****@*****.**')
U = User.objects.filter(username="******").get()
self.assertEqual(u2, U)
def SignUpAPI(request):
if request.method == 'POST':
# POST METHOD: Aca valido la informacion de creacion de usuario
# Obtengo los parametros del JSON enviado
params = api.json_to_dict(request.body)
information = {}
# Si los parametros son invalidos
if params is None:
# ERROR PARAMETROS INVALIDOS
api.set_error(information,6,_("Invalid parameters"))
return api.render_to_json(information);
# Obtengo la informacon ingresada
information['username'] = params.get('username', '')
password = params.get('password', '')
vpassword = params.get('vpassword', '')
information['email'] = params.get('email', '')
information['name'] = params.get('name', '')
information['lastname'] = params.get('lastname', '')
information['country'] = params.get('country', '')
# NO ERROR!
api.set_error(information,0)
leave_open = params.get('remember',None)
# Valido los datos.
if not User.isValidUsername(information['username']):
# ERROR NOMBRE DE USUARIO INVALIDO
api.set_error(information,1,_("Invalid username"))
elif not User.isValidPassword(password):
# Marco el error de password invaludo
# ERROR CLAVE INVALIDA
api.set_error(information,2,_("Invalid password"))
elif password != vpassword:
# Marco el error de passwords distintas
# ERROR CLAVES NO SON IDENTICAS
api.set_error(information,3,_("Passwords don't match"))
elif not User.isValidEmail(information['email']):
# Marco el error de password invaludo
# ERROR EMAIL INVALIDO
api.set_error(information,4,_('Invalid mail'))
else:
user = User.add(information['username'],password,information['email'],information['name'], information['lastname']);
if user == None:
# Marco el error de usuario ya existente
# ERROR USUARIO YA EXISTE
api.set_error(information,5,_("Username already exists"))
if information['error-code'] != 0:
# Hubo un error al crear el usuario. Envio el diccionario en formato json
return api.render_to_json(information);
else:
# Se creo un usuario, redirijo pero seteo la cookie para identificar
response = api.render_to_json(information)
Crypt.set_secure_cookie(response,'user_id',information['username'],expires=True) # Expira al cerrar el navegador
return response
else:
return HttpResponseNotAllowed(['POST'])
def change_pw():
form_pw = ChangePasswordForm()
if request.method == 'POST':
user_obj = User(session["phone_number"])
# user_data = user_obj.find_by_id(session["phone_number"])
if form_pw.current_password.data is not None and form_pw.new_password.data is not None:
if user_obj.verify_password(form_pw.current_password.data):
if form_pw.new_password.data == form_pw.confirm_password.data:
user_obj.change_password(form_pw.new_password.data)
flash("Your password changed.")
return redirect(url_for('users.change_pw'))
else:
flash("Confirm password does not matched.")
return redirect(url_for('users.change_pw'))
else:
flash('Your current password is wrong.')
return redirect(url_for('users.change_pw'))
return render_template('user/change_pw.html', form_pw=form_pw)
def testUpdateUserLastName(self):
User.add("user1", "passwd", '*****@*****.**', 'User1', 'One')
u = User.getByUsername("user1")
self.assertEqual(u.lastname, 'One')
u.updateUserLastname('Two')
u.save()
u = User.getByUsername("user1")
self.assertEqual(u.lastname, 'Two')
def testUpdateUserEmail(self):
User.add("user1", "passwd", '*****@*****.**', 'User1', 'One')
u = User.getByUsername("user1")
self.assertEqual(u.email, '*****@*****.**')
u.updateUserEmail('*****@*****.**')
u.save()
u = User.getByUsername("user1")
self.assertEqual(u.email, '*****@*****.**')
def testUpdateUserEmail(self):
User.add("user1","passwd",'*****@*****.**','User1','One')
u = User.getByUsername("user1")
self.assertEqual(u.email, '*****@*****.**')
u.updateUserEmail('*****@*****.**')
u.save()
u = User.getByUsername("user1")
self.assertEqual(u.email, '*****@*****.**')
def testUpdateUserLastName(self):
User.add("user1","passwd",'*****@*****.**','User1','One')
u = User.getByUsername("user1")
self.assertEqual(u.lastname, 'One')
u.updateUserLastname('Two')
u.save()
u = User.getByUsername("user1")
self.assertEqual(u.lastname, 'Two')
def testMembEventQueryEmptyEvent(self):
u = User.add('ringoStarr', '1234', '*****@*****.**')
u2 = User.add('paulMcCartney', '1234', '*****@*****.**')
e = Event.add("Concert", "body", 'hads', 'lol', "2013-09-10",
"2013-09-12")
memberships = EventMembership.getByEvent(5)
self.assertEqual(memberships, [])
memberships = EventMembership.getByEvent(10)
self.assertEqual(memberships, [])
def PasswordRecoverAPI(request):
information = {}
cookie = request.get_signed_cookie(key='lpwd_ok', default=None)
if request.method == 'GET':
# GET METHOD: Si la cookie ya esta seteada, informo que ya esta en "tramite" el cambio de clave
# si no esta seteada, leo los parametros, los valido.
# En caso de ser parametos validos, seteo la cookie, envio el mail de recuperacion y informo el exito
if cookie is None:
information['recover-cookie'] = False
return api.render_to_json(information)
else:
information['username'] = cookie.split('|')[0]
information['email'] = cookie.split('|')[1]
information['recover-cookie'] = True
return api.render_to_json(information)
elif request.method == 'POST':
# POST METHOD: Si la cookie ya esta seteada, informo que ya esta en "tramite" el cambio de clave
# si no esta seteada, informo lo contrario.
if cookie != None:
api.set_error(information,1,_("We have already send a password recovery email for your username."))
return api.render_to_json(information)
else:
params = api.json_to_dict(request.body)
if params is None:
# ERROR PARAMETROS INVALIDOS
api.set_error(information,6,_('Invalid parameters'))
return api.render_to_json(information);
information['username'] = params.get('username', None)
if not User.isValidUsername(information['username']):
api.set_error(information,2,_('Invalid username'))
return api.render_to_json(information)
else:
user = User.getByUsername(information['username'])
if user is None:
api.set_error(information,3,_("You haven't start the password recovery process"))
return api.render_to_json(information)
else:
information['email'] = user.email;
api.set_error(information,0)
response = api.render_to_json(information)
Crypt.set_secure_cookie(response,'lpwd_ok',information['username']+ '|' + information['email'] , expires=False, time=7200)
api.sendRecoveryEmail(user);
return response
return render_to_response('passwd_recover.html',information,RequestContext(request))
else:
return HttpResponseNotAllowed(['POST','GET'])
def testDeletingUserAfterLoginAndChangingDataGivesErrorCode3(self):
response = self.client.post(self.live_server_url + '/api/signin',
'{"username":"******", "password":"******"}',
content_type='application/json')
User.getByUsername('user1').delete()
response = self.client.post(
self.url + '/user1',
'{"username":"******", "email":"*****@*****.**" ,"password":"******","vpassword":"******"}',
content_type='application/json')
info = json.loads(response.content)
self.assertEqual(info['error-code'], 3)
def setUp(self):
utils.init_test_database()
self.new_user = User(username=TEST_USER['username'],
password=User.generate_hash(
TEST_USER['password']),
name=TEST_USER['name'],
surname=TEST_USER['surname'],
email=TEST_USER['email'])
self.new_user.save_to_db()
self.revoken_token = RevokedTokenModel(id=1, jti='some string')
def testPasswordValidation(self):
self.assertTrue(User.isValidPassword('abcdef12345_ghijk678')) #Normal characters
self.assertTrue(User.isValidPassword('abcdef12345-ghijk678')) #Normal characters
self.assertTrue(User.isValidPassword('abcdef1_345_ghijk678')) #Two Undercords
self.assertTrue(User.isValidPassword('abcdef1-345-ghijk678')) #Two cords
self.assertTrue(User.isValidPassword('123')) #ThreeChars
self.assertTrue(User.isValidPassword('12345678901234567890')) #TwentyChars
self.assertTrue(User.isValidPassword('randomchars++=?')) #Rare Characters
self.assertFalse(User.isValidPassword('')) #Empty
self.assertFalse(User.isValidPassword('12')) #TwoChars
self.assertFalse(User.isValidPassword('123456789012345678901')) #TwentyOneChars
def setUp(self):
utils.init_test_database()
self.app = app.test_client()
self.app.testing = True
self.new_user = User(username=TEST_USER['username'],
password=User.generate_hash(
TEST_USER['password']),
name=TEST_USER['name'],
surname=TEST_USER['surname'],
email=TEST_USER['email'])
self.new_user.save_to_db()
def login():
if current_user.is_authenticated == True:
return redirect(url_for('users.home', user_id=current_user._id))
form = LoginForm()
if form.validate_on_submit():
phone_number = form.phone_number.data
password = form.password.data
remember_me = form.remember_me.data
if '@' in phone_number and phone_number == Admin.find_admin_email(
phone_number)["email"]:
admin_data = Admin.find_admin_email(phone_number)
if admin_data:
admin = Admin.classify(name=admin_data["name"],
family=admin_data["family"],
email=admin_data["email"],
password=admin_data["password"],
permission=admin_data["permission"],
_id=admin_data["_id"])
if admin.check_pw(password):
session["email"] = admin.email
login_user(user=admin, remember=remember_me)
return redirect(url_for('admins.admin_home'))
user_data = User.find_one(phone_number)
if not user_data:
flash('User does not exists.')
return redirect(url_for('auth.register'))
user = User.classify1(user_data)
# check user account time
# if user.account_time == 'None':
# return redirect(url_for('payments.new_account', user_id=user._id))
# elif user.account_time
if user.valid_phone_number(phone_number):
if Utils.check_password(user.password, password):
flash("Log in successful.")
login_user(user, remember_me)
if user.name == 'none':
return redirect(url_for("users.info", user_id=user._id))
else:
return redirect(url_for('users.home', user_id=user._id))
else:
flash("Your password was wrong.")
return redirect(url_for('auth.login'))
else:
flash("The user does not exist.")
return redirect(url_for('auth.login'))
return render_template('auth/login.html', form=form)
def SignInAPI(request):
if request.method == 'POST':
# POST METHOD: Aca valido la informacion de inicio de sesion
params = api.json_to_dict(request.body)
information = {}
# Si los parametros son invalidos
if params is None:
api.set_error(information, 6, _("Invalid parameters"))
return api.render_to_json(information)
information['username'] = params.get('username', '')
password = params.get('password', '')
remember = params.get('remember', False)
valid = User.isValidLogin(information['username'], password)
if not valid:
# ERROR NOMBRE DE USUARIO INEXISTENTE O CONTRASENA INCORRECTA
api.set_error(
information, 1,
_("Username does not exist or password is incorrect"))
return api.render_to_json(information)
else:
# NO HUBO ERRORES!
user = User.getByUsername(information['username'])
api.set_error(information, 0)
response = api.render_to_json(information)
if not remember:
Crypt.set_secure_cookie(
response, 'user_id', information['username'],
expires=True) # Expira al cerrar el navegador
if user.permission == 'AD':
Crypt.set_secure_cookie(
response,
'user_admin',
information['username'] + 'AD',
expires=True) # Expira al cerrar el navegador
else:
Crypt.set_secure_cookie(response,
'user_id',
information['username'],
expires=False) # No expira la cookie
if user.permission == 'AD':
Crypt.set_secure_cookie(
response,
'user_admin',
information['username'] + 'admin',
expires=False) # Expira al cerrar el navegador
return response
else:
return HttpResponseNotAllowed(['POST'])
def register():
form = RegisterForm()
if request.method == 'POST':
phone_number = form.phone_number.data
upline_phone_number = form.upline_phone_number.data
password = form.password.data
password_c = form.password_c.data
if not User.valid_phone_number(phone_number):
if User.valid_phone_number(upline_phone_number):
if password == password_c:
new_user = User(
phone_number=phone_number,
upline_phone_number=upline_phone_number,
password=Utils.set_password(password),
)
new_user.register()
new_user.connect_to_upline()
return redirect(url_for('users.info',
user_id=new_user._id))
else:
flash("User exists with this phone number.")
return redirect(url_for('register'))
return render_template('user/register.html', form=form)
def info():
if current_user.name == 'none':
form = ProfileForm()
if request.method == 'POST':
email = form.email.data
name = form.name.data
family = form.family_name.data
gender = form.gender.data
company = form.company.data
birthday = form.birthday_day.data
brtd = birthday.split('/')
if len(brtd) is not 3:
flash("Make sure Date Time is in correct format:\nYYYY/MM/DD")
return redirect(url_for(url_for('users.info')))
if User.find_by_email(email):
flash("This someone email address registered.")
return redirect(url_for('users.info'))
birthday = "-".join(brtd)
current_user.profile(name, family, gender, company, email,
birthday)
# if user.account_time == 'None':
# return redirect(url_for('payments.new_account', user_id=user._id))
return redirect(url_for('users.home'))
return render_template('user/profile.html', form=form)
return redirect(url_for('users.view_profile'))
def test_delete_user(self):
with db_session:
user = User(**self.user)
response = self.test_app.delete('/v1/users/{}'.format(user.id))
self.assertEqual(response.status_code, 200)
def EventsByUserAPI(request):
if request.method == 'GET':
userPk = request.GET.get('pk')
try:
user = User.getByPk(userPk)
memberships = EventMembership.objects.filter(user=user)
except:
returnData = {}
returnData['error_code'] = 2 # User Not Found!
returnData['error_description'] = _("User not found")
return render_to_json(returnData)
if memberships.count() == 0:
return render_to_json([])
retVal = []
for membership in memberships:
data = Event.objects.filter(pk=membership.event.pk)
retVal.append({
"eventHead": data[0].head,
"eventBody": data[0].body,
"eventGame": data[0].game,
"eventDate": str(data[0].date),
"eventPk": data[0].pk,
"membershipTeamName": membership.teamName,
"membershipPaid": membership.paid
})
response = HttpResponse(json.dumps(retVal),
content_type='application/json')
return response
def EventsByUserAPI(request):
if request.method == 'GET':
userPk = request.GET.get('pk')
try:
user = User.getByPk(userPk)
memberships = EventMembership.objects.filter(user=user)
except:
returnData = {}
returnData['error_code'] = 2 # User Not Found!
returnData['error_description'] = _("User not found")
return render_to_json(returnData);
if memberships.count() == 0:
return render_to_json( [] );
retVal = []
for membership in memberships:
data = Event.objects.filter(pk=membership.event.pk)
retVal.append( {"eventHead" : data[0].head, "eventBody" : data[0].body,
"eventGame" : data[0].game, "eventDate" : str(data[0].date),
"eventPk" : data[0].pk, "membershipTeamName" : membership.teamName,
"membershipPaid" : membership.paid} )
response = HttpResponse( json.dumps(retVal), content_type='application/json')
return response
def test_user_data_model(self):
self.assertEqual(TEST_USER['username'], self.new_user.username)
self.assertTrue(
User.verify_hash(TEST_USER['password'], self.new_user.password))
self.assertEqual(TEST_USER['name'], self.new_user.name)
self.assertEqual(TEST_USER['surname'], self.new_user.surname)
self.assertEqual(TEST_USER['email'], self.new_user.email)
def testUserValidation(self):
User.add("user1", "passwd", '*****@*****.**')
User.add("user2", "passwd2", '*****@*****.**')
result = User.isValidLogin("user1", "passwd")
self.assertEqual(result, True)
result = User.isValidLogin("user1", "passwd2")
self.assertEqual(result, False)
result = User.isValidLogin("user2", "passwd")
self.assertEqual(result, False)
result = User.isValidLogin("user2", "passwd2")
self.assertEqual(result, True)
result = User.isValidLogin("user", "passwd5")
self.assertEqual(result, False)
def testUserValidation(self):
User.add("user1","passwd",'*****@*****.**')
User.add("user2","passwd2",'*****@*****.**')
result = User.isValidLogin("user1","passwd")
self.assertEqual(result, True)
result = User.isValidLogin("user1","passwd2")
self.assertEqual(result, False)
result = User.isValidLogin("user2","passwd")
self.assertEqual(result, False)
result = User.isValidLogin("user2","passwd2")
self.assertEqual(result, True)
result = User.isValidLogin("user","passwd5")
self.assertEqual(result, False)
def view_subsets():
sub = User.find_sub(current_user._id)
if isinstance(sub, list) and len(sub) > 0:
return render_template("user/view_subsets.html",
sub=sub,
count=len(sub))
flash("You have not any subsets yet!")
return redirect(url_for('users.home', name=current_user.name))
def insert_by_type(self, to, user_email, _type):
user_node = User.find_by_email(self.user_email)
new_post = Node("Post", user_email=self.user_email,
subject=self.subject,
content=self.content,
to=to,
type_publication=self.type_publication,
publish_date=self.publish_date,
_id=self._id)
graph.create(new_post)
rel1 = Relationship(user_node, "PUBLISHED", new_post, type=_type)
graph.create(rel1)
user = User.find_by_email(user_email)
rel2 = Relationship(new_post, "MESSAGE", user, type=_type)
graph.create(rel2)
def get(self, id):
"""
Return user
"""
user = User.find_by_id(id)
if user:
return {'payload': {'user': user.to_json()}}
return {"messages": "User not found"}, 404
def testNotExistingUserGivesErrorCode4(self):
response = self.client.post(self.url,'{"username":"******"}',content_type='application/json')
cookie = response.cookies.get('lpwd_ok').value.split(':')[0]
self.assertEqual(cookie,'user1|[email protected]')
u = User.getByUsername('user1')
u.delete()
response = self.client.post(self.user1_url, '{"password":"******","vpassword":"******"}',content_type='application/json')
dic = json.loads(response.content)
self.assertEqual(dic['error-code'],4)
def PasswordRecoverFormAPI(request, username):
if request.method == 'POST':
# POST METHOD: Realizo la validacion de los datos ingresados y cambio la contrasenia
information = {}
params = api.json_to_dict(request.body)
# Si los parametros son invalidos
if params is None:
api.set_error(information,6,_('Invalid parameters'))
return api.render_to_json(information);
cookie = request.get_signed_cookie(key='lpwd_ok', default=None)
if cookie is None:
api.set_error(information,1,_("You haven't start the password recovery process"))
return api.render_to_json(information)
else:
information['username'] = cookie.split('|')[0]
password = params.get('password', '')
vpassword = params.get('vpassword', '')
api.set_error(information,0)
if not User.isValidPassword(password):
# Marco el error de password invaludo
api.set_error(information,2,_("Invalid password"))
elif password != vpassword:
# Marco el error de passwords distintas
api.set_error(information,3,_("Passwords don't match"))
else:
user = User.getByUsername(information['username'])
if user is None:
# Marco el error de usuario inexistente
api.set_error(information,4,_("Username does not exist"))
if information['error-code'] != 0:
# Hubo errores
return api.render_to_json(information)
else:
# TODO OK!!
user.updateUserPassword(password)
response = api.render_to_json(information)
response.delete_cookie('lpwd_ok')
return response
else:
return HttpResponseNotAllowed(['POST'])